ihhann said:
Thanks for the prompt answers.
I closed the port at the home network and I will try to open it at the
office. One question though: I can connect to my Windows XP Pro desktop
in
the office from home (XP Pro to XP Pro) without any port forwarding. Is
it
different for Vista?
First, you need to understand what port forwarding is for a NAT router,
firewall appliance or an Internet software firewall solution on a gateway
computer and I am not talking about some personal FW either.
http://www.homenethelp.com/web/explain/port-forwarding-dmz.asp
Your company's LAN network is setting behind a firewall solution, so nothing
needs to be forwarded to the LAN from the Internet.
Unless there is a personal FW active on the machines on the LAN, the
machines can communicate with each other on the LAN on any port, because no
traffic on ports on the machine are being blocked, no firewall.
If a PFW is active on a machine and a inbound port like 3389 needs to be
open for RDS to work at the host computer that is listening on port 3389,
then a rule must be set to allow the inbound traffic on the port.
No port on 3389 needs to be opened for the client machine with a personal
FW, because the client machine is the one that's initiating traffic on port
3389 with the host machine
Any traffic on inbound ports coming back from the host, the PFW on the
client is going to open the ports to the traffic.
Where the client machine has imitated the contact with a
host/server/application on a host machine with a FW in play and the
host/server sends traffic back to the client, that's called a solicitation
for traffic by the client. All solicited traffic will be let through the FW
and all unsolicited inbound traffic is blocked by the client's FW.
In the case of a host/server application running on a machine with a PFW in
play, the host is not the machine that's initiating contact with the client,
therefore, any inbound traffic coming to the host is going to be blocked by
the PFW.
The inbound traffic will be blocked by the PFW at the host machine, unless a
FW rule is set to open a port or ports on the FW to unsolicited inbound
traffic.
Solicited inbound traffic is let through and unsolicited inbound traffic is
blocked, unless a rule has been set on the FW to allow unsolicited inbound
traffic through the FW.
That's how a PFW, NAT router, firewall appliance or software FW running on a
computer works.
I think you can understand why those machine on your company LAN are
communicating with each other, which will be the same for a Vista machine.
Vista is just another NT based O/S, like Win NT'x, Win 2k, Win XP and Win
2k3 are NT based O/S(s). It's not that gid of a deal.