C
C
ChikiHh2018-01-10 17:30:28
Mikrotik
ChikiHh, 2018-01-10 17:30:28

Doesn't connect on forwarded rdp port if someone is already connected from another external IP?

Hello, friends. I'm asking for help in investigating an unknown problem. In general, the essence is this. There is an office with a dedicated white IP, the mikrotik router receives settings from the provider via DHCP, port forwarding is configured on the router so that from the outside on the port (say 51222) you can connect via rdp to the terminal server (the ProxMox hypervisor is installed on the hardware, Windows server 2012 is installed on it ).
The problem is this. If someone connected via rdp on a forwarded port - suppose from an external address - 2.2.2.2, then another person who is on a different external ip (let's say 3.3.3.3) on the same port will not be able to connect - there will be several attempts without a response (not connection failed, server not found, etc.). If you connect from the same local network as the first connection, i.e. with the same external ip (2.2.2.2), then everything is fine - the connection is established. If on Mikrotik we forward one more port to the server - say 51223, then everything will connect on a different port, but again - if we try to connect to the second client on a new port (51223) from a different external ip, it will not connect again.
I don't know what could be.
Simple steps - I tried everything (turned off the firewall, changed the rdp port from Windows itself, even installed a clean system)
Also, although I’m not strong in this, I use a traffic sniffer and at the bottom of the picture an attempt to connect to a port on which there is already a connection, at the top a successful connection on a different port.
5a563f6e5d26c794912037.png
PS Mikrotik brought from home (dumped, set up again) - the same thing, that is, the problem is not in the network equipment, but most likely in Proxmox.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
P
Prez, 2018-01-18
@Prez

I would bring a Mikrotik from home to make sure that the problem is / is not in it. At least it becomes clear where to dig further.

I
I_Rusakov, 2018-01-22
@I_Rusakov

And it is possible the NAT rule in sdudiyu?
add action=dst-nat chain=dstnat comment=rdp !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content \
disabled=no !dscp dst-address=2.2.2.2 !dst- address-list !dst-address-type !dst-limit dst-port=2.2.2.2 !fragment !hotspot !icmp-options \
!in-bridge-port !in-bridge-port-list !in-interface !in- interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=yes \
log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out- interface !out-interface-list !packet-mark !packet-size !per-connection-classifier \
!port !priority protocol=tcp !psd !random !routing-mark !routing-table !src-address !src-address- list !src-address-type !src-mac-address !src-port \
!tcp-mss !time to-addresses=1.1.1.1 to-ports=3389 !ttl
this works for me.

D
Dmitry Skoromnov, 2018-01-25
@kursy-po-it

If everything is configured correctly, then several clients on the same port will definitely be able to connect. Look at the correct forwarding setting: For_ http://mikrotik.vetriks.ru/wiki/beginners: Forwarding...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question