Eugene Palmer
asked on
CoRD client over SBS 2008 network.
Hi,
I can connect to a remote desktop session with either Microsoft RDP client for MAC or CoRD. However, I can only seem to connect to the server. Is there a conditional command when connecting that will allow a connection to a specfic computer on the SBS network behind the firewall?
Thank You
I can connect to a remote desktop session with either Microsoft RDP client for MAC or CoRD. However, I can only seem to connect to the server. Is there a conditional command when connecting that will allow a connection to a specfic computer on the SBS network behind the firewall?
Thank You
ASKER
Hi,
I able to connect using the server address remote.xxxx.xxx either remotely or on the lan, then result is the same, a desktop session to the server which makes sense since that is how the normal port forwarding works through the firewall Internet resolve "remote.xxxx.xxx" to internet IP address> firewall> 3389 port forward>server IP. Great, but I have several users who would like to connect to their Windows desktops from their home MACS (big surprise) and I cannot simply hand them the server credentials and have piggybacked remote sessions running amok.
So, the SBS 2008 server is not acting as a firewall, but routes the users through the TS gateway. The RDP clients CoRD and MS RDP do not seem to have a mechanism for having the users be routed differently from the fixed firewall rules.
This may not be possible, but it seems so close. I have tried remote.xxxx.xxx:LAN IP, remote.xxxx.xxx\computerna me which of course don't work.
I doubt having a port forward rule that has a different port for each computer on the LAN would work either since they would not be routed through the TS gateway and how would the RDP client know which user was which? If you input WAN IP:3390 on the RDP client would that = machine "A" WAN IP:3391= machine "B" etc?
I able to connect using the server address remote.xxxx.xxx either remotely or on the lan, then result is the same, a desktop session to the server which makes sense since that is how the normal port forwarding works through the firewall Internet resolve "remote.xxxx.xxx" to internet IP address> firewall> 3389 port forward>server IP. Great, but I have several users who would like to connect to their Windows desktops from their home MACS (big surprise) and I cannot simply hand them the server credentials and have piggybacked remote sessions running amok.
So, the SBS 2008 server is not acting as a firewall, but routes the users through the TS gateway. The RDP clients CoRD and MS RDP do not seem to have a mechanism for having the users be routed differently from the fixed firewall rules.
This may not be possible, but it seems so close. I have tried remote.xxxx.xxx:LAN IP, remote.xxxx.xxx\computerna
I doubt having a port forward rule that has a different port for each computer on the LAN would work either since they would not be routed through the TS gateway and how would the RDP client know which user was which? If you input WAN IP:3390 on the RDP client would that = machine "A" WAN IP:3391= machine "B" etc?
Actually, it looks like TS gateway on SBS 2008 will do what you want. Here is a page that describes some options:
http://blogs.technet.com/b/sbs/archive/2008/09/26/can-i-use-terminal-services-in-sbs-2008.aspx
and here is a step-by-step for setting up TS gateway:
http://technet.microsoft.com/en-us/library/cc771530(WS.10).aspx
There are quite a few steps, but you've probably already got some of them done if you have the TS gateway setup. It's possible you just need to configure it allow access to the computers you want to allow access to.
If you take a look at those links and still need help, let us know where you need more help at and we'll see what we can do.
Hope this helps.
http://blogs.technet.com/b/sbs/archive/2008/09/26/can-i-use-terminal-services-in-sbs-2008.aspx
and here is a step-by-step for setting up TS gateway:
http://technet.microsoft.com/en-us/library/cc771530(WS.10).aspx
There are quite a few steps, but you've probably already got some of them done if you have the TS gateway setup. It's possible you just need to configure it allow access to the computers you want to allow access to.
If you take a look at those links and still need help, let us know where you need more help at and we'll see what we can do.
Hope this helps.
ASKER
RWW already works perfectly and has since it's installation. That is not the question. Does the mac rdp client support user routing is the question.
From what I can find, the MS RDP client for Mac OS X doesn't support TS Gateway. I did find one that does: http://itap-mobile.com/desktop/rdp
Hope this helps.
Hope this helps.
ASKER
ok, so if 3389 is forwarded to a specific machine and RWW does not use 3389 one client should work and not break the RWW others are using. Wild shot is to then have the 2nd CoRD rdp type in remote.xxxxxx.xxx:3390 and port forward that to the second lan machine ip? I'll try it and doubt it will work. Machine rdp host would need to accept port change.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have been banging at this and have at least some success in a test environment, but can't get it going in production. When I changed the firewall rules on a Sonicwall TZ190 to allow port 3389 WAN>LAN to an individual machine on the SBS LAN I could then RDP from a Mac running CoRD.
This does not affect the function of SBS RWW as I can still connect to any SBS LAN machine with RWW. I gather the SBS TS gateway is handling the forwarding of 443 to individual machines on 3389. So at least that works, next I'll try the multiple 3390>3389, 3391>3389.
When I changed the same firewall rule on a Sonicwall NSA240 to allow 3389 to an individual machine on an SBS LAN I still can't connect. I've been going over the firewall and can't find why it's not working.
This does not affect the function of SBS RWW as I can still connect to any SBS LAN machine with RWW. I gather the SBS TS gateway is handling the forwarding of 443 to individual machines on 3389. So at least that works, next I'll try the multiple 3390>3389, 3391>3389.
When I changed the same firewall rule on a Sonicwall NSA240 to allow 3389 to an individual machine on an SBS LAN I still can't connect. I've been going over the firewall and can't find why it's not working.
If the server is acting as a firewall and router effectively hiding the computers behind it, you will need to configure the server/firewall for port forwarding to allow you to connect to the computers on the internal network. If the server is just blocking the traffic and not performing NAT, then you just need to add a rule to allow RDP to whatever computer you want to connect to.
Another way of getting to the computers in the network would be to RDP to the server, then RDP from there to the computers on the inside.
If you still need help, please provide us with more details about how the network is setup and exactly what you are trying to do.