New OpenWRT user here. I recently setup OpenWRT stable 19.07.3 on a cheap TP-Link Wireless Access point to act as a NAT gateway for my home network. Everything has been working well, except one outgoing RDP (Windows Remote Desktop Protocol) connection that I usually make to a host outside my network on an unconventional port (15112).
I have no special setup besides a LAN and WAN zone, and Network Address Translation from LAN -> WAN.
To troubleshoot, I tried the following:
Making RDP connections to external hosts on the standard RDP TCP port (3389) works fine from behind my openwrt NAT gateway
Making a TCP network connection on port 15112 to a linux box on the internet works fine from behind my openwrt NAT gateway.
Making RDP connections to the external host on the port 15112 works with two other NAT routers I've tried that are running proprietary (and I assume permissive) software.
Clearly OpenWRT knows how to NAT traverse RDP since it works to connect with hosts who use the conventional 3389 port. So what do I need to make it work on an arbitrary port?
OpenWrt (by default) has no special provisions for RDP traffic, nor any special handling for specific ports (aside from the bare essentials, e.g. DHCP). This means if RDP works on the default ports, it really should work alike on any other port - therefore I'd first look at the client OS and its configuration[0]/ firewall settings, instead of OpenWrt.
--
[0] Windows will notice the different router, based on the differing LAN MAC address, and create a new network connection for it, this might affect your firewall settings for this new connection.
Thanks or the reply slh. I tried to isolate the problem and I still believe it's something with my openwrt configuration. Here I am trying to do a simple TCP connection to the RDP service and port and an arbitrary website both with netcat
# from my 5G mobile hotspot
roo@sneak:~$ nc -vz google.com 443
DNS fwd/rev mismatch: google.com != lga25s56-in-f14.1e100.net
google.com [172.217.7.14] 443 (https) open
roo@sneak:~$ nc -vz xx.xx.xx.xx 15112
xx.xx.xx.xx: inverse host lookup failed: Unknown host
(UNKNOWN) [xx.xx.xx.xx] 15112 (?) open
# now on the openwrt access point
roo@sneak:~$ nc -vz google.com 443
DNS fwd/rev mismatch: google.com != lga25s63-in-f14.1e100.net
google.com [172.217.12.206] 443 (https) open
roo@sneak:~$ nc -vz xx.xx.xx.xx 15112
xx.xx.xx.xx: inverse host lookup failed: Unknown host
(UNKNOWN) [xx.xx.xx.xx] 15112 (?) : Connection timed out
Note that I've obscrubed the ip address I'm trying to reach
I think you're right @Slh, this is not RDP specific. When I double-nat my openwrt router behind my ISP-supplied modem, the connection works like regular. My guess at this point is that the host is doing some kind of MAC address or other filtering and refusing the connection from my new hardware.