Open port 3389

  • Thread starter Thread starter Adam Hicks
  • Start date Start date
A

Adam Hicks

How can I open up this port so my Terminal Services will
work. I can connect to the server as long as I'm hooked
up to the network but I would like to be able to connect
from home to the office. Windows 2k server and windows XP
machines. There is a pix 506e firewall setup. Please
help.

thanks in advance for the help

Adam Hicks
 
check your pix 506e firewall documentation. Do you have
port control within that device? That would be where you
would open the port, not anywhere in TS or Win2K
 
Good luck, I tried for two days to set that up on one of
those pix things. On a linksys, you put in the port
number, and the internal IP of the machine to go to, and
it works. On the pix it looked like you had to configure
many, many things just to do that.
 
Try this:

You will need to make sure your ip addresses for the pix are set correctly, similar to this:

ip address outside r.r.r.r s.s.s.s
ip address inside t.t.t.t u.u.u.u


with r.r.r.r being the ip# of the outside pix interface
with s.s.s.s being the subnet mask for the outside network
with t.t.t.t being the ip# of teh inside pix interface
with u.u.u.u being the subnet mask for teh inside network

then you will need to set a static map for the host inside your network

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

with x.x.x.x being the ip# assigned to be the external ip for the TS host
with y.y.y.y being the actual internal ip# of the TS host

Then you will need to open a conduit or hole in the firewall

conduit permit tcp host x.x.x.x eq 3389 host z.z.z.z

with x.x.x.x being the ip# assigned to be the external ip for the TS host
with z.z.z.z being the ip# of the client you wish to allow access to.

If you want ANY client to have access (I'd recommend against this) change the z.z.z.z # to "any" so it looks like this:

conduit permit tcp host x.x.x.x eq 3389 host any

If you are actually running Citrix you will need to also add this conduit for the Citrix Browser so your clients can connect to all the available Citrix servers if you are doing load balancing.

conduit permit tcp host x.x.x.x eq 1494 host z.z.z.z

You will need to do this for EACH TS or Citrix Server you need to be accessible.

Hope this helps,

Fred
 
Back
Top