Filter external IP to remote access

[viet]

On my Linksys router, BEFSR41, I forward port 3389 to my destop. But I
could not find anywherer in Linksys router to prevent all public
external IP to remote desktop connection to my home desktop except one
public IP from office. Otherwise, anyone just lookup to my public IP
and remote access to my desktop at home.

Thanks in advance

 

[Shenan Stanley]

On my Linksys router, BEFSR41, I forward port 3389 to my destop.
But I could not find anywherer in Linksys router to prevent all
public external IP to remote desktop connection to my home desktop
except one public IP from office. Otherwise, anyone just lookup to
my public IP and remote access to my desktop at home.

Really - you have found a way to use Remote Desktop without a password?

The features of a NAT device such as a linksys/netgear/etc cable modem
router do not include limiting the IP range allowed through in most cases.
They do - surprisingly - allow you to limit it for remote administration of
the router - but they have not (in the cases I have seen) allow you to lock
down the port forwarding in such a fashion.

And this would have nothing to do with your machine at this point - really -
but the NAT device in question.

Your best protection in the case of given equipment and needs is a
good/strong password on your remote desktop and proper configuration of your
software firewall of choice as well.

 

[viet]

Actually both my Windows XP had strong password. But have one more
level protect is much better. I consider replace BEFSR41 with one of
these:
- Cisco PIX 501 Security Appliance
- Checkpoint Safe@Office 500
- 3Com® OfficeConnect® VPN Firewall

I also lookup OpenVPN2. Any one have experience with these. I just want
to allow only one determine public IP come to my home LAN for remote
access (port 3389) and all other for http (80) and https (443)

V

 

[Sooner Al [MVP]]

I don't know about OpenVPN2 but I currently use OpenVPN to access my home
LAN and our two XP Pro desktops shared files/folders or by Remote Desktop
(RDP). In my case I use a self generated certificate and a key protected by
a strong password. In addition I use an alternate high number port, other
than the default UDP Port 1194, for the server. I feel very safe with that
arrangement. I don't know if you can configure the OpenVPN server to only
accept incoming traffic from a specific IP. Check the How-To for a possible
answer to that...

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

In the not to distant past I used Secure Shell (SSH) to do the same. In that
case I used a 2048-bit private/public key pair protected by a strong
password and an alternate high number port. I then could access either of
our XP Pro desktops with RDP...

http://theillustratednetwork.mvps.org/Ssh/SecureShell.html

All the above is free which IMHO is perfect for the SoHo or home user...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


Actually both my Windows XP had strong password. But have one more
level protect is much better. I consider replace BEFSR41 with one of
these:
- Cisco PIX 501 Security Appliance
- Checkpoint Safe@Office 500
- 3Com® OfficeConnect® VPN Firewall

I also lookup OpenVPN2. Any one have experience with these. I just want
to allow only one determine public IP come to my home LAN for remote
access (port 3389) and all other for http (80) and https (443)

V

 

[Guest]

Have you checked out zonelab's zonealarm, you can set it to only allow
connections from specified IP's. plus it's free.

cl1nt