• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

RDP 3389 forward to multiple PCs?

I have this setup at WORK...

Server (We'll call it PC #1) running Win2k w/ Internet Connection Sharing (ICS) and is Double Homed (2 NICs).
NIC1: External IP is 66.99.00.00 (e.g.)
NIC2: Internal IP is 192.168.0.1

In the ICS settings for NIC1 on PC #1, I've set up services to forward ports 3389 and 7777 to another PC
on the same network with IP 192.168.0.25 (PC #25).
----------------------

At HOME...

I open Remote Desktop Connection and connect to 66.99.00.00:7777.  The Server at work (PC #1) automatically forwards me directly to the PC with IP 192.168.0.25 (PC #25) as it should.  This works very well.  I have no complaints.  Fuctions as designed (and FAST too!).  Where was life before RDP?? :o)
----------------------

The DILEMMA...

On the Server at work (PC #1), I set up ports 3389 and 7777 to foward to 192.168.0.25 (PC #25), BUT now I need to make the PC with IP 192.168.0.30 (PC #30) available via RDP as well.  

I set up PC #30 (192.168.0.30) as port 8888 the same way I set up PC #25 as 7777, but now I'm stuck because on the Server running ICS (PC #1) I can only create one rule for port 3389... either it forwards to PC #25 (192.168.0.25)  or  PC #30 (192.168.0.30), but not both.  I actually need to access both from home.  

So, how can I get the Server (PC #1) at work to forward port 3389 with 7777 to PC #25 when I need to connect to PC #25 from home and to forward port 3389 with 8888 to PC #30 when I need to access PC #30?
0
simkiss
Asked:
simkiss
  • 5
  • 5
  • 5
  • +1
1 Solution
 
rikke_vpCommented:
Hi there,

this is rather a easy to solve issue... If ICS supports NAT in a proper way then it a should work when you folow the instructions below.

Lets asume you have 3 servers

srv1 : jan
srv2 : mie
srv3 : pete

When you want to access these servers from an external network you do not need to adjust the ports on the server but on your NAT device like this.

srv1 | external port on nat -> 3389 | internal port -> 3389
srv2 | external port on nat -> 3390 | internal port -> 3389
srv3 | external port on nat -> 3391 | internal port -> 3389

So if you are able to forward these ports on your ICS system then you can access your srv's from an external network.

When you want to access your servers you do this in your Terminal Server Client or RDP client...

lets assume whe connect to srv2
123.456.789.000:3390
or do
mstsc -v 123.456.789.000:3390 in RUN or Command Prompt

If you have any questions let me know,
Regards
Rikke
0
 
star57techCommented:
USE PORT 6631
0
 
simkissAuthor Commented:
RIKKE VP:

The only NAT I can program is the built in ICS in Win2k so I'm not sure what you mean.  It asks 4 questions when you make a port forward rule...
1. Name for this rule?  (I entered: 3389 forward rule)
2. Port to forward? (I entered: 3389)
3. TCP or UDP? (I checked: TCP)
4. Destination IP? (I entered: 192.168.0.25)

Question 4 is the dilemma, I need it to work for 192.168.0.25 and 192.168.0.30 but I can only choose one IP.

0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
simkissAuthor Commented:
STAR57TECH:

Do you mean use port 3389 and port 7777 for PC #25 (192.168.0.25), and use port 6631 and port 8888 for PC #30 (192.168.0.30) ?

If so, are there more ports other than 3389 that work with RDP?  This is just an example to get multiple PCs working.  I can get one to work great, but not two.  I really need to get 25 PCs working like this once I get it figured out.
0
 
rikke_vpCommented:
Nono...

do this and it MUST work... Else that aint a NAT device but a port forwarder...

1. Name for this rule? forward to pc 02
2. Port to forward? 3390
3. TCP or UDP? TCP
4. Destination IP? I entered: 192.168.0.25:33:3389

You can do this with your whole netwerk or lets say, all your clients in your network...

I'm now checking the config of the function you mean in w2k

regards,
RIkke

And no... RDP only works on 3389 or you need to adjust this in the registry... Witch I can explain to you if you want
0
 
2hypeCommented:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
The above link is how to change the default port on Windows XP Pro.  For example change it to listen on port 3388 and forward port 3388 to client 2.  Now when you enter IPADDRESS:3388 it will open a remote desktop connection on client 2
0
 
rikke_vpCommented:
To bad dude...

Indeed, its nor possible with the Static Routes that W2k provides to realy NAT ports.. It only forwards them..

So you need to change your listening ports on the clients with althering the reg key...

Goto start - run and type regedit:
-find the subkey : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
-Right click it and select Decimal and enter the new port number.
-Close regedit and adjust the ports in the ICS machine

Regards,
Rikke
0
 
rikke_vpCommented:
Sorry its
-Right click and select modify and select Decimal

--> 2hype
sorry but I did not refresh...

Regards,
Rikke
0
 
2hypeCommented:
If you want to get it to eventually Go to all 25 machines my suggestions are this.

1.)  You could create a VPN.  Log onto your server 2000 through a vpn.  This will allow you to access your 192.168.0.X numbers as though you were on the LAN.  You could get to each computer by typing the computer name in the RDClient or you could type there local IP address in the RDClient to access them.  You would only need to open the firewall ports.

2.) you could install Terminal Services on your 2000 Server.  Install it and put it in Remote Administration Mode.  This will let up to 3 members of the administrator group connect to your 2000 Server through Remote desktop client. (Remote administration mode is free, nothing extra is needed to buy).  Once you log onto the Terminal Server open the remote desktop client and connect to the machines on your LAN( NOte: you will have to download and Install the Remote Desktop Client on the 2000 Server from the microsoft website).

3.) You could change the port for every Win XP machine and forward the port to the appropriate machine.
Note:  The more ports you open the less secure your enviroment is.

4.) You could purchase a router with port forwarding.  You could get rid of ICS sharing and use the router to share your internet connection and provide you with a firewall.  You could open up 25 ports (ex.  3388, 3387, and forward the to the client IPAddress:3389.  This would save you from changing the listening port on all the XP Pro workstations.
0
 
rikke_vpCommented:
Option 4 :D

http://www.draytek.com 

We import these and they are best product of the month in Belgium

Regards
0
 
2hypeCommented:
Or for option 4. If you do not want to purchase any hardware, you could below.  

If you have a old computer (as old as a 486).  You could download IPCOP. www.IPCOP.org.  Its free, easy to setup, it has tons of features.  I use it at the majority of my networks.

It will allow you to create VPN's betwen IPCOP Boxes, It has the port forward option.  Its a proxy server, therefore you it will cache websites.  It has addons which allow you to Block websites, Bock internet during diffrent times of the day, block certin file types from being downloaded (www.urlfilter.net).  You can view what webpages users have been on,  It runs snort on both the LAN and INternet NIC so you have Intrusion Detection.
0
 
simkissAuthor Commented:
tomorrow is D-Day, so I will keep you all posted.  I will be setting up everything trying to change the default 3389 to a new port on each XP PC, such as:

PC10: 3210 and 8210
PC11: 3211 and 8211
PC12: 3212 and 8212
etc...
0
 
2hypeCommented:
Why do you have 2 ports listed.  Remote Desktop only needs one port open for it to connect which is port 3389 unless you change it.

You should be changing and forwarding 1 port

PC10:  Change RDC port from 3389 port to 3210
PC11:  Change RDC port from 3389 port to 3211

Next Forward Port 3210 to PC10
       Forward Port 3211 to PC11

ect...
0
 
simkissAuthor Commented:
RDP needs two ports according to Microsoft.

Tried with one, didn't work.  Checked Microsoft, it says you need 2 ports.  I added the second, it works like a charm.  Dunno why it needs 2.  I just followed the microsoft instructions.  I'd be interested in seeing work with only one, but I couldn't get it to work without 2 ports for each PC.


0
 
2hypeCommented:
From Microsoft:

"Port 3389 is the only port you need to open. Sound will attempt to be streamed through User Datagram Protocol (UDP) first. If no port is available for UDP, sound will stream through a virtual channel in Remote Desktop Protocol, which uses port 3389."

Here is the link - http://www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx
Scroll Down to the Question "What port does Remote Desktop use? Does everything go over port 3389?"
0
 
simkissAuthor Commented:
The Accepted Answer works like a charm.  

Interesting to note as well... I found out that if you keep the default 3389, you have to change the HTTP port from 80 to another number (5555 for example) and open both this new port and 3389 in your firewall and/or router.  In addition, you access the computer by 66.55.44.33:5555 for example, 5555 being the HTTP port you seleted, not the RDP port (bizarre!).  

BUT, If you change the RDP port from 3389 to, say, 3380, you only need to open one port in your firewall and/or router, and you access this computer by 66.55.44.33:3380 for example, 3380 being the RDP number you reassigned in the registry to replace 3389.

(fake external IP used)
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 5
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now