Allowing multiple users to connect to multiple desktops

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I configured and got remote access to work for connecting myself to my office
computer. I conigured our router to forward port 3389 to my office's
internal IP address. Question being, how do I let others at my office do
the same. Do I forward port 3389 to their IP address at the same time? That
doesn't seem right to me. Or should I forward different port numbers to
their respective IP's? If so, what port numbers? Does it make a difference
which ports? Pleaes advise.
 
There are various strategies available...Not in any particular order...

* You could setup a VPN and tunnel all of your RDP requests through that.

http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

Do you run any type of server on your network now?

An alternative to the above is to use a VPN end-point router and have your
remote clients connect to that. Here are some examples of those...

http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
http://www.linksys.com/servlet/Sate...454480&pagename=Linksys/Common/VisitorWrapper

* Open multiple ports on the firewall to the different machines...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

* Use a SSH tunnel to access multiple machines through one hole in the
firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
use a 2048-bit RSA private/public key pair for authentication...

http://sshwindows.sourceforge.net/
http://www.bitvise.com/tunnelier.html

How I did that with PuTTY...

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

* Use this SSL-VPN solution...This is very easy to setup and use...

http://3sp.com/showSslExplorer.do
http://www.broadbandreports.com/forum/remark,13775231

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Thank you for the reply.

We use a pier-to-pier network for our small company. No server per se.

We have a netgear router. The link you send about opening other ports was
based on a linksys router and it references "Redirected Port" and "Listening
Port". On the Netgear, it has "Start Port" and "End Port" in the port
forwarding configuration. Are those the same?

FWS
 
Also, since we aren't running a server, can we create the VPN without any
additional equipment/software? Just create the connection like the second
link shows? Once you establish the VPN connection, you then create the
Remote Desktop connection? Using the local IP address since you're alaready
connected? Does using the VPN connection still require forwarding port 3389?

Thanks for your help.

FWS
 
FWS said:
We have a netgear router. The link you send about opening other
ports was based on a linksys router and it references "Redirected
Port" and "Listening Port". On the Netgear, it has "Start Port" and
"End Port" in the port forwarding configuration. Are those the same?
Click to expand...

No. "Start Port" and "End Port" refer to the numbers at the start and end of
a range of redirected ports. In your case, you will wish to redirect only
one port per local PC, so the start and end port numbers will be the same.
 
The downside with the XP PPTP VPN server is that you can only have one
incoming connection at a time. That's why I like either the SSH or SSL-VPN
solution if your not going to run a W2003 VPN server.

In the case of SSH you only need TCP Port 22 open. All incoming connections
go through that and each user can access her/his PC via the SSH tunnel. The
same with the SSL-VPN solution. In that case you only need TCP Port 443 open
to the server PC.

You would not need TCP Port 3389 open if you use either SSH, the SSL-VPN or
a W2003 VPN solution. All traffic goes through the tunnel...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Then I what do I do with the "redirected port" and "listening port"....I
don't see those entries in my Netgear configurations........ Please advise.

FWS
 
If your router does not support port redirection you can use the second
method described where you change the listening port on each PC to something
other than the default. Then setup your router as described.

Or...use the SSH or SSL-VPN method...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
FWS said:
Then I what do I do with the "redirected port" and "listening
port"....I don't see those entries in my Netgear
configurations........
Click to expand...

Consult your Netgear manual. Doing port translation might or might not be
supported. For instance, it is not supported on the normal Linksys
configuration. With Linksys, it is only supported on UPnP port-forwarding.
 
FWS,

The really, really simple answer to your question is:

1. forward TCPIP from router to your PCs as follows:
3389 to pc 1
3390 to pc 2
3391 to pc 3
All at the router level

2. Then I use XP's advanced firewall settings to change the UPnP routing on
each client to tell it that 339x is 3389 on the machine. Note: if your
router supports UPnP, then step 1 is redundant.
3. And then I make sure 3389 is allowed on the firewall of each PC


Then each person can log in using the standard client with the following
convention:
your routers wan ip address:33xx

I use this all the time in a small office environment. But I use a
different block of ports so as to avoid hacker curiosity.

If you are just trying to allow yourself access to multiple machines (rather
than many:many), you can try this:
1. set up remote adminstration of your router to an obscure port
2. set up 3389 to forward to a target PC
3. log in to router first, enable the forward
4. log into remote PC
5. When finished, log back into router and turn off the forward
With this method, you don't have to add a bunch of funky forwards to the
router, nor funky upnp forwards. Works for me.
 
Back
Top