[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1880
  • Last Modified:

RDP over Proxy software needed.

My company has 2 datacentres, one of which demands that specific firewalls are setup, e.g. only a limited amount of IP ranges can RDP to our servers there.

At home my IP is dynamic which means I can't connect to them. Currently I'm connecting from home to my work machine which slows things down when I want to do things on those servers.

I'm looking for some (ideally free but not essential) proxy server software that will allow me to set up routes for my RDP connections, presumably over specific ports. I'm not out to RDP over HTTP nor am I looking to encrypt the traffic (one step at a time please!)

However I can't manage to get any specific software to work. So I try and forward TCP port e.g. 4117 (arbitary) to 3389 (rdp) to an IP and I've had no luck. But first I really need some software I know can work before I try and learn it. Any ideas?
0
Borgs8472
Asked:
Borgs8472
  • 10
  • 9
  • 4
  • +1
1 Solution
 
bkellyboulderitCommented:
Can you be more specific? I'm having a little bit of a hard time exactly getting it. Also, maybe step back a second and explain why your doing the last part with the ports.

> looking for some (ideally free but not essential) proxy server software that will allow me to set up routes for my RDP connections, presumably over specific ports

BTW, you know you can change the listening port for RDP?
0
 
dlangrCommented:
You could forward all trafic on your company router/firewall to a specific port to the ip and port of an server running terminal services. Is this what you tried, as what you did is not very clear from what you described.
0
 
dlangrCommented:
Please note, that this does create a backdoor, wich pretty much defeats the purpose of only accepting a predefined range of ip's in the first place
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
dlangrCommented:
I use an remote desktop at my company (over an vpn connection), and from there connect to multiple servers all the time and it works just fine for me... very snappy.

 Maybe your internet connection is not fast enough? That would also make the connection to your desktop slow then. Or is the connection between your company and the server you want to manage slow?
0
 
Borgs8472Author Commented:
Sorry, a bit more info. I should have said at first, my attempts with ccproxy, http://www.youngzsoft.net/ccproxy/ did not work. I set up rules forwarding certain ports to 3389 on various servers, and when I RDPed via those ports I could not connect.

I doubt that's a very good bit of software anyhow.

Whilst I'm aware I'm creating a backdoor like this, I need this as the managed hosts at our datacentre take a week to implement any firewall change requests (it only takes 30 seconds for god sakes!?) and since I have all access open from the other datacentre, a proxy would allow me to instantly allow any kind of connections straight through, provided I set it up.

Oh and RDP which I'll always need. Yeah, so am I going about this the right way? Do I just have to hunt for better software? I'll pay for software if I can see if doing what I need to do correctly.
0
 
Borgs8472Author Commented:
Oh, @ dlangr, I'd rather not mess with the data centre router or our office router because I am scared of breaking either of them. (yes I don't get have my CCA, can you tell? :p )
0
 
bkellyboulderitCommented:
I would say then, that it all seems like a lot of work for waiting for them to make changes. What about just using gotomypc and then remoting around from the one machine you can get into? At least it's a secure solution. Anyway, just a thought. Constraints are fun....
0
 
Borgs8472Author Commented:
That's what I currently do (as I said!). I remote into my work machine and then remote to various servers from there. I actually had additional incompatibilities there like I have dual screen and wide screen at home which doesn't play well when going via the office.

So I want to connect "directly" to the servers, with it being routed seamlessly via another location.
0
 
bkellyboulderitCommented:
Hmm. I guess maybe I'm out of comments to help :-(
However, here's an FYI about multiple monitor support in RDP.
http://blogs.msdn.com/ts/archive/2006/11/10/multi-monitor-support-in-the-vista-ts-client.aspx
0
 
dlangrCommented:
if you have an small business server, this might be for you:

Remote Desktop and Remote Assistance: Remote Desktop Proxy service with Windows Small Business Server 2003 solves single IP issues by proxying RDP connections to multiple systems in the office. This method remotely supports users, and also provides remote access to desktop systems for working from home or while traveling.

http://www.microsoft.com/technet/solutionaccelerators/smbiz/sitsol/RmtMngmt_13.mspx?mfr=true

0
 
dlangrCommented:
Another way to do this, though not very easy, is to make it possible to open a vpn connection to a server in the company. Then your home pc can access the company network like it is a part of the network itselve....

As I said, this is what we do, though we do have a firewall between the vpn  and the network to selectivly allow access to certain systems.
0
 
Borgs8472Author Commented:
^ ^
I'm trying to make a very basic VPN just for RDP routing, but I don't know how!

I have windows 2000 and windows server 2003 machines to work with. That document on RDP didn't seem to document anything about routing RDP via anything, are you sure that was the right link?

Regarding multiple and different sized monitor support, don't worry about that, I don't expect that to work any time soon, and that's just a side effect of me not being able to connect directly how I want.
0
 
dlangrCommented:
It was the right link, but for another solution. It was not about a vpn but about using an sbs server to proxy rdp connections to other machines in the company. I have never implemented, but it sounds like it should work.

I think a vpn would be the best solution to you problem:

http://articles.techrepublic.com.com/5100-1035_11-5805260.html (server-side)

http://articles.techrepublic.com.com/5100-1035_11-5814036.html (client-side)

0
 
dlangrCommented:
see http://www.experts-exchange.com/Networking/Misc/Q_21722498.html?sfQueryTermInfo=1+2003+nat+vpn if it is behind nat.

Not sure if it helps you then, as you don't want to configure the firewall.
0
 
Borgs8472Author Commented:
I'm not trying to do any NAT. Just have RDP traffic to one public ip on a certain port directed to a different public IP on the default RDP port.

I started out with the windows VPN guide but it's really not what I'm after, far too many options.
0
 
dlangrCommented:
Once you would have a vpn setup, it would be possible to access your whole network. It is also more secure. You could just specify an ip from the internal range at you company in your rdp software and connect to it. No more firewalls to configure. It's easy to setup, don't be intimidated.

That said, if it is not for you, we'll keep on searching :)
0
 
bkellyboulderitCommented:
dlangr is corrrect. This is easy. It works well. Why fight it. Succumb to the MS dark side.

Another option if you really want it to be easy for the users and very restricted, since your not using SBS with Remote Web Workplace, is to use an SSL appliance.
It forces RDP over SSL (https) in a web browser. It's secure, requires only one port, and the users don't have to configure anything.
Look at a Sonicwall SSL VPN 200 - $494.00.
0
 
Borgs8472Author Commented:
I began to give windows vpn a go, it wants me to turn off windows firewall as one of the first steps, is that wise?

I really didn't want whole O/S or entire VPN based solutions because I have neither the time nor the expertise for such a project. I was just hoping someone knew some basic software to route my RDP. If the answer is simply that isn't possible I may have to leave it.
0
 
dlangrCommented:
If i'm right it will allow you to enable firewalling later on, but i would disconnect the machine until you managed to enable the firewall so it won't get hacked right away. Look at figure D and the comments there : http://articles.techrepublic.com.com/5100-1035-5805260.html#comments

Running any machine without a firewall in place is a big issue. Running the firewall on the same machine as what it is protecting means that if either one is compromised, so is the other. Therefore a seperate firewall is usually recommended. A cisco firewall (if configured right), and most other dedicated firewalls,are in my opinion a lot more secure than any windows server doubling as a firewall.

That said, ppl run them directly connected to the internet for years without any trouble, just as long as the windows firewall only allows the needed service (vpn) to pass.
0
 
Cláudio RodriguesCommented:
Get something like 2X LoadBalancer. Install on one machine and set your firewall to send port 3389 to that machine. On it you can then add as many TSs as you want (for load balancing) or simply add one single TS and connect to it (and from there to all other TSs).
It will also do RDP over SSL if you need that.


Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 
dlangrCommented:
He stated clearly he does not want to rdp to one machine to be able to connect to the others.

Borgs8472: can you give us an update on the status? any more questions?
0
 
Cláudio RodriguesCommented:
Using a load balancer like the one I recommended he can actually go to each machine individually and not doing 'RDP hoping' as you may have thought. It is a matter of how you configure it.

Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 
Borgs8472Author Commented:
Look at things this way, my office's Cisco router (which I didn't configure and fear ;) ) has rules set up so that I can RDP to its public IP over different ports, depending on what internal office machine I want to connect to.

I believe that's done with access control lists. In a similar way, I want to RDP over certain ports, (OPTIONAL - password authentication at this stage) and then go straight through to the other datacenter. In the scenario I'm after however it's not NATing external to internal, rather from one public ip through to another public IP. (they're mostly webservers)

Reading a little about this 2X LoadBalancer, I understand how it could do what I'm after, eventually. But I'm really not after a VPN/Access Gateway solution, at least not a 'proper' one.

By the way I have a VMware box and I've been checking out simple firewall appliances for it, though this is simply out of my frustration at not finding any windows software to do what I want.

Seriously, does anyone know if there is a piece of software that can act as a simple proxy server for RDP, in a similar way to the vast array of proxy server software for HTTP?
0
 
Cláudio RodriguesCommented:
I have been on the TS business for 13 years and I was the owner of Terminal-Services.NET (acquired by 2X) that originally developed WTSGateway Pro (RDP Load Balancer/Gateway) and the only RDP Client for DOS in the world.
Trust me, there is nothing like what you want. I understand your needs and your goal. Correct me if I am wrong but all you want is to connect to a machine that will allow you to choose to which TS you want to go and then connect you there directly, proxying the connection.
If that is the case, nope, there is nothing like that.
The 2X LoadBalancer is the closest software to this as it does allow you to connect to a single IP address/port and from there, automatically, hit any TS on your internal network, with no double hop.
Another way of doing this is very simple using the same product. Use 2X LoadBalancer AND the 2X ApplicationServer. Then simply publish the desktop of all the TSs you want on the ApplicationServer.
This way you will be able to do EXACTLY what you are asking for: to connect from your machine DIRECTLY to ANY TS in your company, with NO DUAL HOP. You will pass through the 2X LoadBalancer (in this case acting as a gateway only) but this will be a transparent proxy for your connection, exactly as you want.
Trust me this is the ONLY way to do it. Unless of course you want to spend even more and use something like Citrix or Provision Networks.

Cheers,

Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 
Borgs8472Author Commented:
Both networks are on public IPs, there's not going from private to public IPs involved.
0
 
Borgs8472Author Commented:
I gave up and got a static IP at home
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 9
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now