TransWikia.com

Can't connect to specific IP address and/or TCP port - can the ISP be blocking it?

Server Fault Asked by Reece on December 13, 2020

I have a RDP user who has successfully been using RDP from his laptop to his workstation in our office when he is at home.
It is configured to use our public IP and port 10378 and has been working fine until about 2 weeks ago when it just stopped working for him.

  • I’ve checked this RDP profile (IP:PORT) config from numerous other external IPs and all of them can connect OK
  • I’ve also got two other RDP users for this office with similar configs but with different ports and neither of those are working for his laptop when
    he is at home, but they are working from any other external PC I test
    with
  • From his laptop, I’ve tried RDP to another server on a
    different public IP address using standard 3389, and another
    different public IP using TCP 4321. Both of these connect OK
  • From his wife’s laptop on the same home internet connection, I cannot connect to his RDP config or the other two
  • Take his laptop away from home, connect to a different internet connection (even an iPhone personal hotspot at home) and the RDP config works fine

I’ve checked our Firewall’s policies and the port forwards are still as they were when it was working fine. The allowed external IP’s is still set to ‘ANY’ and the desktop PC is still listening on the same RDP port I configured months ago.

Can it be that the ISP for his home internet connection is blocking traffic to one specific IP address? Or a few specific TCP Ports?

How can I test and prove this? Or what else could it be?

I tried to ask this on Network Engineering but was shunned for being off-topic, so I’m coming here hoping someone may be able to help…

2 Answers

Old topic, but I want to warn future readers that presenting RDP directly to the Internet - even on a nonstandard port - is an incredibly bad idea.

Set up a secure VPN from the user’s laptop to a network or to a specific machine in their workplace and run RDP traffic through that encrypted tunnel. This solves the possible issue of RDP traffic being intercepted by the ISP, and it works around possible weaknesses in the RDP protocol security.

Answered by Mikael H on December 13, 2020

Yes - ISP's can and do block certain services on residential broadband links. It's also possible that the router/firewall combo at the user's house is blocking connections to some ports.

Here are some steps to confirm-

  1. Eliminate the home router: Confirm that the router configuration isn't doing some kind of blocking (to potentially include app recognition mechanisms looking for non-standard ports, etc). If this is inconclusive then you can try either connecting the user's computer directly to the Internet connection or an alternate (and known-working) firewall.

  2. If it's still not working on the direct connection then it makes sense to break out the sniffer. Install Wireshark and capture all traffic while attempting to initiate a connection. Confirm that the packet is as expected, look for the TCP handshake and, more importantly, look for any kind of ICMP unreachable messages coming back (port administratively prohibited, etc). If you're seeing ICMP coming back note whether it's coming from somewhere within the carrier or from the far end (i.e. the corporate edge router or firewall).

  3. It also may be helpful to set up another sniffer at the corporate side to confirm whether packets are making it at all. If, for example, you're seeing TCP SYN packets coming in but nothing going back then you'd want to figure out why. If you're seeing SYN come in from the user's side and ACK go back but that ACK doesn't show up at the user's side then that indicates something else may be blocked (..this is unlikely).

Answered by rnxrx on December 13, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP