Remote Desktop directly to another computer on the network

[Guest]

I have a dynamic DNS service installed on my router (Cable Modem). I want to
allow someone access to my second computer on my network without having to
take over my main computer first, then RDP to my second computer.

Does anyone know how to remote desktop directly to the second computer?
Router settings?

Thanks!

 

[Robert L [MS-MVP]]

We need more information to help. Assuming all computers are using private IP addresses and behind a router, you can do port forwarding.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have a dynamic DNS service installed on my router (Cable Modem). I want to
allow someone access to my second computer on my network without having to
take over my main computer first, then RDP to my second computer.

Does anyone know how to remote desktop directly to the second computer?
Router settings?

Thanks!

 

[Guest]

Thanks for responding. I was referring to someone on the outside of my 3 home
computer network, remote desktopping into my second computer. Each computer
is on a 192 address. How would I port forward to my second computer?
Thanks!

 

[Sooner Al [MVP]]

If both PCs are behind a router then you can call the second PC directly by
simply forwarding TCP Port 3389 to the second PCs local LAN IP address. Call
using the public IP of the router.

If the first PC is directly cabled to the modem and your running ICS then
you need to configure the Windows Firewall on the first PC to allow TCP Port
3389 traffic to the second PCs private LAN IP address. Call using the public
IP of the first PC.

In both cases see this page for help...

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Robert L [MS-MVP]]

You didn't tell us if you have a router or not. If you do, we also need to know model #. Basically, you need to access the router to find local server or port forwarding or some things like this. Good luck!

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Thanks for responding. I was referring to someone on the outside of my 3 home
computer network, remote desktopping into my second computer. Each computer
is on a 192 address. How would I port forward to my second computer?
Thanks!

 

[Guest]

Sorry, yes I have the Linksys RDP300 because I use Vonage. I understand what
you mean by port forwarding. How do I figure out which port to use for the
second computer?
Thanks again!

 

[Guest]

You can also make it so that you can get to all three computer from outside
your home network. You can change the rdp listening port on each (or at least
2 of them) then forward the appropriate ports to each computer on the router.
When connecting to a computer whose port you changed, in the rdp client, you
would specify the dns name followed by a colon )a and the prot #. This is
how i have it set up so i can access my 3 computers at my house.

 

[Sooner Al [MVP]]

An even better solution, IMO, is to use a VPN or Secure Shell (SSH) tunnel
to access multiple PCs behind a firewall/router and only needing one open
port to do that. That way you limit your exposure to the public internet.

Here is one way to use SSH to do that...

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

The multiple port method, which is less desirable IMO...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Guest]

Well, IMO, I like the multiple port way for 2 reasons:
1. If one PC goes down I can still get to the other PCs.
2. Why encrypt data that is already encrytped to add cpu overhead and more
packets to the transmission?

I don't really buy the, "exposure" arguement. If you can't get to me through
one port, then you won't be able to get me through 3, if they are all
identical.

 

[Peter]

Well, IMO, I like the multiple port way for 2 reasons:

1. If one PC goes down I can still get to the other PCs.
2. Why encrypt data that is already encrytped to add cpu overhead and more
packets to the transmission?

I don't really buy the, "exposure" arguement. If you can't get to me through
one port, then you won't be able to get me through 3, if they are all
identical.

Plus you are not running a multi-billion company on your home machines, are
you?

On top of that you would shout "MS RDP is not secure!!!, my machine access
got cracked!!!". It is very tempting...

 

[Guest]

if you are using encryption in rdp 5.1 or higher, you will not be able to
view the stream. You would be no more likely to crack the encryption than you
would be to crack ssl encryption.. or ssh for that matter.

 

[Peter]

if you are using encryption in rdp 5.1 or higher, you will not be able to

view the stream. You would be no more likely to crack the encryption than you
would be to crack ssl encryption.. or ssh for that matter.

That is exactly my point.

VPN gives you only that advantage, that you do not have to manage your
router forwarding ports, when you add more remote PCs.
And you do not have to remember which PC uses which port.

But on the other hand, you have to maintain a VPN server, as you have
pointed it out.
(I actually do it VPN way. My VPN server is running on old 486 Linux PC,
very low maintanance)

 

[Guest]

i am not really disagreeing with you... each has its own advantages.. but
when that 486 crashes... you'll think to yourself... maybe multiple ips
aren't such a bad idea... lol

 

[Sooner Al [MVP]]

Another reason I like SSH (or VPN if it floats your boat as they say) is for
simple secure file transfers. I generally use a free SFTP client called
WinSCP for that to access my home SSH server. No need to even callup RDP
just to transfer files. If you have the bucks WebDrive is nice because you
can actually map a remote folder through the SSH tunnel. I do that, ie. use
WebDrive, with a persistent SSH tunnel to my brothers SSH server. He has a
static business class IP/account with his cable ISP. Its great for file
transfers, ie. he puts a file in the common folder and I can grab it or vice
versa...

The other positive, at least in my mind, with a SSH link is the use of
private/public key pairs (I use a 2048-bit RSA key pair) for authentication
versus a password (strong or otherwise). The remote party must have the
private key that matches the servers public key or the connection is not
made period. The keys are further protected by a strong pass phrase. In my
setup, and my brothers, password authentication is strictly prohibited and
disabled. So the SSH link is encrypted from the get-go and the remote user
can only logon to the SSH server with a valid private key and strong pass
phrase. I like that...

Anyway, we all have our preferred methods and opinions. The discussion is
good...

Later...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Guest]

I don't understand why this discussion is traveling down the road of "which
is the most secure way?" You win, a 2048 bit key pair is more secure.

Let's say i have 2 bit encryption on my rdp stream (which i don't and you
aren't going to crack the encryption on rdp).
1: you would have to know my ip address.
2: you would have know my port that I have open because I don't use the
default port... which means you would have to scan all 65536 ports to figure
out which port i use (assuming you knew my ip, becauuse you wouldn't be
scanning 65536 ports of a subnet)
3. now you have my port and ip.. well, you're not guessing my password on
rdp.. not matter how hard you try.
4. so now, you have to place a sniffer between my client and home rdp server
(assuming you knew when i was going to be on, and that my dynamic ip address
didn't change while you were waiting) just to maybe crack my password and/or
view my video stream. And the complexity of that, just becasue of logistical
reasons (disconnects, dropped packets, etc) would be another factor.

So, i wonder what the chances of all those events syncing up are? about the
same chance of me cracking that 2048 bit key i would think... lol

Now, you might even say that jsut seeing the open port (assuming all those
events came into play) would be enough for a DOS attack. Well, so would me
seeing your ssh port. Your router would suffer from the DOS attack most
likely long before the PC. And there is no reason for me to believe that ssh
will suffer less from a DOS attack that RDP. SSH has its own problems (and if
you'd like me to point them out, i would be happy to give the references).

Also, when you go to someone's house, do you have that key with you? Do you
download it from somewhere? Well, all I need is my lowly little password.

When I have a multibillion company I will use the key pair, but for now I
say I get more convience than someone using an SSH tunnel with a key pair.

Like, I said earlier.. both ways have their advantages.

 

[Peter]

i am not really disagreeing with you... each has its own advantages.. but

when that 486 crashes... you'll think to yourself... maybe multiple ips
aren't such a bad idea... lol

It will crash, that is for sure.
But so far it has been running for three years without any updates. I'm not
sure if that version of Linux is still downloadable from net.
And I do have other ports forwarded for remote access purposes (custom RDP,
tunnels, etc). But only VPN covers all remote devices.

They are multiple ports though, not IPs. I still have only one access path.

 

[Peter]

I don't understand why this discussion is traveling down the road of
"which

is the most secure way?" You win, a 2048 bit key pair is more secure.

Let's say i have 2 bit encryption on my rdp stream (which i don't and you
aren't going to crack the encryption on rdp).
1: you would have to know my ip address.
2: you would have know my port that I have open because I don't use the
default port... which means you would have to scan all 65536 ports to figure
out which port i use (assuming you knew my ip, becauuse you wouldn't be
scanning 65536 ports of a subnet)
3. now you have my port and ip.. well, you're not guessing my password on
rdp.. not matter how hard you try.
4. so now, you have to place a sniffer between my client and home rdp server
(assuming you knew when i was going to be on, and that my dynamic ip address
didn't change while you were waiting) just to maybe crack my password and/or
view my video stream. And the complexity of that, just becasue of logistical
reasons (disconnects, dropped packets, etc) would be another factor.

So, i wonder what the chances of all those events syncing up are? about the
same chance of me cracking that 2048 bit key i would think... lol

Now, you might even say that jsut seeing the open port (assuming all those
events came into play) would be enough for a DOS attack. Well, so would me
seeing your ssh port. Your router would suffer from the DOS attack most
likely long before the PC. And there is no reason for me to believe that ssh
will suffer less from a DOS attack that RDP.

That is a very good point. DOS attacks are usually aimed at popular ports,
aren't they?
What port do you use for ssh Al?

 

[Sooner Al]

That is a very good point. DOS attacks are usually aimed at popular ports, aren't they?
What port do you use for ssh Al?

I use an alternate (versus the SSH default TCP Port 22) high number port as does my
brother. Its quite amazing and interesting to monitor the XP event log and watch the brute
force attacks on TCP Port 22 before I changed to the alternate port.

We both use copSSH as our SSH server of choice...

http://tinyurl.com/zugog

We also use allowed users, etc, but not allowed hosts.

 

[Peter]

That is a very good point. DOS attacks are usually aimed at popular
ports, aren't they?

I use an alternate (versus the SSH default TCP Port 22) high number port as does my
brother. Its quite amazing and interesting to monitor the XP event log and watch the brute
force attacks on TCP Port 22 before I changed to the alternate port.

We both use copSSH as our SSH server of choice...

http://tinyurl.com/zugog

We also use allowed users, etc, but not allowed hosts.

That makes a lot of sense, thanks Al.