|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Need advice with Remote Desktop ConnectionDesktop Connection from a remote location yet it works just fine between computers on my LAN. Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS) running on a LAN with a Linksys BEFSR41 router. Let’s assume the internal address of one of my computers is 192.168.1.123. For this computer, I have the “Remote Desktop” box checked in both Windows Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t things now work from a remote location, what am I missing? I should also point out that I have no problems accessing my WHS server from a remote location. When I make a connection to this server I can view all my LAN computers. Thanks in advance Jim <jrwo***@comcast.net> wrote:
Show quoteHide quote > I would greatly appreciate some advice on why I cannot achieve a In the Windows Firewall, is RDP allowed from any subnet (*)?> Remote Desktop Connection from a remote location yet it works just > fine between computers on my LAN. > > > > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS) > running on a LAN with a Linksys BEFSR41 router. > > > > Let’s assume the internal address of one of my computers is > 192.168.1.123. For this computer, I have the “Remote Desktop” box > checked in both Windows Firewall Exceptions and Advanced sections > (TCP port 3389). I’m also port forwarding 3389 for address > 192.168.1.123 in the Linksys router. Shouldn’t things now work from a > remote location, what am I missing? > > > I should also point out that I have no problems accessing my WHS > server from a remote location. When I make a connection to this > server I can view all my LAN computers. > > > > Thanks in advance Does your ISP block ports? Are you sure you're using the correct public IP? (I suggest using something like www.dyndns.com or www.no-ip.com if you have a dynamic public IP). Hi
In principle you did that correct configuration. Make sure that port 3389 is Only Used (opened) by 192.168.1.123. A specific port can be used only by One computer, if you need more computers available to Outside Remote you need to change the ports so that each one has a unique port. Here how-to, http://support.microsoft.com/kb/306759 Software Firewalls on computers blocks ports too, make sure that the ports are forwarded correctly through the Software Firewalls as well. Jack (MS, MVP-Networking) Show quoteHide quote "Jim" <jrwo***@comcast.net> wrote in message news:e5qccMW$JHA.1488@TK2MSFTNGP03.phx.gbl... >I would greatly appreciate some advice on why I cannot achieve a Remote >Desktop Connection from a remote location yet it works just fine between >computers on my LAN. > > > > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS) > running on a LAN with a Linksys BEFSR41 router. > > > > Let’s assume the internal address of one of my computers is 192.168.1.123. > For this computer, I have the “Remote Desktop” box checked in both Windows > Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port > forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t > things now work from a remote location, what am I missing? > > > > I should also point out that I have no problems accessing my WHS server > from a remote location. When I make a connection to this server I can view > all my LAN computers. > > > > Thanks in advance > > > > Hi
There are here tow parallel processes. If you need to change the port of the RDT on a computer you follow the Microsoft page that I pointed to (it is nothing to do with the Router, and it does entails change in the registry). Once the port scheme is established, you have to open the correct ports toward the corresponded computers through the Router. This page ( pass the middle) describes how to so it with another type of Remote Control program. The same principle applies to RDT. http://www.ezlan.net/vnc.html Jack (MS, MVP-Networking). Show quoteHide quote "Jack [MVP-Networking]" <j***@discussiongroup.com> wrote in message news:eSdEnHa$JHA.1340@TK2MSFTNGP05.phx.gbl... > Hi > In principle you did that correct configuration. > Make sure that port 3389 is Only Used (opened) by 192.168.1.123. > A specific port can be used only by One computer, if you need more > computers available to Outside Remote you need to change the ports so that > each one has a unique port. > Here how-to, http://support.microsoft.com/kb/306759 > Software Firewalls on computers blocks ports too, make sure that the ports > are forwarded correctly through the Software Firewalls as well. > Jack (MS, MVP-Networking) > > "Jim" <jrwo***@comcast.net> wrote in message > news:e5qccMW$JHA.1488@TK2MSFTNGP03.phx.gbl... >>I would greatly appreciate some advice on why I cannot achieve a Remote >>Desktop Connection from a remote location yet it works just fine between >>computers on my LAN. >> >> >> >> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS) >> running on a LAN with a Linksys BEFSR41 router. >> >> >> >> Let’s assume the internal address of one of my computers is >> 192.168.1.123. For this computer, I have the “Remote Desktop” box checked >> in both Windows Firewall Exceptions and Advanced sections (TCP port >> 3389). I’m also port forwarding 3389 for address 192.168.1.123 in the >> Linksys router. Shouldn’t things now work from a remote location, what am >> I missing? >> >> >> >> I should also point out that I have no problems accessing my WHS server >> from a remote location. When I make a connection to this server I can >> view all my LAN computers. >> >> >> >> Thanks in advance >> >> >> >> > Thanks to all who replied.
Let me first review - No problem doing a Remote Desktop Computer (RDC) from within my LAN using either the computers internal IP address or its name. However, doing this same thing on an external XP Pro computer does not seem work. I'm also not sure I understand how the external RDC computer understands an address such as 192.168.1.xxx. The problem seems to be that my remote port 3389 is being blocked external but how/why, is it because of the Windows firewall, my router, or by my ISP? How can I test this? I also understand that I can only use port 3389 on one of my LAN computer and that I will have to edit my XP register to change port 3389 to something else for the other computers - is this correct? If so, must I then make the appropriate changes in there Windows firewall as well as my router? What about HTTP port 80, must it be on? I would certainly appreciate any follow-up advice, keeping in mind I'm not an expert in this area. Jim Show quoteHide quote "Jim" <jrwo***@comcast.net> wrote in message news:e5qccMW$JHA.1488@TK2MSFTNGP03.phx.gbl... >I would greatly appreciate some advice on why I cannot achieve a Remote >Desktop Connection from a remote location yet it works just fine between >computers on my LAN. > > > > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS) > running on a LAN with a Linksys BEFSR41 router. > > > > Let's assume the internal address of one of my computers is 192.168.1.123. > For this computer, I have the "Remote Desktop" box checked in both Windows > Firewall Exceptions and Advanced sections (TCP port 3389). I'm also port > forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn't > things now work from a remote location, what am I missing? > > > > I should also point out that I have no problems accessing my WHS server > from a remote location. When I make a connection to this server I can view > all my LAN computers. > > > > Thanks in advance > > > > Jim wrote:
> Let me first review - No problem doing a Remote Desktop Computer (RDC) It doesn't. That's why you forward ports. Traffic comes in from the outside> from within my LAN using either the computers internal IP address or its > name. However, doing this same thing on an external XP Pro computer does > not seem work. I'm also not sure I understand how the external RDC > computer understands an address such as 192.168.1.xxx. over specific ports for the remote connection. That connection can only be made to a public IP address. The router (which gets its public IP address on the WAN side from the ISP) turns around and forwards any traffic over those specific ports to the private IP address of a designated computer. This is why it is easiest to do this when you have a static public IP address. You have to pay your ISP extra for this or have a business account with them that comes with a number of static IP addresses. The alternative for people who have dynamic IP addresses is to use a service like the one from DynDNS.com. > The problem seems to be that my remote port 3389 is being blocked external The port is configured on the router, not the computer.> but how/why, is it because of the Windows firewall, my router, or by my > ISP? How can I test this? > I also understand that I can only use port 3389 on one of my LAN computer No, this is not correct. You don't have to do anything in the registry. You> and that I will have to edit my XP register to change port 3389 to > something else for the other computers - is this correct? If so, must I > then make the appropriate changes in there Windows firewall as well as my > router? What about HTTP port 80, must it be on? do port forwarding on the *router*. You set a static private IP address on the computer that is the target for remote control. You set the IP address on a computer by going to Control Panel>Network Connections and then right-click on the Local Area Connection for the network adapter involved (probably your ethernet card). Left-click on Properties. Double-click the entry for TCP/IP and change the IP address from "obtain automatically" to a specific address on the LAN outside of the router's DHCP range. Example: If the router assigns IP addresses from 192.168.1.100 to 192.168.1.150, use a static IP address for that computer of something like 192.168.1.170. Of course you also have to set the target computer's firewall to allow remote desktop connections and/or the software that you're using to do this (if not using the native XP software and are using something like pcAnywhere or one of the VNC flavors). Malke Malke,
Thanks for you detailed response, I just hope I understand. I've now set the static private IP address on my "target" computer to 192.168.1.170 which is outside of the routers assignments of 192.168.1.100 to 150 In my router, I've forwarded port 3389 to 192.168.1.170. My ISP is Comcast and my public IP address is usually fixed If I follow you correctly, when I bring up "Remote Desktop Connection" on my son's XP Pro computer, I enter my public static address? Expect to try this later today. Jim Show quoteHide quote "Malke" <malke@invalid.invalid> wrote in message news:emSKh%23i$JHA.5092@TK2MSFTNGP03.phx.gbl... > Jim wrote: > > >> Let me first review - No problem doing a Remote Desktop Computer (RDC) >> from within my LAN using either the computers internal IP address or its >> name. However, doing this same thing on an external XP Pro computer does >> not seem work. I'm also not sure I understand how the external RDC >> computer understands an address such as 192.168.1.xxx. > > It doesn't. That's why you forward ports. Traffic comes in from the > outside > over specific ports for the remote connection. That connection can only be > made to a public IP address. The router (which gets its public IP address > on the WAN side from the ISP) turns around and forwards any traffic over > those specific ports to the private IP address of a designated computer. > This is why it is easiest to do this when you have a static public IP > address. You have to pay your ISP extra for this or have a business > account > with them that comes with a number of static IP addresses. The alternative > for people who have dynamic IP addresses is to use a service like the one > from DynDNS.com. > >> The problem seems to be that my remote port 3389 is being blocked >> external >> but how/why, is it because of the Windows firewall, my router, or by my >> ISP? How can I test this? > > The port is configured on the router, not the computer. > >> I also understand that I can only use port 3389 on one of my LAN computer >> and that I will have to edit my XP register to change port 3389 to >> something else for the other computers - is this correct? If so, must I >> then make the appropriate changes in there Windows firewall as well as my >> router? What about HTTP port 80, must it be on? > > No, this is not correct. You don't have to do anything in the registry. > You > do port forwarding on the *router*. You set a static private IP address on > the computer that is the target for remote control. You set the IP address > on a computer by going to Control Panel>Network Connections and then > right-click on the Local Area Connection for the network adapter involved > (probably your ethernet card). Left-click on Properties. Double-click the > entry for TCP/IP and change the IP address from "obtain automatically" to > a > specific address on the LAN outside of the router's DHCP range. > > Example: If the router assigns IP addresses from 192.168.1.100 to > 192.168.1.150, use a static IP address for that computer of something like > 192.168.1.170. > > Of course you also have to set the target computer's firewall to allow > remote desktop connections and/or the software that you're using to do > this > (if not using the native XP software and are using something like > pcAnywhere or one of the VNC flavors). > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > http://www.elephantboycomputers.com/#FAQ > jim wrote:
> Malke, Did you check this on the router? I was just giving you examples. > > Thanks for you detailed response, I just hope I understand. > I've now set the static private IP address on my "target" computer to > 192.168.1.170 which is outside of the routers assignments of 192.168.1.100 > to 150 > In my router, I've forwarded port 3389 to 192.168.1.170. That's fine although Comcast does give you a dynamic IP address. It tends> My ISP is Comcast and my public IP address is usually fixed not to change much but it can so you might want to look at DynDns.com's services. > If I follow you correctly, when I bring up "Remote Desktop Connection" on Yes. When you are at your son's house you aren't on your own LAN. You need> my son's XP Pro computer, I enter my public static address? Expect to try > this later today. to connect to the public IP address (which you would have gotten before leaving home and written down). Don't forget that the firewalls on both machines must have exceptions set to allow this traffic. If you have a more elaborate router it might come with its own firewall too, so make sure you check in its configuration before you leave home. BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer to support family and friends but the free version needs both parties to be involved. The professional version is very expensive. I don't think LogMeIn requires this but I don't know if you have to pay for it. With services like LogMeIn you are actually connecting through *their* server so you don't need to mess about with port forwarding, static IPs, knowing your public IP and whether it has changed, etc. If you're going to want to do this a lot, it might be easier. https://secure.logmein.com/solutions/homeuser/personal/ Malke Hi Malke,
Won't get to my son's till tomorrow to try this, will let you know the results. I did have my internal IP address set to 192.168.1.060 on the target PC but changed it to 192.168.1.170 per your example. Then changed the port forwarding for ...170 in my Linksys router. Yes I did look at LogMeIn some time ago, maybe I'll consider it again if this doesn't work. Must double check both firewalls. Thanks again Jim Show quoteHide quote "Malke" <malke@invalid.invalid> wrote in message news:u03q1ll$JHA.5780@TK2MSFTNGP03.phx.gbl... > jim wrote: > >> Malke, >> >> Thanks for you detailed response, I just hope I understand. >> I've now set the static private IP address on my "target" computer to >> 192.168.1.170 which is outside of the routers assignments of >> 192.168.1.100 >> to 150 > > Did you check this on the router? I was just giving you examples. > >> In my router, I've forwarded port 3389 to 192.168.1.170. >> My ISP is Comcast and my public IP address is usually fixed > > That's fine although Comcast does give you a dynamic IP address. It tends > not to change much but it can so you might want to look at DynDns.com's > services. > >> If I follow you correctly, when I bring up "Remote Desktop Connection" on >> my son's XP Pro computer, I enter my public static address? Expect to try >> this later today. > > Yes. When you are at your son's house you aren't on your own LAN. You need > to connect to the public IP address (which you would have gotten before > leaving home and written down). > > Don't forget that the firewalls on both machines must have exceptions set > to > allow this traffic. If you have a more elaborate router it might come with > its own firewall too, so make sure you check in its configuration before > you leave home. > > BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer > to support family and friends but the free version needs both parties to > be > involved. The professional version is very expensive. I don't think > LogMeIn > requires this but I don't know if you have to pay for it. With services > like LogMeIn you are actually connecting through *their* server so you > don't need to mess about with port forwarding, static IPs, knowing your > public IP and whether it has changed, etc. If you're going to want to do > this a lot, it might be easier. > > https://secure.logmein.com/solutions/homeuser/personal/ > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > http://www.elephantboycomputers.com/#FAQ > Malke,
Unfortunately I was not able to do a Remote Desktop Connection from my son's PC, the connection just timed out. No luck even if I diabled the my son's Windows firewall. I really don't understand this, any other suggestions!! However, I have no problems connecting to my Windows Home Server. WHS gives me full remote access to all my LAN computers, just like RDC. The main reason I wanted Remote Desktop to work is because there is an iPhone application which is supposed to "simulate" Windows Remote Desktop. This would then be a way to access my home computer via my iPhone. Jim Show quoteHide quote "Malke" <malke@invalid.invalid> wrote in message news:u03q1ll$JHA.5780@TK2MSFTNGP03.phx.gbl... > jim wrote: > >> Malke, >> >> Thanks for you detailed response, I just hope I understand. >> I've now set the static private IP address on my "target" computer to >> 192.168.1.170 which is outside of the routers assignments of >> 192.168.1.100 >> to 150 > > Did you check this on the router? I was just giving you examples. > >> In my router, I've forwarded port 3389 to 192.168.1.170. >> My ISP is Comcast and my public IP address is usually fixed > > That's fine although Comcast does give you a dynamic IP address. It tends > not to change much but it can so you might want to look at DynDns.com's > services. > >> If I follow you correctly, when I bring up "Remote Desktop Connection" on >> my son's XP Pro computer, I enter my public static address? Expect to try >> this later today. > > Yes. When you are at your son's house you aren't on your own LAN. You need > to connect to the public IP address (which you would have gotten before > leaving home and written down). > > Don't forget that the firewalls on both machines must have exceptions set > to > allow this traffic. If you have a more elaborate router it might come with > its own firewall too, so make sure you check in its configuration before > you leave home. > > BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer > to support family and friends but the free version needs both parties to > be > involved. The professional version is very expensive. I don't think > LogMeIn > requires this but I don't know if you have to pay for it. With services > like LogMeIn you are actually connecting through *their* server so you > don't need to mess about with port forwarding, static IPs, knowing your > public IP and whether it has changed, etc. If you're going to want to do > this a lot, it might be easier. > > https://secure.logmein.com/solutions/homeuser/personal/ > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > http://www.elephantboycomputers.com/#FAQ >  
Other interesting topics
Workgroup network -- I want to bypass the "Enter Network Password" dialog.
TCP/IPv6 on XP? Newbee VPN question UNC using IP address Need help on this ehternet connection!! new DSL, exception processing message Multiple Gateways Can you run 100 Kb and 1000 Kb on the same network? why does router require reboot. Strange network connection issue |
|||||||||||||||||||||||
