Can remote to computer within network but not from outside

Posted on 2010-11-16
Last Modified: 2012-06-27
I have two machines set up behind a router, and both are windows 7. I set up port forwarding on the router into the two machines and they both have consecutive assigned ip addresses. One computer I can connect to remotely just fine from outside the network, but the other one I can't.

I've been troubleshooting the problem by remoting into the machine that I can get to and then opening an RDP from that machine to the other one and it opens fine. So you can RDP from one machine within the network to the other but not from outside to that machine.

It's obviously listening on 3389, and I confirmed that with netstat. The outside port (I'm forwarding from external 3390 to internal 3389) is open and the router works fine. I changed the port forward so it was pointing to the other machine and it worked fine that way so presumably the router is forwarding fine.

I don't understand why I can make a 3389 connection to that machine from inside the network but not from the router.
Question by:charlesAMAG
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 59

Accepted Solution

Darius Ghassem earned 500 total points
ID: 34149657
You can only use the one External IP address on one of the 3389 ports. You can't port forward the same external IP address to two different internal IP addresses on the same port.

Now you can change the default listening port on RDP for the second client the port forward another port number like 3391. You can then change the RDP configuration to connect to the port 3391
LVL 15

Expert Comment

ID: 34149867
What you need to do is change the RDP listening ports on the Windows 7 PCs. Give 1 PC say port 3390 and then the other say 3391. You can change the the listening ports numbers through the registry. Go to > start > run > and type regedit > scroll to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-TCP and modify in the right hand PortNumber and change this.

The next step is to create forwarding rules on your Router/Firewall for the new RDP port number and point them to the PCs exactly the same you did.

Expert Comment

ID: 34149980
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 34150470
Well, I've gone in and changed the ports so that now one machine has 3389 external and 3389 internal and the other machine has 3390 external and internal. I changed the listening port to 3390 on that machine.

Now when I enter the internal IP address and port 192.168.1.x:3390 it remotes over to it just fine, but from the external port :3390 it doesn't open again.
LVL 15

Expert Comment

ID: 34151067
Does the PC have a static ip address? The PC has to has to be using static ip address. You can set this up in DHCP with a reservation or on the PC it-self. Check the fire rules again, and also make sure the user account your using has access to the PC remotely. One way of testing to see if the port is open externally is to use telnet. Telnet the public ip address eg:

telnet 3390

If this fails, check the firewall rules on both the PC and the router/firewall.

Author Comment

ID: 34155940
Yes it does have a static ip and the port is open.
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34155977
You need to make sure that the port forwarding is properly setup to port forward on the new port to the static internal IP address.


Author Comment

ID: 34157127
Awesome. I'm going to go back and completely redo the router setup with these tips in mind and see how that goes. I'll let everybody know later today how it went.


Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question