Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1845
  • Last Modified:

Watchguard Firebox SOHO 6 & Remote Desktop - cannot connect to servers

I have recently installed a Watchguard Firebox SOHO 6 into my network - and since that i cannot use RDC(remote desktop connection). My Network diagram: SERVER 1&2 and Home PC -> SOHO 6 -> Netgear Wireless router -> Internet

I have forwarded all RDC ports(3389 - default and others for other servers), but i keep getting the client connection error. I have forwarded them throug both routers and yet i cannot access the remote desktop internally or externally. The IPs, remote desktops (my computer -> remote) is all setup and seems to be ok. I believe its the SOHO 6 as i could remote desktop before i had it.

Thanks a lot
Simon
0
pbninja101
Asked:
pbninja101
  • 8
  • 7
1 Solution
 
Rob WilliamsCommented:
If you cannot access internally it would sound like a problem with the computers.
However, have you forwarded traffic on the Netgear to the SOHO (not the PC), and then from the SOHO to the PC to which you are trying to connect?
0
 
pbninja101Author Commented:
have done that yes. the Netgear is acting basically as a wireless router and the WAN - Netgear goes into WAN socket on SOHO - PCs on the hub sockets. I think it may be a prob with the Pcs.

On one server i did: start -> cmd -> netstat -an. This said: Listening to 0.0.0.0:3389, which suggests it isn't listening to its LAN IP.
0
 
Rob WilliamsCommented:
>>"0.0.0.0:3389"
That s correct, it means it is listening for a connection. Once a connection is established there will be an IP associated with it.

>>"the WAN - Netgear goes into WAN socket on SOHO "
The WAN of of the Netgear goes into the modem. The WAN of the SOHO connects to the LAN of the Netgear.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
pbninja101Author Commented:
>>"the WAN - Netgear goes into WAN socket on SOHO "
The WAN of of the Netgear goes into the modem. The WAN of the SOHO connects to the LAN of the Netgear.

yes, that is how its setup. But still after numerous efforts - nothing happens to RDC
0
 
Rob WilliamsCommented:
Can server 1 remote desktop to server 2 and visa - versa ?
0
 
pbninja101Author Commented:
nope - no PC can RD to any other on the network.

There is no Domain Controller etc. setup on servers to let you know.
0
 
Rob WilliamsCommented:
If that is the case, there could be a problem with the router as well, but there has to be a problem on the servers themselves. Below is a checklist you might want to review.
also how do you remotely access multiple servers sharing the same public IP? Have you changed the listening port? That is how you usually do it but then you would not be forwarding port 3389, you would be using the new/edited port.


Some things to check:
1-try connecting using the IP of the remote computer not the computer name
2-"allow users to connect remotely to this computer" must be enabled
3-you must be a member of the remote desktop users group of the local machine (administrators are by default)
4-if the workstation is a member of a server 2000/2003 domain you will have one of the 2 following check boxes, depending on the version, on the "Terminal Services Profile" of the users profile in Active Directory. Make sure it is checked appropriately. "Deny the user permission to log on to any terminal server", or "Allow Logon to Terminal Server"
5-if XP SP2 or Server 2003 SP1 the firewall needs to be configured to allow remote connections ( I would disable for now for troubleshooting purposes)
6-makesure any other software firewalls are disabled as well (for test purposes), including Internet security suites. Symantec's sometimes needs to be uninstalled or if using Symantec Antivirus some versions have "Internet Worm Protection" which can block Remote Desktop. Try disabling that as well.
7-Verify the Remote Desktop User group has the rights to log on using Terminal Services.  Go to Control Panel | Administrative tools | Local Security Policy | Local Policies | User Rights Assignments ...make sure Remote Desktop Users is included in "allow logon through Terminal Services"  
8-The terminal Services service must be running
If you have access to the remote machine make sure it is "listening" for your connection. To do so at a command line enter (substitute port # if not using default 3389):
  netstat  -an  |find  "3389"
You should get the following result:
TCP   0.0.0.0:3389    0.0.0.0:0    listening
If not go to Start  | Run | services.msc and see if Terminal Services is started and set to automatic
0
 
pbninja101Author Commented:
having going down the list and done everything - it seems to still not work. My guess is the firewall - if anyone has any knowledge of the SOHO 6, that'll be good as i havent used it very much. Thanks.
0
 
Rob WilliamsCommented:
I have used several SOHO 6's, but if you cannot connect locally such as server 1 to server 2 on the same LAN it has nothing to do with the router.
0
 
pbninja101Author Commented:
well, this beats me.

I've just installed a Domain Controller on server 2 and have tried to link up my home PC (XP Pro) onto the domain and it didnt work, i've also opened all ports up for a few seconds to try that and yet it still didn't work. Will add all the PCs directly to netgear router to see if there is something with the soho.
0
 
Rob WilliamsCommented:
As mentioned if you cannot access any computer or sever locally, you won't be able to do so remotely.
0
 
pbninja101Author Commented:
its definately the SOHO, have just attached all to Netgear and remote desktop now works. So something on the SOHO was blocking it.
0
 
Rob WilliamsCommented:
The SOHO couldn't have caused the problem between the 2 servers on the same LAN unless the ports are bad. Unless, some of the computers were connected to the Netgear wired, or wirelessly, and the others to the SOHO. Anything connected to the Netgear is on the outside of the SOHO and his firewalled.

What model is the Netgear? Is it a combined modem and router ?  If not I would take it out of the picture all together. Once working you can add it as an access point. Better way to do it as it eliminates 1 hop. This is actually necessary for some services such as VPN's. If you want to do so see the following:

To make the wireless router an access point, rather than a gateway:
-no changes required to the wired router
-reset the wireless WAN connection to default, i.e un-configured
-assign the wireless LAN side an IP address in the same subnet as the wired router.  Make sure it does not conflict with the wired router's DHCP range, or any statically assigned devices
-disable DHCP on the wireless
-wireless connections should be configured in the normal manor
-connect a cable from one of the LAN ports of the wired router to one of the LAN (not WAN) ports of the wireless. If the lights do not light up indicating a connection you may need a cross-over cable (usually only necessary on older units)
-now all devices should have Internet access and be able to easily connect to one another to share resources. Don't forget to refresh and DHCP addresses on the wireless clients  
0
 
Rob WilliamsCommented:
Thanks pbninja101. Hope you were able to get it working.
Cheers !
--Rob
0
 
pbninja101Author Commented:
well followed your steps except for stop dhcp on wireless, the soho was on: DHCP Client mode for external network so i couldnt turn it off. Reason for RDC not working was because i had software firewalls on teh XP pc stopping the connections.

Thanks Rob, points given.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now