Solved

RDP 3389 Through Comcast to WirelessRouter to PC

Posted on 2014-03-04
11
3,270 Views
Last Modified: 2014-03-18
I need to know a silly question with Comcast Router and the clients network:  Comcast Router has a static IP address.  I have access to getting to the Comcast router.

Since Comcast also does DHCP to the internal wireless router and the router picks up that address and then the PC.  

I want to remote in to PC thru Static IP and RDP.

So do I map IP to port 3389 all along the way.

Or do I do a straight thru with the comcast router making the Wireless Internal router carrier the IP and then Map ports to the PC...

Thanks
0
Comment
Question by:Clint Jones
11 Comments
 
LVL 5

Expert Comment

by:belowzerotech
Comment Utility
You should be port forwarding from comcast to internal router, then port forward from internal router to PC. Easier way might be to just have Comcast bridge their router and then you have only one device doing routing and thus control all your port forwarding from your one router to your hosts.
0
 

Expert Comment

by:eziemendorf
Comment Utility
If you are going to port forward then you will want to change your RDP port on the PC you are connecting to. In W7 that would be here: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber See this KB: http://support.microsoft.com/kb/306759
Once you have a custom port configured you can port forward from the Comcast router to the PC internal IP and custom port number.
This will allow you to connect remotely to multiple computers on the same LAN using RDP while you are external to the LAN. You would then just connect by opening an RDP session and enter [public IP address]:[custom port number] provided RDP is turned on for that PC and there is no firewall blocking it.
0
 
LVL 5

Accepted Solution

by:
belowzerotech earned 500 total points
Comment Utility
Well, you should not have to change the port in the registry. If you do PAT, you should be able to tell the router, for example, take port 55000 on *WAN IP* and translate it to port 3389 on IP 192.168.1.2 and then the same thing for 55001 to 3389 on 192.168.1.3 etc etc. Also what you can do is you can issue a netsh command to allow windows do its own port forwarding. For example

netsh interface portproxy add v4tov4 listenaddress=192.168.1.2 listenport=1100 connectport=3389 connectaddress=192.168.1.2

That will tell Windows to listen on port 1100 and any traffic that it receives on that port, forward it to port 3389.
0
 

Author Comment

by:Clint Jones
Comment Utility
I actually need to re-say the question.  The PC is directly connected to the router, I assigned it a static IP.  192.168.1.XXX.  In windows it set in system let remote and yes the port is 3389 the default in the PC

I went into the comcast router and in the firewall part and port forwarding... that 3389 should go to PC IP address.

Static external address with comcast. Still didn't let me in????
0
 
LVL 5

Expert Comment

by:belowzerotech
Comment Utility
The PC is directly connected to comcast router and you're port forwarding 3389 to that IP and it still won't let you in? I would make sure the PC is listening on port 3389 first. Try to telnet to it locally on port 3389 and see if it answers.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
You're almost there!
You need to do this.

In the Comcast router, you need to port forward to the router's WAN address and, for now, let's just say the same port you've chosen 3389.
So, traffic for port 3389 at the Comcast will become traffic for port 3389 at the router WAN.

In the router, you need to port forward port 3389 to the PC LAN address and some port #, let's say 3389 again.

After that you can make things better by using different port numbers, PAT, etc. depending on the resources in the applications that are available to you.

For example,
- you could come in from the outside to port "9999".
- You could port forward port 9999 in the Comcast to the IP address of the router at port "8888".
- You could port forward port 8888 in the router to the IP address of the PC at port 3389
.... all this in concept and depending on what you CAN do and WANT to do.  So, just for illustration of what some devices will allow.
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
I don't know if it has already been stated in the previous comments, but have you checked to see if the windows firewall is allowing RDP, may want to just disable it till you get connectivity. Then configure it to allow 3389.
0
 

Author Comment

by:Clint Jones
Comment Utility
I got it to work on my own. It seems the comast router was showing the "Port Forward" Rule I had created but was not truly implementing it.

However, reading the posts and comments.  I believe my way is not the most secured way!!!

@belowzerotech
 take port 55000 on *WAN IP* and translate it to port 3389 on IP 192.168.1.2

Are we translating the ports since 3389 is the MS Default RDP port which is hackable. By doing the above comment you made about translating ports???  Security reason so the outside port is something hard to determine as in 55000 and then its safe open as 3389 in the internal network???
0
 
LVL 5

Expert Comment

by:belowzerotech
Comment Utility
yes, that and if you only have 1 WAN IP or don't want to burn them just for remote desktop, it makes it obscure so that you don't have people hammering you on port 3389, and it allows you to have multiple PC's on one IP if you use other ports, each port you map on the outside, for example 55000 maps to pc-1 on port 3389, 55001 maps to pc-2 on port 3389. That way it gives you the ability to rdp internally via hostname if you have active directory and NOT change the windows registry. In any case, glad you got it solved.
0
 

Author Comment

by:Clint Jones
Comment Utility
I figure it out the router was not actually taking the Port FOrwarding entries. Had to replace and fix it.  Thanks for everyones input. Clint
0
 

Author Closing Comment

by:Clint Jones
Comment Utility
Thanks for this extra input:

netsh interface portproxy add v4tov4 listenaddress=192.168.1.2 listenport=1100 connectport=3389 connectaddress=192.168.1.2
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Configure WPAD via DNS 3 50
DirectAccess only works one way 3 52
Iptables and mirroring ports 4 42
Backup DHCP Server 8 67
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now