Can remote to computer within network but not from outside

I have two machines set up behind a router, and both are windows 7. I set up port forwarding on the router into the two machines and they both have consecutive assigned ip addresses. One computer I can connect to remotely just fine from outside the network, but the other one I can't.

I've been troubleshooting the problem by remoting into the machine that I can get to and then opening an RDP from that machine to the other one and it opens fine. So you can RDP from one machine within the network to the other but not from outside to that machine.

It's obviously listening on 3389, and I confirmed that with netstat. The outside port (I'm forwarding from external 3390 to internal 3389) is open and the router works fine. I changed the port forward so it was pointing to the other machine and it worked fine that way so presumably the router is forwarding fine.

I don't understand why I can make a 3389 connection to that machine from inside the network but not from the router.
Who is Participating?
Darius GhassemConnect With a Mentor Commented:
You can only use the one External IP address on one of the 3389 ports. You can't port forward the same external IP address to two different internal IP addresses on the same port.

Now you can change the default listening port on RDP for the second client the port forward another port number like 3391. You can then change the RDP configuration to connect to the port 3391
JamesSenior Cloud Infrastructure EngineerCommented:
What you need to do is change the RDP listening ports on the Windows 7 PCs. Give 1 PC say port 3390 and then the other say 3391. You can change the the listening ports numbers through the registry. Go to > start > run > and type regedit > scroll to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-TCP and modify in the right hand PortNumber and change this.

The next step is to create forwarding rules on your Router/Firewall for the new RDP port number and point them to the PCs exactly the same you did.
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

charlesAMAGAuthor Commented:
Well, I've gone in and changed the ports so that now one machine has 3389 external and 3389 internal and the other machine has 3390 external and internal. I changed the listening port to 3390 on that machine.

Now when I enter the internal IP address and port 192.168.1.x:3390 it remotes over to it just fine, but from the external port :3390 it doesn't open again.
JamesSenior Cloud Infrastructure EngineerCommented:
Does the PC have a static ip address? The PC has to has to be using static ip address. You can set this up in DHCP with a reservation or on the PC it-self. Check the fire rules again, and also make sure the user account your using has access to the PC remotely. One way of testing to see if the port is open externally is to use telnet. Telnet the public ip address eg:

telnet 3390

If this fails, check the firewall rules on both the PC and the router/firewall.
charlesAMAGAuthor Commented:
Yes it does have a static ip and the port is open.
Darius GhassemCommented:
You need to make sure that the port forwarding is properly setup to port forward on the new port to the static internal IP address.

charlesAMAGAuthor Commented:
Awesome. I'm going to go back and completely redo the router setup with these tips in mind and see how that goes. I'll let everybody know later today how it went.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.