Remote Desktop stopped working through firewall/router

D

Dave Waller

I have a Netgear firewall/router connecting my private
home network to the internet via a single DSL IP address.
The router has been configured to forward port 3389
through to a specific machine inside the private network,
and was working fine until I made some configuration
tweaks to XP on this machine over the weekend.

Now I can make a Remote Desktop connection to the machine
from another machine inside the private network, using
the local private IP, but I can no longer reach the
machine from outside using the public IP the
router/firewall is managing. I confirmed that the router
is not the problem by reconfiguring the forwarded port to
point to a different XP machine that I didn't modify, and
can successfully make a connection from the outside (and
inside) to that one.

Any suggestions as to what might be causing this? IS
there some way to log the connection attempts on port
3389 so I can at least see that the machine is recieving
and rejecting them? I looked and look through MSDN
library docs and searched, but couldn't find anything to
help me enable to sort of logging I need to at least if
the connection request is coming in, and what windows is
doing with it.

Thanks,

Dave
 
S

Sooner Al

Is the PC using a dynamic or static IP on your home LAN? If its a dynamic IP then more than likely
your forwarding scheme for TCP Port 3389 is no longer valid because the PCs IP changed... Setup a
static IP for that particular PC...

http://www.portforward.com/networking/static-xp.htm

If its not a static versus dynamic IP issue on that particular PC, then perhaps the public IP of the
router has changed. Is your IP as assigned by your DSL ISP a dynamic IP? One solution is to setup an
account with one of the dynamic naming services that map a fully qualified domain name to the
Comcast IP. In my case I use a FREE service from No-IP.com. The No-IP.com software runs on my XP
Pro box and on a time schedule basis contacts the No-IP.com servers. The No-IP.com servers then know
what your IP is and maps that to a fully qualified domain name. That information is then propagated
over the public internet. You could then call the client PC using the fully qualified domain name.
It works very well for me when I call my home network using Remote Desktop.

http://www.no-ip.com

Others, some free and some $$$$...

http://www.remotenetworktechnology.com/ow.asp?Remote_Network_Home/Connections

If you can connect to the target PC from another PC inside your home LAN, then it has to be an issue
with the router port forwarding or addressing of the router from the public internet. You can run
this telnet test to try and pinpoint the issue...

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q187628

Please post additional questions concerning Remote Desktop to the
microsoft.public.windowsxp.work_remotely news group.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
G

Guest

Thanks for the quick response, Al!

Unfortunately, none of the possibilities you mentioned
are the problem. I configured the router to assign a
fixed, static IP to that machine's MAC, so it get the
same address every time it does a DHCP request. Getting
through the tunnel isn't affected by the outside IP
(which is dynamic), so long as I know it -- and as long
as I don't lose power, my router keeps the connection to
the DSL modem alive, and I don't lose the address. I've
had the same IP from SBC for weeks because of this.

Finally, the most puzzling thing is that I can connect
from inside my private network, using the local IP, and
can also connect to a different machine from the OUTSIDE
using the tunnel if I reconfigure the router to point to
the other machine.

So, I think what I need to do is be able to log incoming
IP connection traffic, and see if the target machine is
even getting a forwarded, NAT'd packet from the router,
and see what XP is doing with the request. Any advice on
how to log this information? Do I basically need to use
some sniffer software or something? Or are there logging
features in XP that I can't find? (This seems appropriate
for this group, so I'll leave this particular issue here
unless directed otherwise; I'll take the Remote Desktop
question itself over to the Working Remotely ng as you
suggested...)

Dave
 
D

Dave Waller

Thanks for the quick response, Al!

Unfortunately, none of the possibilities you mentioned
are the problem. I configured the router to assign a
fixed, static IP to that machine's MAC, so it get the
same address every time it does a DHCP request. Getting
through the tunnel isn't affected by the outside IP
(which is dynamic), so long as I know it -- and as long
as I don't lose power, my router keeps the connection to
the DSL modem alive, and I don't lose the address. I've
had the same IP from SBC for weeks because of this.

Finally, the most puzzling thing is that I can connect
from inside my private network, using the local IP, and
can also connect to a different machine from the OUTSIDE
using the tunnel if I reconfigure the router to point to
the other machine.

So, I think what I need to do is be able to log incoming
IP connection traffic, and see if the target machine is
even getting a forwarded, NAT'd packet from the router,
and see what XP is doing with the request. Any advice on
how to log this information? Do I basically need to use
some sniffer software or something? Or are there logging
features in XP that I can't find? (This seems appropriate
for this group, so I'll leave this particular issue here
unless directed otherwise; I'll take the Remote Desktop
question itself over to the Working Remotely ng as you
suggested...)

Dave
 
S

Sooner Al

You probably want to look at logging information on the router since the desktop Remote Desktop
functionality obviously works as you verified over your local LAN.

Otherwise, look at this tool for possible help logging port activity on an XP box...

http://support.microsoft.com/default.aspx?scid=kb;[LN];837243

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote desktop port forwarding 2
Remote Desktop Question 6
Need advice with Remote Desktop Connection 10
Home VPN 6
RDT through 2 routers 2
How do I convert my second Router into an Access Point 0
Remote Desktop Web Connection Failure 3
How to access an IP printer upstream through a firewall router? 9

Top