Please explain in plain English

[Lou]

I have the same question as show below by another person,
but I don't understand the answer in the reply.

You need to use the public IP of the host, ie. the IP
assigned by your ISP. Keep in mind some ISPs
block TCP Port 80 (IIS)... If the host is behind a
firewall/NAT/router then both TCP Port 80 (IIS)
*AND* TCP Port 3389 (Remote Desktop) need to be forwarded
to the private LAN IP of the host machine.
If you can connect and get the web login screen simply
leave the server address field blank and hit
the connect button.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group
for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and
confers no rights...

message
news:[email protected]...

 

[Guest]

Just go to www.anonymizer.com from your home pc, click the
link for "Free Privacy Test" and it will return back the
IP address your PC is known by. That's the one you would
then connect to.

Don't be too concerned by all the security warnings that
the Privact Test might point out because they sell
security products, so it's in their best interest to point
out every little vulnerability.

 

[Bill Sanderson]

Doesn't work for my browser--requires ActiveX.

Better choice:

www.myip.com

 

[Bill Sanderson]

If you are having trouble with the remote features, Remote Desktop Web
access (accent on the WEB) is not the place to start--it is quite a bit more
complex--more places to go wrong, than straight Remote desktop.

Saying "I have the same problem as..." really doesn't work well as a problem
statement. It is much better to state the problem in your own words,
because that problem statement helps us assess your level of
experience/expertise, and thus helps us word the answer in a way more suited
to you.

So--you've got a computer at home which is set up for remote access. You've
installed IIS, and Remote Desktop Web access, as well.

The user you quoted doesn't specify if a router or firewall of any kind is
involved at the home location. If a router or firewall, including XP's ICF
firewall is involved, that router or firewall needs to forward unsolicited
incoming traffic on two ports: 80, TCP and 3389, TCP--to the XP machine
which has Remote Desktop and Remote Desktop Web access configured.

In addition, the ISP involved at the home location must not be blocking port
80, and, any ISP or corporate LAN involved at the remote (client, laptop,
etc) location must also not block or proxy port 80 or 3389, TCP.

So--there's quite a bit to go wrong here.

What IP address to use: at home, to go www.myip.com and that's your IP
address. If this address changes dynamically, you'll need further advice,
but for present testing purposes, just hope that address holds long enough
to get testing done!

Go to a remote location, ideally a "simple" one--next door, dialling out
with a modem from home, whatever. Have a machine which either has XP on it,
or which has downloaded or installed from the XP CD, the Remote Desktop
Client.

Connect to the Internet, then run Remote Desktop and put in the IP address
you found above. You should get a request for login name and password. The
account you use for remote access MUST have a password, so get that detail
set up in advance.

At this point, if you don't get the login, you either have the wrong IP
address, or haven't succeeded in forwarding port 3389, TCP through the
router or firewall--or, less likely, port 3389 is blocked at the client end.

If you get the login but it doesn't work, double check your credentials.
Ideally, do this test on a local network at home--it doesn't have to be
across the Internet.

If all that DID work, then go ahead and try the web method.

again--trying it first at home is best.

At that same remote location, connected to the Internet, open an Internet
Explorer windows. Put in: http:\\myhomeipaddress
(where myhomeipaddress is the one which worked in the earlier test)

You should get a mostly white page which has a box for a server name and a
connect button. Don't put anything in the box, but press the connect
button.

If the connect button stays greyed out, there's a restriction on ActiveX
controls in effect at the client location.

You should, after pressing connect, get the same login prompt you got in the
first test.

If you never see the mostly white screen with the connect button, then
something is preventing traffic on port 80, TCP from getting from the client
location to the home machine. Could be restrictions outgoing at the client
location, the home ISP (Verizon, for example, blocks port 80, TCP), or the
router/firewall at home.

That was long, but I hope reasonably plain English--please ask specific
questions if it is still muddy.

 

[Rick]

In addition, the ISP involved at the home location must not be blocking port
80, and, any ISP or corporate LAN involved at the remote (client, laptop,
etc) location must also not block or proxy port 80 or

3389, TCP.

Excuse my ignorance, but the above paragraph is not clear
to me.
How do you check what ports are blocked and how they are
forwarded, etc.?

I am trying to connect two computers, both running XP.
The one I want to connect to (home) has a static (cable
modem) IP; the other (office) a dynamic (DSL modem).
I have the home computer set to allow remote connections
and I have entered the IP address correctly but can't get
the remote window to open.

 

[Bill Sanderson]

The easiest way to check whether traffic is blocked is by observing that it
gets through.

In your case, if you are using the Remote Desktop Connection client
software, as opposed to Remote Desktop Web connection, where you use a web
browser---we don't need to worry about port 80 being blocked.

Some large DSL ISP's (Verizon) block port 80, but I don't know of anyone
blocking port 3389 inbound.

So--ignore the ISP blocking part of the discussion.

Now--at work--If you know the devices involved in the connection, and it is
just a simple dsl modem and router, nothing is blocking outbound traffic.

If there is a firewall or a proxy involved, which controls outbound traffic,
then you'd need to configure a rule to allow RDP traffic outbound.

It sounds like in your situation there is no firewall or proxy, so nothing
should be blocking the outbound traffic.

Finally, at the home location: You've got a cable modem, and then the
PC--anything else--a nat/router device, for example? If there's no router,
do you have XP's firewall active on the connection to the cable modem? (you
should!)

So--If there's a router at home, you need to forward traffic on port 3389,
TCP to the IP address or name of the XP Pro workstation. Otherwise, this
traffic will be blocked by the router.

Ditto for the ICF Firewall in XP: Start, control panel, network
connections, right click the connection to the Cable modem, click on the
advanced tab, click on settings at the bottom. Check to enable Remote
Desktop and put in the name or IP address of the XP Pro host (it may already
be there)

Be sure, at the office end, that you are using the public IP address of the
cable modem at home. You can get this address by going to
http://www.myip.com on the home machine.

Let me know if I've been too unclear--the settings in the router differ
between brands and models, so I haven't given step-by-step on that. Tell us
what brand and model if you can't figure that bit out.

 

[Guest]

----- Bill Sanderson wrote: -----

Finally, at the home location: You've got a cable modem, and then the
PC--anything else--a nat/router device, for example? If there's no router,
do you have XP's firewall active on the connection to the cable modem? (you
should!)

I have the XP firewall enabled at both locations. (BTW, how safe is this? I was using Zone Alarm, but felt it impossible to get Remote Desktop configured using it, so it is disabled)

So--If there's a router at home, you need to forward traffic on port 3389,
TCP to the IP address or name of the XP Pro workstation. Otherwise, this
traffic will be blocked by the router.

Home connection is connected through a Toshiba Cable Modem PCX2600 #2. No other router.

Ditto for the ICF Firewall in XP: Start, control panel, network
connections, right click the connection to the Cable modem, click on the
advanced tab, click on settings at the bottom. Check to enable Remote
Desktop and put in the name or IP address of the XP Pro host (it may already
be there)

Something must be missing here, because I do not see the box to enter the address you describe? What am I missing?

Be sure, at the office end, that you are using the public IP address of the
cable modem at home. You can get this address by going to
http://www.myip.com on the home machine.

I have double checked the address - it is correct.
Still can't get this working.