spectacular1 Posted September 22, 2009 Posted September 22, 2009 (edited) HiI was hoping someone would be able to help me out please as I have been struggling on this problem for over a year - yes you heard it correct over a year The problem I have is I’m trying to get windows remote desktop to work externally (I know there are people who keep telling me to use logmein/teamviewer but I don’t really want to use anything but remote desktop for some other reasons). I have remote desktop working in my house, I tested the home PC with my laptop and it worked (even though It took me absolutely ages as I had to narrow down the problem to mcafee firewall so now I have enabled remote desktop port 3389 in Mcafee). When I go out of town to my sisters house and I try to log onto my home computer It’s not letting me on for some reason, my knowledge of computers is not that great so please be gentle with me.Both of the computers are XP Professional SP3, and my computer/laptop at home is behind a netgear router (In Netgear I went on to remote management and changed the port from 8080 to 3389).Now when I’m at my sisters house and I open remote desktop I enter http:// but again I can only see the router interface.If I’m doing something which is really stupid then I’m sorry its just I don’t have that much knowledge of computers I have disabled my windows firewall.Please help me, I will be forever grateful as I’m loosing the will to live. Edited September 24, 2009 by spectacular1
Mr Snrub Posted September 22, 2009 Posted September 22, 2009 You have just changed the port that the router's own administration is done by, and also allowed external changes to your router (if you have a default or trivial password on your router admin page, it can now be trashed).First, disable the external administration option in your router config, you do NOT want that.Second, restore it to its default port, 8080 (or at least something that is not the port used by RDP).Third, look at port forwarding in the router administration - you should have an option to forwarding incoming connections on the public side of the router on TCP port 3389 to a specific IP address (also on TCP port 3389), this specific IP address wants to be the one on your XP SP3 machine you want to RDP to.You can probably set a DHCP reservation for your XP SP3 machine in the router configuration too, so it always gets the same IP address even though its being acquired "dynamically" - this will make sure the port forward doesn't break in the future if the machine is offline for a while and its DHCP lease expires.
spectacular1 Posted September 23, 2009 Author Posted September 23, 2009 Hi – I have an update.I know I had two options available regarding my ip address so I could either change it from dhcp to static or get my router to reserve my ip address. I thought I would leave this option for later as I would prefer to get the rdp working before I worry about the ip address.So I reverted back to 8080 on my router and on the router interface I went into port forwarding and created a new service, I named it, left the service type as TCP/UDP, inserted 3389 as the starting port and the ending port and then changed the server IP address as my ip address on my XP Pro SP3.So I have the port forwarding working now what do I do on my sisters computer? Do I open up remote desktop on her computer or do it via internet explorer? What do I enter? Do I enter the Ip address or the computer name? How do I enter it? Do I enter the netgear ip address first and then my computer ip address? For example XXX.XXX.XXX.XXX/192.168.1.5I have vnc server running on my xp Pro Sp3 computer if that helps, do I use the ip address on my computer or the ip address vnc server has? Thanks again for all your help
Mr Snrub Posted September 23, 2009 Posted September 23, 2009 And you disabled the "allow remote administration of this router" option in the router config page yes?That is the most important thing to put back to its default (OFF) as you do not want people reconfiguring your router!Okay, the clients have private "non-routable" IP addresses so you can't use them through NAT, any communication IN to your network will use the PUBLIC IP address on the dirty side of the router, and port forwarding takes care of forwarding the packets onto the correct client on the private side.Your clients are not registered anywhere with DNS, so clients outside of your private network will not have any way of reaching it by name - from a remote site you want to use the Remote Desktop Client to connect to the public IP address of your router, the rest is automagically taken care of.You can find out your public IP address through the router status page - it will NOT start with 192, this is the router's internal address (most likely 192.168.0.1).
spectacular1 Posted September 23, 2009 Author Posted September 23, 2009 Hi,Did you mean 'Turn Remote Management OFF' if that is what you meant then that is what I have turned off. Thanks for clarifying the public IP part, the only confusion I have is which ip address do I use? Is it the ip address of the router or the ip address I get from using ipchicken.comI think its the latter but please confirm.
Mr Snrub Posted September 23, 2009 Posted September 23, 2009 Did you mean 'Turn Remote Management OFF' if that is what you meant then that is what I have turned off.Yes, and good Thanks for clarifying the public IP part, the only confusion I have is which ip address do I use? Is it the ip address of the router or the ip address I get from using ipchicken.comI think its the latter but please confirm.One and the same - the public IP address obtained by your router is the one displayed when you visit http://ipchicken.com.
spectacular1 Posted September 24, 2009 Author Posted September 24, 2009 (edited) Omg you’re a freaking genius I got on without any problems, now the only other issue I have is the IP address. Ever since last night my laptop has latched on to the ip address that was ‘suppose’ to be the XP pro sp3 ip address and what keeps happening is my pc keeps dropping the wireless and reconnecting after every few minutes, is this because of the ip address? When I went on to port forwarding yesterday I assigned the ip address from the pc in port forwarding but now that ip address is given to the laptop so how would I go about doing this so the ip address can only be accessed by that pc?The model of my netgear router is WGR614V9 and on the left I tried to see some option of reserving an ip address but couldn’t find anything, I would choose the reserving the ip address rather than the static ip address because I was having trouble yesterday trying to set up static (I got to the dns server part but when I ran ip config / all it was the same as the ip address of the router but in the tutorial it said it should be some different numbers, when I logged on my router it says the dns is assigned automatically) and also there are quite a few laptops on our network and asking them all if I can mess around this their laptops will cause a few problems.Finally can someone tell me how secure rdp is? If someone gets my ip address and then hacks my password am I in a lot of trouble Can I do anything to make it even more secure? Edited September 24, 2009 by spectacular1
Mr Snrub Posted September 24, 2009 Posted September 24, 2009 If you have 2 clients that have issues with colliding DHCP leases then things like this can happen, yes.You can use the following command to manuall realease all your IP address leases on the client:IPCONFIG /RELEASE *and then this command to renew them:IPCONFIG /RENEWDHCP reservation basically associated a hardware MAC address with a logical IP address, so that a particular machine will always be given the same IP address, and that address will never be given to other clients.I found this from an Internet search for "WGR614V9 dhcp reservation", which might answer your question:http://documentation.netgear.com/wgr614v9/...14v9-06-06.htmlUsing DHCP reservations to statically assign IP addresses for machines is smarter than configuring it on the client end, as moving the network adapter to a different port will require a reconfiguration - those using USB adapters and static IPs will have encountered this pain - and it rules out the possibility of statically assigning the same address twice.RDP is encrypted by default, and it is more likely to be a denial of service rather than a successful intrusion that you get over TCP port 3389.If it's a concern then you can change the external listening port to something else (but keep it above 1023), but leave the forwarded destination port as 3389.To connect to the client from the outside, you would need to add ":port" to the address entered.e.g. if your public IP address was 1.2.3.4 and you pick port 5555 to listen on externally, you remotely connect to 1.2.3.4:5555To connect to the client from the INside, you don't need to do anything special as the router isn't involved and you didn't change the default listening port for Remote Desktop on the client.
Nolo Posted September 24, 2009 Posted September 24, 2009 (edited) Hi just few hints about remote connection to simplify your life1) If the Routers IP are dinamically assigned from your internet provider, you can use a free dinamic DNS service. example: w*w.dyndns.com 2) If the private IP for your PC's are assigned dinamically from your router it is a good idea to assign them statically or at list to use a reservation option if your router have it.3) If you need to improve the security a good way could be implementing a SSH server and a ssh tunnel example w*w.bitvise.com/winsshd with this solution you can redirect all the ports and services through a secure tunnel regardsnolo Edited September 24, 2009 by Nolo
spectacular1 Posted September 24, 2009 Author Posted September 24, 2009 (edited) Hi NoloSorry but what do you mean when you say dynamically assigned? In my router options I can see an option if dynamically assigning it using w*w.dyndns.com but I dont know what it means.Mr Snrub I dont know which option on the left lets me add the ip address Ive been through all of them and I dont know which one it is. please help. Ive attached a screen shot of my router interface.Nolo Edit* If it helps with the dynamically part when I set up my router it checks the isp settings and says we have dhcp and not static. Edited September 24, 2009 by spectacular1
Mr Snrub Posted September 24, 2009 Posted September 24, 2009 Assuming the documentation is up to date:Here is the start of chapter 4 : Customizing your network settingsFrom there you can go into Using the LAN IP Setup OptionsAt the bottom of this screenshot I can see the Address Reservation tableThere, you can see the Add button which was referred to in the other page here - you enter the IP address to reserve, a name for the entry and the MAC address of the client which should receive that IP address.
Nolo Posted September 24, 2009 Posted September 24, 2009 (edited) 1) Dynamically mean that your internet provider assign to your router the first free public IP from a group of hundreds or thousand.So every time you reset o switch off the router, the IP assigned will be different. From the outside this is a problem, it is a problem from a external computer to reach your router because the only information it need is that IP address that we said dynamically assigned (by the time change always)For this reason there are site like that one I mentioned that offer a FREE home dynamic DNS service (your router use dyndns.org)what you need to do is to create a new account in one of these sites (username e password) and choose a free personal domain name, you can create your own name from a list they provide and personalize it....... for example http:\\yourname_something@dyndns.orgThe second step is to configure your router (If this service is provided). with the username, password and your domain name + the domain name of the site where you register this service put all these information into the DynDns.org page of your Netgear router. From this moment everytime you need to reach your router (from outside of course) insted of using the IP address that could be changed you just need to put your domain name created (http:\\yourname_something@dyndns.org). And everytime you will ping on http:\\yourname_something@dyndns.org from the outside you will recieve as answer the pubblic IP address of your router assigned from the Internet providerThis happen because since you start the dyndns service into your router, your router start to pull the information about It's pubblic IP to the dyndns.org pubblic DNS's. They Update in real time the information provided by your router so that you can always track which IP address is assigned to your router.You can even create your personal web server, ftp server, directly on your home PC and after reach all of them from every part of the world Edited September 24, 2009 by Nolo
Nolo Posted September 24, 2009 Posted September 24, 2009 (edited) Now the internal part of the problem.....The router provide a service called DHCP (in your router is called LAN setup). This service is more or less like the service provided by your internet provider. It assign dynamically different private IP addresses to your internal PC's every time they are connect trough the router (LAN ports).The problem with this service just in your case (connecting to a PC inside the lan from the outside) is the following:Every time you need to contact that particular PC from the outside you need to ask permission to your router (router block you by default because the NAT service and or the firewall) NAT stand for Network address translation. (port forwarding)So to bypass this problem you simply create a Firewall/NAT rule.that rule tell to your router: "Every time there is a request from the outside from whatever IP address, asking to pass through protocol RDP and port 3389 let it pass and REDIRECT that request TO THE INTERNAL PC that is listening for that request and THAT HAVE A SPECIFIC IP ADDRESS (that IP you previously chosen to match the firewall rule) .And here is the problem: if your router dynamically (trough the DHCP service) assign a random IP address at THAT COMPUTER could be that the IP assigned is different from that one chosen in the firewall rule. For this reason this time the firewall rule is unheard.In this case to remedy at this problem you need to tell your router to assign always that specific IP address at that specific PC (this is assured by an option called IP reservation that your router can have or NOT)if not you need to statically and manually assign the IP address, netmask, gateway and DNS to that PC (as said the PC must have always the same IP to match the firewall rule)....The first thing to do is to create the Firewall rule.Something like this:Service name --------------- Action ---------------- IP address LAN ---------------- WAN IP --------------- LOGRDP or whatever------------ Allow always--------- 192.168.xxx.xxx---------------- Any------------------- whateverNow that IP 192.168.xxx.xxx should be the IP address of the internal PC that you need to reach from the outside Edited September 24, 2009 by Nolo
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now