Ah - but I don't think you do what the original OP posited (see the very
end of this monologue!
Jeffrey's right (of course!)--and its a good lesson in how the Remote
Desktop Web connection works.
OK--you've got a machine behind a router, running IIS and serving up RDWC.
Port 80 in the router is forwarded to that machine. Port 3389 in the router
is forwarded to that machine.
Behind that machine are a bunch of others.
User from outside points web browser at said machine. OK so far--just port
80 involved. Browser pulls back ActiveX control from web server. ActiveX
control opens communication, via port 3389, to the IP of the router. Where
does that go? To the same machine as is running IIS, of course--where else
can it go, given the router configuration.
OK--we can do better--it is possible to build a custom web page with
separate "buttons" for computer a, b, c. Theres a sample/example for this
somewhere in remotenetworking's stuff from Alex A (sorry--spelling
challenged tonight!) Each button is going to specify a separate port: 3389
to reach the original web machine, 3390 for machine a, 3391 for b, 3392 for
c. This can work, if the router is opened for these additional ports. It
isn't simple to do, though--you have to build the custom web page and
maintain it, and the router must be configured. If you are lucky, you can
just configure the router to do 3391 external to 3389 internal machine b,
otherwise you must change the listening port on machine b.
Anyway--the whole question was about not opening extra ports, and you can't
get there that way with multiple sessions to multiple machines, or even a
single session to multiple machines.
If you want the fewest ports, open a VPN. However, you are limited to a
single session.
Here's how I read what the article was saying:
You can, via RD Web connection, open an RD connection to the "gateway"
machine. From that machine, you can open a second RD session to any of
machine a, b, c.
Yes, this works, but it isn't the same thing as envisioned by the O.P. I
think.
However-- now that we've got it all laid out, I guess he can decide!
(and FWIW, I do what I describe above--multiple RD sessions, via servers
every day, and it works very well. I wouldn't want to depend on it for
end-user access to their own desktops. For that, I much prefer VPN
connections.)
John A. Wolf said:
Jeffrey, I don't want to disagree with you (especially since you have the
MVP and your website is a great resource, which I added to my favorites)
but the article I pointed to in my reply indicates he can do what he is
trying to do.
"You can use this page [the Windows Remote Desktop Web log-in page]to
connect to your Windows XP Professional-based workstation, or any other
computers on your network that have Remote Desktop installed. Yup. You can
use your own Windows XP computer to act as a gateway to other computers on
the network that are running Terminal Services (the underlying protocol
for Remote Desktop), even though they aren't themselves running the Remote
Desktop Web Connection."
Did I read that wrong? I do this at work using Windows Server 2003 as the
gateway machine, so that might be different, but is sounds like it would
work.
Thanks and again great web site.
---
John A. Wolf
(e-mail address removed)
Jeffrey Randow (MVP) said:
Not in the way you describe... You would need to have the user
connect to machine A via Remote Desktop, then start another Remote
Desktop session inside of machine A to machine B.
You cannot directly access computer B from over the internet using
computer A except if you have (1) opened more ports, or (2) set up a
VPN.
Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)
Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....
Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Smart Display Support -
http://www.smartdisplays.net
Windows XP Expert Zone -
http://www.microsoft.com/windowsxp/expertzone
On Tue, 20 Jan 2004 13:01:09 -0800, "clovedc"
I was wondering if it is possible to just open Web and Terminal Services
to one machine on my LAN but to be able to Remote desktop into multiple
machines. Basically I do not want to have too many holes in my firewall
and wanted to just open port 80 and port 3389 on one machine which users
would connect to (Machine A). When they get to the Remote Desktop Web
Connection screen they could then type in the IP of their machine
(machine B) on my LAN and directly connect to it using machine A. I dont
want to open port 80 and port 3389 to machine B I want everything to go
though Machine A. Hope this makes sence and that someone else has done
this.
Thanks
