Port Forwarding

  • Thread starter Thread starter Dave Marden
  • Start date Start date
D

Dave Marden

I apologize for the length of this but I want to get all
my info out there to assist you in assisting me.

I was told by a few people that charter communications
blocks users from remotely accessing port 3389. Does
anyone know if this is true. And if it is true, is there
a good work around for charter customers?

I have tried using higher numbers such as 12500 (because
according to documentation I have found it isn't used) as
my port is this an acceptable thing to do? My problem is
it still doesn't make it through. I go into the command
prompt and type (xxx.xxx.xxx.xxx:12500) (where x's are my
internet IP address), and it doesn't see it. Should it be
able to see that port? And is this the correct way to
ping it, and to address it in Remote Desktop?


I have a total of 3 computers that I want to have
addressed, so I will be needing 3 ports forwarded. Maybe
I should try different ports. Here's a list of some of my
ports supplied by the NetGears documentation:

HTTP
80

FTP
21

Telnet
23

POP3
110

SMTP
25

mlRC
NONE

NTP
123

PPTP
1723

Direct Connect
375-425

FW1VPN
259

Laplink
1547

NetMeeting
1720 & 1503

Virtual Network Computing
5500 & 5800 & 5900


Thanks,
Dave Marden
 
You didn't say so explicitly but it sounds like you have a NetGear
router/firewall. Below are the basics of what you need to do.


Assumptions:

PC#1 Address: 192.168.0.101 (replace these addresses with the ones you
actually use)
PC#2 Address: 192.168.0.102 (
PC#3 Address: 192.168.0.103 (
Firewall External Address: aaa.bbb.ccc.ddd (replace this with the
external address of your firewall)


Configure Firewall:

Go into the port mapping applet on the firewall and setup the following
mappings:

External Internal Internal
Port Address Port

13101 192.168.0.101 3389 (The #'s 13101-13103 are arbitrary - use
whatever you like)
13102 192.168.0.102 3389
13103 192.168.0.103 3389


Connecting:

Use the following to connect to each PC:

PC#1 aaa.bbb.ccc.ddd:13101
PC#2 aaa.bbb.ccc.ddd:13102
PC#3 aaa.bbb.ccc.ddd:13103


Notes:

This may work if your internal PCs' addresses are assigned via DHCP.
However if DHCP reassigns IP addresses you'll wind up connecting to
different PCs.
For this to work flawlessly, you would need to assign static IP addresses to
the internal PCs. Read up on that elsewhere...
 
In addition to "Melvin's" comments...

Look at this small page that explains how to access more than one XP Remote Desktop session behind a
firewall/NAT/router. It uses the XP ICF and a Linksys BEFSR41 as examples.

http://www.oecadvantage.net/ajarvi/RemoteDesktop/Multiple_PC_RD.html

The advantage of using a PPTP VPN tunnel to access multiple RD sessions versus opening one or more
ports, as illustrated on the link, is you only open one port, ie. TCP Port 1723 (and have GRE
Protocol 47 traffic enabled). Other than that the native encryption of the RD connection is the same
as the native encryption of the PPTP VPN link.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
Does it matter if I don't have an internal firewall, also is it really that
common that someone makes it through an open port?

Thanks,
Dave Marden


Sooner Al said:
In addition to "Melvin's" comments...

Look at this small page that explains how to access more than one XP
Click to expand...
Remote Desktop session behind a
 
That is up to you as far as using a firewall on your PC internal to your router. Personally I don't,
but some people do. Minimizing the number of open ports is a good strategy. Remote Desktop,
particularly to multiple hosts, works well via a VPN tunnel by only opening TCP Port 1723 and having
GRE Protocol 47 traffic enabled. Use a strong password and you should be Ok..

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
Will I be able to still access all 3 pc's? Also I am not familiar with ho
to enable GRE Protocol traffic, please let me know how I would do this.
Also what does it mean? And do I need to do something on my end for VPN
tunneling, or is it an automatic thing?

Thanks Again,
Dave Marden


Sooner Al said:
That is up to you as far as using a firewall on your PC internal to your router. Personally I don't,
but some people do. Minimizing the number of open ports is a good strategy. Remote Desktop,
particularly to multiple hosts, works well via a VPN tunnel by only
Click to expand...
opening TCP Port 1723 and having
 
Any port that is listening is visible to the world.

Yes, with RD, your session is encrypted, and nobody is going to be spotting
the password you type, unless they are watching you carefully, or have a
keylogger in place. However, that login prompt is accessable to the world!

So, as Al says, a strong password is imperative.

In addition, logging both successful and unsuccessful logins is a good
idea--but only if you are going to look at the logs occasionally!

Lockouts after X unsuccessful password attempts are also an excellent idea.
 
Some routers call the GRE Protocol 47 enable function "PPTP Pass Through" or "VPN Pass Through". You
need to check your routers users guide or support web pages for help with that.

Yes, once you make the VPN link you can access any of the PCs through it. I do that on my home LAN.
In my case, however, I use an iPAQ 3835 PocketPC running both a PPTP VPN client and Terminal
Services Client. Look at these pages for help setting up a VPN link or reference my earlier posting
about accessing multiple RD sessions through a firewall/NAT/router...

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

In the following ignore the PocketPC parts. This is a real life example of how to setup a XP PPTP
VPN server.

http://www.oecadvantage.net/ajarvi/WM2003/WM2003PPTPVPN.html

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
Dave,

Just do what I suggested. Al is talking about a whole new level of
complexity.

As long as you have "strong" passwords - i.e. ones that are complex and not
in the dictionary - e.g. "eat6burgers" you'll be fine. In addition, since
we're opening up unnamed ports (13101-13103) on the router and mapping them
internally to 3389 nobody would know that you've got remote desktop enabled
unless they really went to an awful lot of trouble (they won't).

With regard to having firewalls running also on the internal PCs - I would
personally not do that. That too adds unnecessary complexity.

"Melvin"
 
Back
Top