Solved

Port Redirect, Windows 7 Firewall and Remote Desktop problems

Posted on 2010-08-31
4
3,383 Views
Last Modified: 2013-11-21
So I have mutliple computers on my network (workgroup).  I am trying to set up the abiltiy to remote into them from an outside source.  I have a DynDNS host service configured with my router and its working perfectly.

I have my ports forwarded to the ip addresses of the respective computers on my network (I'm using DD-WRT firmware).  Computer1 port 3389 (default) Computer2 port 3390

I'm running into problems with the windows firewall and now my remote desktop is not working for either (including default port).  Last night I was able to remote in to the default port (on both computers when I switched the forwarding for the ip addresses) so remote desktop is enabled on both machines.  

For the Computer2 with the redirected (or changed) RDP port I have modified the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\portnumber to decimal 3390.  There is a Key entry of EH-Tcp which also has a portnumber string that is the same as RDP-Tcp 3389 (so they are originally the same value).

What is this EH-Tcp?  Do I need to change both (I tried but at least I know whether I need to)?

Once I changed the RDP-Tcp port I restarted the Remote Desktop Services.  However, in the windows firewall there is a rule that has exception Remote Desktop TCP-In Port 3389.  The firewall exception port has not changed even though I changed it in the registry.  Is there a way I can change this port in the firewall?  Or do I add an additonal rule?

Now even with the firewall turned off I am unable to remote in.  Both computers have passwords and I was able to remote in before.  Perhaps if I can get the correct configuration the default port computer will work with the firewall off.

Any suggestions?  

JOe K.
0
Comment
Question by:ClaudeWalker
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
beechy_ earned 500 total points
ID: 33570748
If you do want to run RDP on computer 2 on port 3390, start out by testing within the LAN, connecting to it on port 3390.  Connect from computer 1 to computer 2 so you can be sure the port forwarding isn't causing a problem.  You will need to create a new port rule in the firewall allowing incoming traffic on TCP 3390.

However, another approach which I would take, would be to put remote desktop on computer 2 back to 3389, leaving the default firewall exception in place.  Then configure your router to forward 3389 to 3389 on computer 1 but to forward 3390 to 3389 on computer 2.  Then when you connect to computer 2 within the LAN everything is just as it has always been on 3389 on both computers.  Only when connecting remotely to computer 2 will you need to specify port 3390, your firewall will take care of the port modification to 3390 for you and you should be able to connect remotely.
0
 
LVL 5

Expert Comment

by:Imran Saeed
ID: 33574405
have you tried Team Viewer, check the link below. Its very simple to setup and free for personal use and no need to forward any ports etc.

http://www.teamviewer.com
0
 

Author Comment

by:ClaudeWalker
ID: 33579338
So I tried again from work.  I have been able to remote both ways from my LAN and I also have been able to login using an IP address from a computer on the LAN.

Computer1 <----> Computer2 via LAN

Computer1 --74.54.54.12:2345 (made up ip:port)---> Computer2 (vice versa)

WorkComputer --74.54.54.12:2345 (made up ip:port)---> Computer1(2) does not work

I have added TCP exceptions to those ports in the windows firewall.  Those ports are forwarded correctly in my router. I have been able to remotely administer the router therefore the ip address is correct.  The problem is either the port forwarding (which doesn't make sense) or something in the firewall).  Perhaps I have the security permissions messed up in the software firewall or the remote security is set to high or I have no idea what I'm talking about :)

Any ideas on why this computer outside my network is unable to connect via IP:Port and computers inside my network can connect via IP:Port?

Thanks,
JOe K.

0
 

Author Comment

by:ClaudeWalker
ID: 33579776
Nevermind, I was adding my computer name with my login name which works within the domain however when connecting from outside the domain it only wants a user name and not a computer name

Computer\Username  did not work

Username worked!

Thanks for getting me in the right direction.

JOe K.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now