Connect Through Remote Desktop Externally

James Parsons
James Parsons used Ask the Experts™
on
I've forwarded port 3389 to the IP. I can RDP into the IP internally, but not externally using the external IP address. Comes up with an error: Remote desktop can't connect to the computer. Remote desktop may be disabled or the computer may be off.

As I said I can RDP into it from within the network no problem. There is an SBS 2003 server that is doing DHCP. The router / firewall is a CISCO RVS2000.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
It doesn't sound like your firewall is properly configured with the port forwarding rule.

Author

Commented:
I've configured the port forwarding in the 'Port Fowarding' Section for TCP and UDP ports 3389 to point to internal IP 192.168.10.200 (IP of the computer we want to connect to).
Either your firewall is not setup properly, or the PC isn't configured correctly to listen on 3389. From the inside are you connecting using xxx.xxx.xxx.xxx:3389? So when you try that same format from the outside it doesn't work?
If all is setup properly, try looking at the logs on the firewall, or some kind of real time monitoring to see while you're trying to see if you can tell where the connection is being dropped.
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Author

Commented:
From inside the network I just connect to the internet IP from the RDP tool. I launch it through mstsc through run.  When  I try it from outside with the IP and port (xxx.xxx.xxx.xxx:3389) i get the same result. Inside however it works.
So from the inside try with xxx.xxx.xxx.xxx:3389.
If this doesn't work from the inside it means you're not really listening on 3389, but on the default port 389. If this works on the inside but not on the outside, then the problem should be your firewall.

Author

Commented:
Works on the inside. Must be the router. I'm currently updating the firmware. Anything else it could be?
I'm sorry, I mistyped the port. 3389 is the default. I don't think so, unless you have some weird firewall rule. Which OS are you running on the machine?
@amenezes "the default port 389"

The default port for RDP is 3389.

Author

Commented:
Yeah I knew what you meant. I tried 3389. Works inside but not outside. It's running XP Pro.
I would check the windows firewall just in case, make sure it's turned off all the way. I still think it's probably your router/firewall, but there's always a change it's the windows firewall too. From the outside you can also try a telnet xxx.xxx.xxx.xxx 3389 to see if it answers.
Commented:
If it works on the inside, but not outside it's most likely your router blocking the traffic because of a firewall rule or incorrect port forwarding rule. It is also possible (but unlikely) that the server doesn't have the correct default route back to the internet - easy to check, if the server has internet access it's fine....

Author

Commented:
@bedind I'm wondering if you have a point about the default route back to the internet on the server. Are you referring to the server that hands out the DHCP addresses, or the computer that we're trying to connect to through RDP? It has a static IP set on it.
Can you get to the internet from the machine that you're trying to connec to?

Author

Commented:
yes

Author

Commented:
I wonder if the router is pooched
Can you telnet to port 3389 from the outside? Why don't you remove and re-add the rule? Or try rebooting the router?

Author

Commented:
I'm not able to telnet to the IP on port 3389 or any port. I've re-added the rule, updated the firmware and rebooted the router. Strange...
Yeah, then your firewall is blocking it. Is your rule limiting the "from" range? If so, try opening it up to everyone just to test. As in from "any". I am not recommending you leave it like that, just as a troubleshooting step.

Commented:
thought of a third-party app like TeamViewer?  TeamViewer

Author

Commented:
Here's a screenshot of the port forwarding rule.
PortForwarding.JPG
Looks pretty straight forward to me, the only thing I can think of is that if in one of those "Applications" drop down they offer a built in one for terminal services, or soemthing like that that you could try.
So I just changed the static IP on the host machine to another IP and it connects?????? Wierd
Do you have another machine iwth that IP maybe? THat is strange...
Duplicate ip is possible, but you probably would have seen an error.

I was going to suggest looking at the xp firewall.  That can be configured to only allow local subnet access, and maybe that was set, vs the "from anywhere" setting that I think is the default.  But if it's working now, I'm not sure that theory holds.

I would suggest changing your rdp port to something non-standard, for more security. Side note...

Commented:
Hi,

When you are trying the RD from the outside you are using the PUBLIC IP, right?

If you are only opening and forwarding ports on you router, you should be able to connect from the outside using the public IP.

Hope this helps
That is a great point, sometimes we assume the most obvious points...I think he got it working though.

Author

Commented:
I changed the static IP on the machine and it worked - could have been a duplicate IP I suppose.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial