Jump to content

How to restrict Remote Desktop connection to specific IP address only - rules aren't working


Go to solution Solved by itman,

Recommended Posts

I have tried this using both ESET internet security 17.2.7.0 firewall and windows defender firewall to create a rule for test purposes to block all traffic going to port 4002 so I can then add a specific IP that is allowed to connect for RDP.  I've tried this so many times and nothing works.  Can someone please advise me what is the best way to block all traffic to a specific port other than specific IP's that are allowed?  Every time I've tried this to connect my other home computer using local network IP and my internet connection IP my other computer is able to still connect through RDP and the rule doesn't work.  Something has to be overriding the rules I create is my only guess.  My Windows 11 PC has been changed to port 4002 in regedit.Screenshot2024-08-30084342.thumb.png.6324253e49b840b368c708a01a86bb8b.png

Edited by azseang
Link to comment
Share on other sites

  • Administrators

You should put the permissive rule above the blocking rule that blocks network communication on the local port 4002. Remove the remote port as it is selected automatically by Windows on the computer from which the communication is initiated.

Link to comment
Share on other sites

20 minutes ago, Marcos said:

You should put the permissive rule above the blocking rule that blocks network communication on the local port 4002. Remove the remote port as it is selected automatically by Windows on the computer from which the communication is initiated.

Thanks for the quick response.  I haven't created a permissive rule yet as I'm trying to confirm that the rule will block any attempts on that port.  I removed the remote port and tried again.  I even connected my other PC to a VPN wondering if being within the same network could have something to do with it.  I'm still able to connect RDP within and from outside my local network.  It's as if the rule isn't even there to block traffic on that port and connects right through it.

Link to comment
Share on other sites

43 minutes ago, Marcos said:

Try to put the blocking rule above the default (built-in) rules then.

That worked!  Thank you, I'm finally making progress.  Now I added a new permission for my local network and internet IP. I've tried having the permission above and below the blocking rule but the blocking rule seems overrule the allowed IP's and nothing gets through.  Is there a way to create the blocking rule with an exception for the IP's I want to allow in?  Thanks again for your help, really appreciate it after struggling with this for too long.

Screenshot 2024-08-30 102746.png

Link to comment
Share on other sites

37 minutes ago, azseang said:

That worked!  Thank you, I'm finally making progress.  Now I added a new permission for my local network and internet IP. I've tried having the permission above and below the blocking rule but the blocking rule seems overrule the allowed IP's and nothing gets through.  Is there a way to create the blocking rule with an exception for the IP's I want to allow in?  Thanks again for your help, really appreciate it after struggling with this for too long.

Screenshot 2024-08-30 102746.png

I tried changing the permission rule to "Any" instead of specific IP's and I'm able to connect.  But if I add the local or internet ip address to connect within or from outside local network the block rule stops it again.  Can't figure out how to make the exception for the one IP while blocking all others.

Link to comment
Share on other sites

4 minutes ago, azseang said:

I tried changing the permission rule to "Any" instead of specific IP's and I'm able to connect.  But if I add the local or internet ip address to connect within or from outside local network the block rule stops it again.  Can't figure out how to make the exception for the one IP while blocking all others.

My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device.

Remove the localhost IP address and see if your allow RDP rule now works.

Edited by itman
Link to comment
Share on other sites

Posted (edited)
27 minutes ago, itman said:

My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device.

Remove the localhost IP address and see if your allow RDP rule now works.

I've tried every possible way I can think of.  If I have any IP address specified for local or remote host the block rule stops the connection.  If I add either the local or remote address or both nothing can connect and I get a notification for the block rule stopping the connection.  The only way it's connecting now is if I have both local and remote set to any for the allow rule.  Then I get the allow rule notification after connecting through RDP.

Is there any way to do this with one rule?  Block all with an exception for the IP I want to be able to connect?  When I try to allow either local or remote IP the block rule seem to overrule the allow rule.  I've tried changing the order of the rules also with the same result.  The only way any connection goes through is if I have the allow rule set to "any" for remote and local host.

Edited by azseang
Link to comment
Share on other sites

58 minutes ago, itman said:

My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device.

Remove the localhost IP address and see if your allow RDP rule now works.

I tried connecting to a VPN and adding the VPN IP address to the allow rule and was able to get connected.  So I think it might be working.  Very confused by why when I add my home ip address where I'm testing this from I can't get the allow rule to work for my own IP.  But the VPN IP gets through.  Also can't connect locally if I have any IP address under remote host.  Any idea what would cause this?  I just want to be confident this is working correctly.  Thanks for your help.

Link to comment
Share on other sites

  • Solution
1 hour ago, azseang said:

I tried connecting to a VPN and adding the VPN IP address to the allow rule and was able to get connected.  So I think it might be working. 

Believe I know what is the problem.

The Eset firewall is stateful. That is it is not going to allow any inbound TCP traffic unless it was in response to a prior outbound TCP request. Assumed is Eset set up an internal rule exception for local port 3389 which is the default port for RDP. Review Eset default firewall rules for RDP for further reference.

Link to comment
Share on other sites

29 minutes ago, itman said:

Believe I know what is the problem.

The Eset firewall is stateful. That is it is not going to allow any inbound TCP traffic unless it was in response to a prior outbound TCP request. Assumed is Eset set up an internal rule exception for local port 3389 which is the default port for RDP. Review Eset default firewall rules for RDP for further reference.

Thank you again for the help.  I've done several other tests from two other computers using both a VPN and mobile wifi hotspot.  When I allow those IP's I can connect.  So I'm pretty sure it's doing what I want..  Wish I would have tested the VPN earlier on before wasting a ton of time confused why I couldn't connect from my own home IP.  As long as it seems to be working the way I want to only allow the specific IP's I don't need to connect from my home IP anyways, that was just for testing so I'll just leave that as it is and stay confused about that one. lol  Thank you @itman and @Marcos for the quick responses.  I really appreciate it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...