Problems setting up port forwarding for Remote Desktop

P

Peter Kronenberg

I just started playing around with Remote Desktop and I love it.
However, I'm having a problem changing the port that the client uses
to connect.
Here's what I've done. I have a Buffalo WBR-G54 router. I
successfully set up port forwarding so that if I use the Remote
Desktop Client to connect to the router's WAN IP, 123.456.789.1 at
port 3389 it correctly forwards it to 192.168.1.5:3389.

However, I want to change the external port number so I can connect to
123.456.789.1:1234, for example and it will be forwarded to port 3389
on the correct machine.
I can't seem to get this to work. I can use Steve Gibson's Shield's
Up (at www.grc.com) to confirm that port 1234 is open. But when I try
to connect from a client, it doesn't work.

Can anyone help?

thanks,
Peter
 
S

Shenan Stanley

Peter said:
I just started playing around with Remote Desktop and I love it.
However, I'm having a problem changing the port that the client uses
to connect.
Here's what I've done. I have a Buffalo WBR-G54 router. I
successfully set up port forwarding so that if I use the Remote
Desktop Client to connect to the router's WAN IP, 123.456.789.1 at
port 3389 it correctly forwards it to 192.168.1.5:3389.

However, I want to change the external port number so I can connect to
123.456.789.1:1234, for example and it will be forwarded to port 3389
on the correct machine.
I can't seem to get this to work. I can use Steve Gibson's Shield's
Up (at www.grc.com) to confirm that port 1234 is open. But when I try
to connect from a client, it doesn't work.
Click to expand...

Change the port on the machine (Remote Desktop Listening Port) and then just
forward requests on that port on your router to the proper machine.

(Search Microsoft's site for how to do that and open up that port through
the Windows Firewall if necessary.)
 
B

Bill Sanderson

I'm not sure where you're going wrong.

I don't know for sure that your unit has this capability--which is
sometimes referred to as UPnP forwarding. If it does, and the UI is
unambiguous, it should be working.

One thought is to check that you are on the latest firmware for your device.

It probably isn't worth very much to do this just for the "security by
obscurity" aspect, but it can be useful if you have a small number of
multiple machines behind the router you want to reach.
 
S

Sooner Al

I have a WBR-G54, although I have not tested using Port Redirection like your trying, only Port
Forwarding like you said works.... Hmmm...

Have you tried this telnet test to verify you can get through the router using the new port?

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q187628

Have you contacted Buffalo tech support about this to see what they have to say? I understand their
tech support is very good...

Otherwise, as "Shenan" mentions changing the listening port on the PC is the work around, if you
can't get Port Redirection to work and since you verified straight Port Forwarding works...

If you do change the listening port then make sure you...

a) reboot the PC after making the registry change and
b) make the change to the router port forwarding also.

READ THESE TWO KB ARTICLES FIRST...

http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322756

Change the Remote Desktop listening port and calling procedure...

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304

Just for information what firmware are you running in the WBR-G54? I currently run the v2.20
firmware, if that makes a difference.

Unfortunately I have not tested Port Redirection through the router simply because my current mobile
client, an iPAQ 5555 PocketPC, does not allow me to change the Terminal Services Client/Remote
Desktop calling port like a desktop/laptop does... A big limitation...:-(

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
P

Peter Kronenberg

Well, my router has a section for UPnp, but I don't quite understand
it. The section called Address Translation is where the Port
Forwarding is defined. It definitely lets me specify a WAN-side port
and a Lan-side.

Although I will potentially do this with more than 1 computer behind
the router, security by obscurity was part of my reason. Why do you
say it's not worth it?
 
P

Peter Kronenberg

Thanks, I'll check all that out. I'm running 2.06 of the firmware. I
didn't know there was a later one.
 
P

Peter Kronenberg

Sooner Al said:
I have a WBR-G54, although I have not tested using Port Redirection like your trying, only Port
Forwarding like you said works.... Hmmm...

Have you tried this telnet test to verify you can get through the router using the new port?

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q187628
Click to expand...

Tried this and surprisingly (or not so), telnet can't get through.
But how can that be since Shield's Up reports the port as open?
Have you contacted Buffalo tech support about this to see what they have to say? I understand their
tech support is very good...
Click to expand...

After I upgrade the firmware, that will be next. I couldn't find any
place on their website where they say what has changed. I see that
2.20 just came out a few days ago.
 
S

Sooner Al

It may be simply an issue with "Port Redirection" not working versus "Port Forwarding" which is
working. Port Redirection may simply be broken in the firmware, whatever version you run.

I have an issue with not being able to get a PPTP VPN tunnel through the WBR-G54 router, even though
the Buffalo tech support FAQ claims it can be done. I guess I need to call tech support and see if
they can provide an answer, although I doubt it...

As far as release notes are concerned, they are usually rather thin on that... You could contact
Buffalo tech support about changes... If you do, please post what you find out...

Beyond that, the router supports WPA-PSK (TKIP) which plays nice with my iPAQ 5555 PocketPC...:)

Thanks...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
B

Bill Sanderson

I couldn't accurately give you odds about how much safer such a change might
make you. Certainly it'll avoid someone simply scanning on port 3389, and
looking for a Terminal Services response. Scanning on other ports takes
very little more time, though and if someone is really after you in
particular, and not just out there browsing, I suspect it won't take long
for them to spot the port.

There's certainly nothing wrong with making that change--I'd just advise not
being too sanguine about the amount of additional protection it affords.
Use strong passwords and log successful and unsuccessful logins.

So--in the router you've defined the external port as XXXX, and the internal
port as 3389, and used the private IP of the designated host machine (which
is still correct?). And on that host machine there is either no firewall,
or, ideally, one which has port 3389 open?

When you tested with port 3389 and it worked, were you using this same
dialogue in the router--i.e. XXXX=3389?

Are you testing from the same site--i.e. do you know that 1234 is open
outbound? I hope that you aren't testing from behind the router--this often
does not work.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

security question regarding opening up ports 6
Remote Desktop vs. Remote Desktop Web 4
remote desktop issues between 2 vista pc's 9
Port Forwarding question 9
Remote desktop works, remote assistance doesn't 2
Remote Desktop - the client could not connect to the remote comput 1
Remote Desktop/Router Port Forwarding 1
Question on ports and Remote Desktop web access 7

Top