RDP drop firewall

Support
,
1

NethServer Version: 7.3.1611
Module: firewall
I set up access through RDP (3389). But after the connection, I got the error “connection lost” and I can not connect any more. In the logs appears an inscription
Shorewall:net2fw:DROP:IN=eth1 OUT= MAC=00:хх:хх:хх:00:00:00:хх:хх:хх:01:хх:0х:00 SRC=176.ххх.х00.ххх DST=ххх.ххх.ххх.ххх LEN=1260 TOS=0x00 PREC=0x00 TTL=115 ID=22431 PROTO=UDP SPT=56823 DPT=3389 LEN=1240

P.S.
I read http://shorewall.org/FAQ.htm
(FAQ 85) Shorewall is rejecting connections from my local lan because it thinks they are coming from the ‘net’ zone.

I’m seeing this in my log:

Aug 31 16:51:24 fw22 kernel: Shorewall:net2fw:DROP:IN=eth5 OUT= MAC=00:0c:29:74:9c:0c:08:00:20:b2:5f:db:08:00
SRC=10.1.50.14 DST=10.1.50.7 LEN=57 TOS=0x00 PREC=0x00 TTL=255 ID=32302 DF
PROTO=UDP SPT=53289 DPT=53 LEN=37
Answer: This occurs when the external interface and an internal interface are connected to the same switch or hub. See this article for details. The solution is to never connect more than one firewall interface to the same hub or switch (an obvious exception is that when you have a switch that supports VLAN tagging and the interfaces are associated with different VLANs).

Perhaps this is my case? But I can not understand what I need to do?

2

It’s really difficult to tell from your entry, based on all the needed information being masked out.

But, if you really do have both your internal and external interfaces connected to the same switch, then the answer is obvious: Don’t do that!

Cheers.

3

My scheme. A computer with a Windows server has 4 network cards. In Windows, the services of DNS and DHCP are configured. Also in Windows is used a hypper-v. In which NS is installed. And network cards are thrown. The NS in the hypper-v is used as a proxy. 3 network cards are used.

4

Hi, as I understand Your problem 3 cards used 1 spare is used for lan and wan then You need to use vlans to separate those two. Cheers.

5

1 lan card 192.168.1.2 (windows server)
2 lan card 192.168.1.3(green) (hyper-v)
3 lan card xxx.xxx.xxx.xxx (red) (hyper-v)
How to setup VLANs?