Re: Remote Desktop Office to Home PC
- From: "Shenan Stanley" <newshelper@xxxxxxxxx>
- Date: Sat, 7 May 2005 20:50:00 -0500
Frank wrote:
> I have a WinXP Pro at home and enabled for RD Web Connection (I have a
> permanent DSL Connection and a DynamicDNS Account) - IT WORKS from
> WAN-Side WHEN I USE A DIAL-UP CONNECTION FROM THE LAPTOP. But when
> I'm in the office and try to RD connect, I get the message "Could not
> connect to remote computer....". OF COURSE I AM AWARE THAT THIS IS A
> PROBLEM WITH THE FIREWALL OF MY COMPANY! That's why I changed the
> listening ports of Remote Desktop from 3389 to 8080 within the
> registry and the tsweb-default.htm (This port is opened, I can
> connect from my company to my home-router through this port!)Like I
> already mentioned above: IT WORKS WHEN I USE A DIAL-UP CONNECTION
> FROM THE LAPTOP OR ANY OTHER CONNECTION WITH NO FIREWALL BEHIND IT.
> Can somebody here tell me if there are any other ports which need to
> be opened within my company's firewall except for 8080 to get this
> working? Or what other security setting wihtin my company could
> prevent the RD-Connection from being established??
Sooner Al [MVP] wrote:
> You need to talk to the network administrators at your office/work
> for guidance. Most likely network security policies will preclude you
> from doing this without permission of the network administrators...
Frank Hausmeister wrote:
> That doesn't answer my question: What port-blocking or other security
> setting could prevent the RD-Connection from being established? Is
> that a secret or does just nobody know that?
Sooner Al [MVP] wrote:
> You office network administrators block the outbound ports...Contact
> them for further help...
Frank Hausmeister wrote:
> o.k, then why can I connect to my home-router through the same port
> (8080). Is there no need for outbound-ports to be used? thanks for
> your patience ;-)
Shenan Stanley wrote:
> You may have this, I am coming in late.. but--
>
> Do you have the port forwarded through your home router?
>
> Essentially - you just said you have a home router (assuming cable
> modem or DSL) that you can connect to (it's called remote management)
> through a web interface if you type :8080 at the end of the public
> IP.. Have you configured the router in such a way (forwarding) so
> that when a request comes in on port 3389, it forwards to your home
> system sitting patiently behind the router?
>
> In other words...
>
> WORK PC sends a request to HOME ROUTER IP:3389 (3389 is the default
> Remote Desktop port) by ways of a Remote Desktop Client. The HOME
> ROUTER sees this request coming in on port 3389 and looks at its list
> of FORWARDING rules, where you have setup a rule that says "if there
> is a request on port 3389 from the Internet, you forward that request
> to internal IP xxx.xxx.xxx.xxx (where that is the IP of the HOME PC.)
> The HOME ROUTER then forwards that request as it rule says to and the
> HOME PC responds (if you have Windows XP Professional and it's
> internal firewall is off/configured correctly and you have Remote
> Desktop setup properly with passworded users setup to have access)
> and the link is established between WORK PC and HOME PC..
> So, if you have made any changes to the listening port on your home
> computer - change them back to default.
> Log into your home router management console (you seem to know about
> that) and configure the forwarding so that it consistently forwards
> PORT 3389 requests to the HOME PC. Also, unless you changed/turned
> off remote management on your router, then changing the listening
> port to 8080 on your home PC may be ineffective to the outside world
> - as the router is going to answer - not forward that.
>
> What else could it be? Well, your admins may not block http traffic
> to 8080 - but they can be more particular than that.. Might as well
> ask if they do not route the traffic needed to do remote desktop
> connections.
Frank Hausmeister wrote:
> IT MUST be something else, as it WORKS FROM ANY OTHER WAN-CONNECTION
> (i.e. a dial-up connection) And the question is: What kind of traffic
> else than a port-forwarding to 3389 (or 8080 in my case) is needed??
Shenan Stanley wrote:
> Do your IT people fire people for asking questions?
Frank Hausmeister wrote:
> I'm working for a company with at least 100000 employees. I don't
> think they will change any of their IT-processes just because of me.
> So I need to know wheather there is a way to get this working inspite
> of restrictive IT-guidelines.
Shenan Stanley wrote:
> People ask me questions like that all the time. I answer them. E-Mail is
> quick and efficient.
>
> When you say "any other", do you mean "from the same ISP that I have
> the broadband with"? Because it may be a restriction of that ISP
> instead of one by your company - I bet the ISP has more than a few
> customers and would be willing to answer your questions as well.
>
> The point being - no one knows your setup better than you and no one
> knows your work network configuration better than your work IT people
> and no one knows your ISPs network configuration than your ISP IT
> people.
> *If* you have followed the instructions give about forwarding 3389
> instead of 8080 through your router (again - if you have remote
> management turned on for your router, this 8080 forwarding could be
> conflicting external to your network) and you have tested it with a
> WAN/Dial-Up connection that is unrelated to your home ISP (not the
> same company) and that all works - yet you still cannot do it from
> work, then your network administrators have purposely blocked the
> Remote Desktop traffic. You are more than welcome to try other
> products to see how thorough they were, I suppose - but you would
> likely save yourself hours of time by simply emailing them with a
> question:
> "I am attempting to control my desktop at home remotely and have
> found that from anywhere other than work, this is possible. Is there
> some blocking you have in place to prevent Windows XP Remote Desktop
> from functioning properly to/from machines outside/inside our network
> here at work?"
> You can try other applications (they may have their own special ports
> that need to be configured..)
>
> FREE:
> - UltraVNC ( http://ultravnc.sourceforge.net/ )*
> - MyWebEx PC ( http://www.mywebexpc.com/ )
>
> *There are many "flavors" of VNC..
>
> PAY:
> - GoToMyPC ( https://www.gotomypc.com/ )
> - Symantec pcAnywhere ( http://www.symantec.com/ )
Frank Hausmeister wrote:
> HOW can I block "Remote Desktop Traffic"? What else would a
> firewall-admin have to configure if it's not the port-blocking to
> prevent "remote desktop traffic from functioning ?(port 8080 is
> obviously opened) Are there other ports that RD needs to be opened?
-- Is the dial-up/other WAN you tried using the SAME ISP as your broadband
access?
-- Is remote management turned on your router and set to default port?
-- Have you tried to forward port 6000 and above ports (excluding 8080) to
a different port (3389) to your home PC on your home network?
-- Have you tried just forwarding 3389 on your router to port 3389 on your
home PC?
-- Is your work network a public or private IP set (are you behind a NAT
at work as well?)
Normally an administrator would not block OUTGOING ports (3389, etc) without
good reason and most do not see Remote Desktop as a "good reason" yet.
Yes - they could listen for particular packets (RDP) and block that
traffic - but that is unlikely. Most of the time, network administrators
are concerned ONLY with INCOMING traffic - and the normal way of blocking
Remote Desktop is to block the port 3389.
Port 8080 may "obviously" be opened to outgoing/incoming traffic, but your
router - if configured for remote management (from an external subnet) may
not be properly forwarding the traffic as it may be trying to respond to the
port 8080 request with its remote management..
If you insist on changing the listening port (which would only be necessary
if you cannot properly configure your router to forward one port request to
a different port on the inside of the private network *if* you have multiple
machines behind the NAT device...) - change it to something above 6000 but
not something you know may be used by something else (like 8080 that would
be used for remote management of your router) and see if it works.
--
>=- Shenan -=<
>=- MS MVP -=<
--
The information above is intended to assist you; however, it is
suggested you research for yourself before you take any advice - you
are the one ultimately responsible for your actions/problems/solutions.
Whenever possible, the advice will include the method/places used in
compiling the answer. Also, questions may have been asked to clarify
your situation OR to give you an idea of where to look - do not dismiss
them lightly.
.
- Follow-Ups:
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Re: Remote Desktop Office to Home PC
- References:
- Remote Desktop Office to Home PC
- From: Frank
- Re: Remote Desktop Office to Home PC
- From: Sooner Al [MVP]
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Re: Remote Desktop Office to Home PC
- From: Sooner Al [MVP]
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Re: Remote Desktop Office to Home PC
- From: Shenan Stanley
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Re: Remote Desktop Office to Home PC
- From: Shenan Stanley
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Re: Remote Desktop Office to Home PC
- From: Shenan Stanley
- Re: Remote Desktop Office to Home PC
- From: Frank Hausmeister
- Remote Desktop Office to Home PC
- Prev by Date: Re: Remote Desktop Office to Home PC
- Next by Date: seeking info on registry keys related to RDP
- Previous by thread: Re: Remote Desktop Office to Home PC
- Next by thread: Re: Remote Desktop Office to Home PC
- Index(es):
Relevant Pages
|
