Shaukdotdj
asked on
Remote Desktop port issue through multiple hops internally.
Hardware involved
One DSL Modem/Wireless Gateway 192.168.0.1 (Actiontec GT701WG)
One Router 192.168.254.254 w/Wan IP 192.168.0.2 (Siemens Speedstream 2602)
One Laptop 192.168.0.5 connected wirelessly to the .0.1 gateway
One Desktop 192.168.254.38 connected via ethernet to the 254.254 gateway.
forwards I have set up are
192.168.0.1 is set up to pass 3389 to 192.168.0.2
192.168.0.2 is set up to pass 3389 to 192.168.254.38
What I CAN do: Remote from my laptop to the desktop by using the WAN IP of the router (.0.2) AND remote from my desktop to my laptop using the direct ip (.0.5)
Using the logic that i CAN connect to 192.168.0.2 i configured the modem to forward port 3389 to 192.168.02, since it's configured to pass that on down to 254.38 anyway
yet, it doesn't work, it doesn't work if i set up a forward directly to the IP of the computer either, and cannot attempt to establish a direct connection to the 254.38 ip..
NAT is enabled on both devices, and cannot be disabled on the router at all, there is simply no option for it, not sure if that has anything to do with it but i'm not sure how it would, as internally, the connections work fine, it's just running in to a wall somewhere and i'm not sure where.
One DSL Modem/Wireless Gateway 192.168.0.1 (Actiontec GT701WG)
One Router 192.168.254.254 w/Wan IP 192.168.0.2 (Siemens Speedstream 2602)
One Laptop 192.168.0.5 connected wirelessly to the .0.1 gateway
One Desktop 192.168.254.38 connected via ethernet to the 254.254 gateway.
forwards I have set up are
192.168.0.1 is set up to pass 3389 to 192.168.0.2
192.168.0.2 is set up to pass 3389 to 192.168.254.38
What I CAN do: Remote from my laptop to the desktop by using the WAN IP of the router (.0.2) AND remote from my desktop to my laptop using the direct ip (.0.5)
Using the logic that i CAN connect to 192.168.0.2 i configured the modem to forward port 3389 to 192.168.02, since it's configured to pass that on down to 254.38 anyway
yet, it doesn't work, it doesn't work if i set up a forward directly to the IP of the computer either, and cannot attempt to establish a direct connection to the 254.38 ip..
NAT is enabled on both devices, and cannot be disabled on the router at all, there is simply no option for it, not sure if that has anything to do with it but i'm not sure how it would, as internally, the connections work fine, it's just running in to a wall somewhere and i'm not sure where.
ASKER
connecting to 192.168.0.2 already works, 192.168.0.5 works too.
the problem is connecting from outside of my internal network (for example, i take my laptop to work with me and I want to remote to my desktop at home)
if i connect to my public ip, it's almost immediately coming back with a failure notice.
the problem is connecting from outside of my internal network (for example, i take my laptop to work with me and I want to remote to my desktop at home)
if i connect to my public ip, it's almost immediately coming back with a failure notice.
>> 192.168.0.1 is set up to pass 3389 to 192.168.0.2
shouldn't it be "to 192.168.0.5"? There is no sense in forwarding the RDP port to the Siemens router.
Let's try to follow the actions performed when you try to RDP from desktop to laptop:
192.168.254.38:x to 192.168.0.5:3389
---(routing)---> 192.168.254.254
---(NAT)---> 192.168.0.2
---(routing)---> 192.168.0.1
---(deNAT)---> 192.168.????
---(routing)---> 192.168.0.5
First, there is no public IP involved. Second, the DSL gateway needs another IP if it applies NAT.
shouldn't it be "to 192.168.0.5"? There is no sense in forwarding the RDP port to the Siemens router.
Let's try to follow the actions performed when you try to RDP from desktop to laptop:
192.168.254.38:x to 192.168.0.5:3389
---(routing)---> 192.168.254.254
---(NAT)---> 192.168.0.2
---(routing)---> 192.168.0.1
---(deNAT)---> 192.168.????
---(routing)---> 192.168.0.5
First, there is no public IP involved. Second, the DSL gateway needs another IP if it applies NAT.
ASKER
What i'm trying to achieve is making the destination the 192.168.254.38 computer.
the .05 ip is my laptop, and will be coming with me, there is no purpose at all in setting up a forward to a computer THAT WILL NOT be here when I need to connect to my desktop remotely.
there WILL be a public IP involved.
lets try this again from the top please.
the .05 ip is my laptop, and will be coming with me, there is no purpose at all in setting up a forward to a computer THAT WILL NOT be here when I need to connect to my desktop remotely.
there WILL be a public IP involved.
lets try this again from the top please.
ASKER
Here's a visual mockup for you to work with.
GAAAAHHHHHH------.png
GAAAAHHHHHH------.png
ASKER
anyone?
I'm not clear on the purpose of the Siemens (yellow) router in the diagram. Is it to keep your computer isolated from your roomies' computers?
If it's just to extend the network, you could possibly turn off its NAT... or disable its DHCP server, unplug the cable from its WAN port and connect it instead to a LAN port.
If it's just to extend the network, you could possibly turn off its NAT... or disable its DHCP server, unplug the cable from its WAN port and connect it instead to a LAN port.
The public IP is NATted on the Modem or on Router? As I said, you need to IP addresses for NAT.
ASKER
NAT is enabled on both devices, and cannot be disabled on the router at all, there is simply no option for it
Feel free to elaborate on your supposed solutions because it's still not apparent to me what you're trying to say.
ASKER
"If it's just to extend the network, you could possibly turn off its NAT... or disable its DHCP server, unplug the cable from its WAN port and connect it instead to a LAN port."
there is only one wan port and 2 lan ports, and both lan ports are in use, as you can see from the diagram
there is only one wan port and 2 lan ports, and both lan ports are in use, as you can see from the diagram
ASKER
and there are no free available ports on any of the devices, so there really isn't any physical way to rewire this network. If It is impossible to do with this current hardware setup, then thats fine, let me know.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have to agree. It is a strange configuration, and I do not question any problems this creates. You would be better off with a single device doing LAN, WAN and WLAN.
However, I try to follow how it is "working" at the moment. The difference between RDP from inside and from outside your network is the NAT in your modem. But you cannot get rid of it, as you won't have access to internet without at least for the laptop and one of the roommates. My conclusion is: if it does not work yet, it is not feasable with this configuration.
However, I try to follow how it is "working" at the moment. The difference between RDP from inside and from outside your network is the NAT in your modem. But you cannot get rid of it, as you won't have access to internet without at least for the laptop and one of the roommates. My conclusion is: if it does not work yet, it is not feasable with this configuration.
ASKER
My co-worker suggested the switch when I ran it by him, with the diagram as well, he is Network+ certified. His explanation is that the double nat was creating a problem, and ultimately my configuration made no sense with that piece of hardware there as the actiontec serves as a router already.
ASKER
just wanted to add, there is a service that microsoft just unrolled called "mesh" at mesh dot com
it allows me to remote to my computer using the current setup, so looks like I can save on getting that switch after all
it allows me to remote to my computer using the current setup, so looks like I can save on getting that switch after all
>> forwards I have set up are
>> 192.168.0.1 is set up to pass 3389 to 192.168.0.2
Try it without that one. 192.168.0.1 and 192.168.0.2 are in the same LAN so you don't need to forward any ports there - they won't be blocked by NAT.
Then put 192.168.0.2 in the Computer box in the Remote Desktop Connection window on your laptop, which should forward the RDC session to 192.168.254.38.
If you want it to work in the other direction too, the forward to setup in 192.168.0.1 is to 3389 -> 192.168.0.5, though I'm not certain RDC will work *to* a wireless connection.