Windows remote desktop question

Discussion in 'OT Technology' started by Homan, Jul 18, 2006.

  1. Homan

    Homan Unconquerable OT Supporter

    Joined:
    Mar 12, 2002
    Messages:
    9,764
    Likes Received:
    0
    Location:
    Seattle, WA
    You have a group of computers behind a router that is connecting to the internet, all using NAT IP addresses and you try to remote into one by putting in the router IP address, which computer would the router know to forward the packets to?

    Given that remote desktop is turned on all the PCs?
     
  2. Nefarious77

    Nefarious77 Guest

    You would only be able to access 1 computer behind the router after setting up the port forward. Once in that PC, you can remote to the others if you know their network IP address.
     
  3. Homan

    Homan Unconquerable OT Supporter

    Joined:
    Mar 12, 2002
    Messages:
    9,764
    Likes Received:
    0
    Location:
    Seattle, WA
    what if you told the router to port forward on multiple IPs of PCs within the network?

    when you want to be able to access different PCs within the network, how can you select which PC you want to connect to ?

    or is it just random?
     
  4. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    you can only port forward a given port to ONE IP.

    To access 3 PCs, you would configure RDC on 3 different ports... Portforward the 3 ports, and the one you connect to will be that PC.
     
  5. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    This makes me wonder...how does Remote Assistance allow me to connect to my mother's computer over the internet, bypassing the NAT service both on my router and her router? This is one bit of networking arcana that's always somewhat perplexed me.
     
  6. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    Your router probably ports every port it doesn't use onto your computer. Your mother's computer probably ports every port it doesn't use onto her computer.

    It's only when there's a few computers behind the router that it's complex.. Then it depends on the routers config (which can be changed).
     
  7. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I disagree with piratepneguin (again, imagine that!)

    Your routers probably support UPnP... This is a protocol that allows the computer to communicate with the gateway it sits behind, and negotiate to automatically open and forward ports on an as-needed basis.
     
  8. Yep

    Yep Knick knack paddy whack, give the old dog a bone

    Joined:
    Jan 22, 2001
    Messages:
    4,603
    Likes Received:
    0
    Location:
    South Jersey

    To break it down more simply. RDP uses port 3389 by default. If you're connecting to each of the three computers (Named A, B, and C) from OUTSIDE your network you would need to setup your router and/or firewall to forward three different ports.

    For instance, all TCP traffic coming into your router on port 4000 would be re-directed to computer A's port 3389. All TCP traffic coming in on port 4001 would be forwarded to computer B's port 3389, and TCP traffic on 4002 would go to computer C's port 3389.

    I would avoid using port 3389 for any of the computer's. It won't protect you from someone doing a full port scan but it would throw off the kid scanning IP ranges for that port being open.
     
  9. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    actually, "Yep" is wrong. Most routers do not support port forwarding from one TCP port to a different port on the internal network. You would actually re-configure each individual machine to listen for RDP connections on the non-standard port.
     
  10. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    Every router I have ever owned since 1998 has had the ability to re-direct traffic to different destination port. This is typically the setup I use as well. Especially avoiding having to change the listening port on every single client machine :ugh:
     
  11. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Linksys:
    [​IMG]
    Netgear:
    [​IMG]

    two examples of popular routers that don't support this... So "every" router is somewhat of an over-statement, wouldn't you agree :rolleyes:
     
  12. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    yea because everybody in their life has either owned a linksys or a netgear. :ugh:

    I have always had a box running ip tables/chains personally and i install cyberguards for the majority of my smaller clients, who don't require Cisco.

    [​IMG]
     
  13. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Do you realize the thread starter has made no indication to what router he has, and he is most likely using a cheapo home-gateway solution such as the linksys or netgear???

    The likelyhood of him using a linux box running IPTables is extremely slim.
     
  14. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Ding!

    Remote Assistance requires that ONE party be behind a UPnP device (if they are both NAT'ed).
     
  15. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    It's basically the same idea. I never understood what UPnP was all about, thanks for the explanation.
     
  16. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    It's DEFINITELY NOT EVEN CLOSE to the same thing.

    What you describe is best known as "DMZ"
     
  17. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    No, but ports are forwarded to the one computer usually, which is the same idea.
     
  18. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    no.
     
  19. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    BTW - you want to know the best way around this problem? VPN into the network and then remote desktop whatever computer you want.
     
  20. AbortionSurvivor

    AbortionSurvivor Active Member

    Joined:
    Jun 5, 2002
    Messages:
    3,016
    Likes Received:
    0
    Location:
    Nor. Cal

    FTW
     
  21. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    You know, we did this at my office, and the performance sucked compared to the GoToMyPC connections that we had been using.
     
  22. Yep

    Yep Knick knack paddy whack, give the old dog a bone

    Joined:
    Jan 22, 2001
    Messages:
    4,603
    Likes Received:
    0
    Location:
    South Jersey

    meh... my Westell 327W does, which is standard issue for most Verizon DSL customers. That's all I'm going to say about this subject since you love to argue and nit pick details with everyone.
     
  23. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Surprising since there's barely a difference between remoting a local server, a WAN server or a server from home on our network.
     
  24. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Yeah well, you probably have a good VPN. See, our VPN was installed by a nice Alabama IT company owned by a friend of our CEO; the VPN box is made by some company called SonicWall, and the ONLY way to use it is through the box's website interface -- no old-fashioned, reliable standard network connections for us, no sir.

    If you can't afford a good VPN, GoToMyPC is a reasonable choice for remote desktopping across the internet.
     

Share This Page