Re: RDP Port access
- From: "Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 13:17:57 -0800
Opening port 3389 on the firewall allows *incoming* traffic on port
3389. That is not what you want.
The RDP client uses local TCP port X (random port number between 1024
- 65534) to open a connection to RDP Server port 3389. The RDP
client also opens local UDP port X+1 for listening. You can easily
verify this by running the command "netstat -an" on the client.
When you establish a connection from inside a firewall to a Terminal
server, the firewall must allow *outbound* connections to the RDP
port (3389) coming from a dynamic port on the client. The firewall
should be smart enough to know that once the dynamic port is open
data should be able to flow both ways.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
SQL troubleshooting: http://sql.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Rowland Costin" <technical@xxxxxxxxxxxx> wrote on 11 jan 2006 in
microsoft.public.win2000.termserv.clients:
> Hi
>
> I have a remote network to my offices, Its an active directory,
> using a PDC server and a Terminal server and some smaller
> database servers. This network is only ever accessed by remote
> clients, no local LAN clients. It has a Cisco Pix 506 firewall.
>
> So far I have had no problems. The remote users at my office can
> access through our firewall (Firefox) and in through the Cisco
> without problem using RDP.
>
> I have a remote client elsewhere in the UK. They need to log
> onto this network. I have sent them an RDP file already set up,
> (Tested at this end ok). However, they cannot access my remote
> server using RDP through their firewall. (Not sure yet what it
> is)
>
> The Terminal server is accessing as standard using port 3389. I
> ran a TCP port scan program on my PC while connecting to this
> remote server and this confirms the server is listening on 3389.
> I have multiple other servers here at my local LAN and
> connected to them as well. The scanner showed that the RDP on
> my machine seems to vary the local port connection from my PC,
> from about port 1646 to 1760.
>
> Questions:
>
> 1) Is there a specific port range for the local port that RDP
> uses to go out from the client PC? eg 1650 - 1800 maybe?
>
> 2) I know the clients firewall is extremely locked down, but
> they say they have opened TCP port 3389 on the firewall, does
> RDP need anything else, UDP etc?
>
> 3) They claim to have connected to my remote server ok with RDP
> when bypassing the firewall. But I don't know if it is the same
> PC as they are on other side of the country to us, so I haven't
> visited them yet. Can any settings on the Desktop PC they are
> using have been closed down to prevent getting from the PC to
> their firewall in the first place? eg would Windows XP firewall
> shut these ports?
>
> Their support people are based in their head office in Norway,
> so its proving a bit difficult to organise information and
> things to try.
>
> Anything else you can think of would be greatly appreciated.
>
> Regards
> Rowland Costin
.
- References:
- RDP Port access
- From: Rowland Costin
- RDP Port access
- Prev by Date: Re: Remote desktop / Terminal services - Serial ports redirection - How to redirect only 1 port ?
- Next by Date: TS clients from one remote location disconnect and can't connect until TS server rebooted.
- Previous by thread: RDP Port access
- Next by thread: TS in datacenter
- Index(es):
Relevant Pages
|
