Introduction

The goal of this lab is to establish an SSH connection from Traveler (WAN) to Jump (DMZ) and forward itself to RDP on MGMT02 (MGMT).

When researching for this assignment, we found a comprehensive blog on how to implement RDP on home networks: Securing Remote Desktop with SSH Tunneling – tommycoolman

For this assignment, we decided to implement it on Savannah's virtual enterprise. The network diagram for her enterprise can be seen below:

Implementation: RDP on MGMT02

First, Remote Desktop Protocol (RDP) has to be enabled on the targeted machine. Go into the settings of the targeted machine – in our case MGMT02 – and search for the term remote desktop. Under the setting Enable Remote Desktop, switch the toggle bar to on.

A picture of such settings can be found below:

Afterwards, make sure to restart the machine.

Implementation: Update Firewall Rules

RDP uses port 3389/TCP. Since our networks were locked down during the assessment (implementing default drops), we have to explicitly allow such traffic in both of our firewalls.

On edge01-firewall (the one connecting DMZ and LAN), RDP traffic needs to be allowed to pass through:

set firewall name DMZ-to-LAN rule 20 description "RDP to MGMT02"
set firewall name DMZ-to-LAN rule 20 destination address '172.16.200.11'
set firewall name DMZ-to-LAN rule 20 destination port '3389'
set firewall name DMZ-to-LAN rule 20 protocol 'tcp'
set firewall name DMZ-to-LAN rule 20 action accept

Additionally, on fw-mgmt firewall (the one connecting LAN and MGMT), RDP traffic needs to be allowed to pass through:

set firewall name LAN-to-MGMT rule 30 description "RDP to MGMT02"
set firewall name LAN-to-MGMT rule 30 destination address '172.16.200.11'
set firewall name LAN-to-MGMT rule 30 destination port '3389'
set firewall name LAN-to-MGMT rule 30 protocol 'tcp'
set firewall name LAN-to-MGMT rule 30 action accept

As always with VyOS, make sure to commit and save these changes.

Note About Port Forwarding

In a previous lab, port forwarding was setup so that ssh connections from traveler to the edge01 WAN firewall would be redirected to jump/log01 at 172.16.50.4.

This means that when the command ssh [email protected] is run on traveler, the ssh connection will be redirected to jump/log01. It is important to make sure that this connection is working before proceeding with the lab.

Test Case and Commands

To test that the setup has worked, we can now run the command needed to open an SSH RDP session. When run from traveler, we are able to establish an SSH connection from Traveler (WAN) to Jump (DMZ) and forward itself to RDP on MGMT02 (MGMT).

ssh -N -L 8888:172.16.200.11:3389 [email protected]
# Enter the password for the user when prompted

The command will buffer if it is working. At this time, open up the Remote Desktop Connection application on the same traveler box:

If it is the first time connecting, you will have to go to “Show Options” and manually enter the computer IP address of 127.0.0.1:8888 and the username. In this screenshot, I have done the full connection previously and saved the credentials.

Click Connect. If a warning appears, go ahead and bypass it (you should be able to trust your own internal connection after all).

Once connected, the screen should appear similar to this: