Settings for NAT forwarding if RemDesktop system is behind router ?

Sven Kreininger · May 5, 2006

If the remote desktop server system is behind a router is it required to put some
NAT forwarding directions in the router ?

If yes, which ?

Read: Which port is/ports are being used from the RD client to access the RemDesktop Server ?

Sven

Pegasus \(MVP\) · May 5, 2006

Sven Kreininger said:
If the remote desktop server system is behind a router is it required to put some
NAT forwarding directions in the router ?

If yes, which ?

Read: Which port is/ports are being used from the RD client to access the RemDesktop Server ?

Sven

The router must forward port 3389 packets to the RD server's
internal IP address.

Millybags · May 5, 2006

Sven,

Can I refer you to the post just below - Remote Desktop question.
The answers are there.

Regards,
Steve

Phillip Windell · May 5, 2006

If you did that it would expose RDP of the server directly to the
internet,..and it would be the only one you could do this with and you would
not be able to use RDP to any other server,...at least not without jumping
through a bunch of hoops.

The correct solution is to use VPN. After VPN is established you can
connect via RDP to any machine you want.

Sooner Al [MVP] · May 5, 2006

Along those lines of thinking I use OpenVPN to access my home LAN and
subsequently either have direct access to shared files/folders or I run
Remote Desktop (RDP) through the OpenVPN tunnel to access any of my home
desktop PCs. Authentication is made using a self signed cert and a password
(strong) protected key.

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

You can also use RDP through a Secure Shell (SSH) tunnel. Authentication can
be made using a private/public key pair protected with a strong password..

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

In both cases the VPN or SSH tunnel is established then the RDP link...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

Phillip Windell said:
If you did that it would expose RDP of the server directly to the
internet,..and it would be the only one you could do this with and you
would
not be able to use RDP to any other server,...at least not without jumping
through a bunch of hoops.

The correct solution is to use VPN. After VPN is established you can
connect via RDP to any machine you want.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------

Sven Kreininger said:

If the remote desktop server system is behind a router is it required to put some
NAT forwarding directions in the router ?

If yes, which ?

Read: Which port is/ports are being used from the RD client to access the RemDesktop Server ?

Sven

Click to expand...

Peter · May 6, 2006

If you did that it would expose RDP of the server directly to the

internet,..and it would be the only one you could do this with and you
would
not be able to use RDP to any other server,...at least not without jumping
through a bunch of hoops.

The correct solution is to use VPN. After VPN is established you can
connect via RDP to any machine you want.

To use VPN, you have additionaly setup VPN server.
By the way, to allow VPN, you have to "expose" VPN directly to the internet.
What makes you think that it is less secure than "exposing" RDP?

Also, for RDP you can use custom, nondefault ports. Can you do the same with
VPN?

Sooner Al [MVP] · May 6, 2006

With OpenVPN you can specify an alternate port and the port can be either a
UDP port or a TCP port. The default is UDP Port 1194. Its very versatile. I
happen to use a high numbered UDP port. Plus authentication is stronger
because you use a certificate and a key protected by a strong password.

The bottom line is you use whatever solution is appropriate for your level
of risk. I simply think tunneling all traffic through one hole in my
firewall in order to have access to multiple PCs is safer than multiple
holes particularly when that is coupled with a strong authentication scheme.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

Andrei Ungureanu · May 7, 2006

port 3389 TCP is used by RDP/Terminal Services
If you router is doing NAT you'll need to forward port 3389 to your private
host.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Lanwench [MVP - Exchange] · May 10, 2006

In

Sven Kreininger said:
If the remote desktop server system is behind a router is it required
to put some
NAT forwarding directions in the router ?

If yes, which ?

Read: Which port is/ports are being used from the RD client to access
the RemDesktop Server ?

Sven

You'd want to forward TCP port 3389 to the LAN IP of your server (or WinXP
Pro box hosting Remote Desktop, etc).

Guest · Jun 9, 2006

Your post is over a month old but anyway...

When you say behind the router, I'm assuming your server has a private ip
address. You will need to use a Port Address Translation (PAT) from an
outside address. If your server is ip address 192.168.1.10, router internal
interface has ip 192.168.1.1 with an external interface ip 63.177.12.17.
Remote Desktop runs on TCP port 3389. Depending on the router/firewall you
have two variations of the same thing.

Variation 1:

Configure your router to PAT
63.177.12.17 port 3389 -> 192.168.1.10 port 3389
Variation 2:
If your ISP gave you a block of addresses then take another public IP define
another PAT like:
63.177.12.18port 3389 -> 192.168.1.10 port 3389

I'm trying to do the same using a windows server running Routing and Remote
Access. I cannot figure out how to do it. I configured it to work but then
internal hosts cannot surf. If you got it working on a window server using
Routing and Remote Access I would be interested in how you got it going.

Guest · Jun 10, 2006

I figured out how to do this. I posted asking for help because I configed it
and it hosed all NATing. Turns out as I was adding addresses to the NAT
Address Pool you must use the same subnet mask as the NATing interface. I
was adding my addresses one at time and and was using a subnet of
255.255.255.255 like you would in a cisco access list!

RDP to PC behind NAT router	4	Feb 22, 2008
Tool for working remotely with two PCs connected both via NAT-routers	2	Aug 8, 2006
Can I VPN to a Win XP (server) behind net router?	2	Jul 19, 2008
Remote Desktop through NAT?	2	Apr 20, 2004
Remote assistance and NAT	2	May 31, 2005
Remote Desktop through a Linksys Router	5	Feb 26, 2009
Remote Desktop 2 PC's behind router	5	Nov 11, 2005
DHCP + NAT port forwarding = does NOT work ??	6	Sep 26, 2006

Settings for NAT forwarding if RemDesktop system is behind router ?

Sven Kreininger

Pegasus \(MVP\)

Millybags

Phillip Windell

Sooner Al [MVP]

Peter

Sooner Al [MVP]

Andrei Ungureanu

Lanwench [MVP - Exchange]

Guest

Guest

Ask a Question

Similar Threads