Can't connect from remote desktop using different ports

February 28, 2012 at 09:38:27
Specs: Windows 7
Hey everybody,

I have three desktops at home and they're all configured for remote desktop.
Within the network, each computer uses the default listening port (3389), so all I have to do is type the internal IP address of the computer I wish to connect to.

The problem occurs when I try to acess the computer from outside my network.
I've set random external port-forwarding using my router settings.
For exmaple:

Computer #2:
Local IP address: 10.0.0.2
Internal listening port: 3389
External listening port: 25114

But it doesn't seem to work.
It only works when I set the external port to 3389. But since I have more than one computer (and also due to security purposes), I really don't want the external port to be the default.
Any idea(s) as to what I should do?

Thanks!

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


See More: Cant connect from remote desktop using different ports

Report •


#1
February 28, 2012 at 10:45:33
From what I can see, your setup won't work because your router is looking for a different port number from the one actually being used.

There's a simple solution, RDC into one computer inside your LAN and then from it, remote in to the others.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
February 28, 2012 at 11:25:49
Thanks for the reply, but I'm sorry, Curt. I don't follow.

I can't RDC into any computer, unless I'm using port 3389 (both external and internal).

My main objective is to be able to connect using different external ports to any computer (all using internal default port 3389).

I thought about changing the listening port on all stations, but since I'm using Windows built-in Firewall, I'd figured it's best to stay with the default one.

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •

#3
February 28, 2012 at 14:16:03
The solution is you have to first change the RDP listening port on two of the pcs.

http://support.microsoft.com/kb/306759

The configure port forwarding to each pc like so

pc1 port 3389 192.168.1.10
pc2 port 3390 192.168.1.20
pc3 port 3391 192.168.1.30

To access remotely you type in wan ip:listening port number

CurtR's advice is the easiest way to do this.

Your approach is trying to use address translation but it can't work due to invalid ports you used as well as they don't match the listening ports.

You can't get to all three using the same port number. This is an absolute.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
February 28, 2012 at 14:59:12
I agree with wanderer totally and would have mentioned changing RDP ports but the simplest solution is a port forward on your router using 3389 that points to one PC (192.168.1.10 - as per wanderer's example). Once you've connected to that PC, you then run RDC on it and connect to the other PC's (one at a time of course).

If you absolutely have to do it the more complex way have at it, wanderer supplied you with all the info, and a link, that you'll need to do it.

Me, I prefer to keep it as simple as possible because it's easier to support long term. But that's just me and I'm basically lazy by nature.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#5
February 28, 2012 at 16:13:54
working smart isn't being lazy :-)

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#6
February 28, 2012 at 23:44:25
I'm not convinced that what you guys say is entirely true. On some routers it is possible to configure port forwarding so that (e.g.)

123.45.67.8:12345 -> 192.168.1.1:3389
123.45.67.8:12346 -> 192.168.1.2:3389

etc., which sounds like what the OP is trying to do. He would then be able to do remote desktopping internally by specifying just the IP address and externally by specifying the external IP address and corresponding port.

Of course this relies upon his router being able to port forward in this way. So the first question to be asked is what make and model is the router?


Report •

#7
February 29, 2012 at 02:42:54
Hey all, and thanks again for the replies!
I've read all your comments and ijack here nailed it.

That's what I'm trying to do.
I'm using Dlink DSL modem-router 2760U.
I'm pretty sure I'm configuring it just right. I have no idea why it doesn't work though.

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •

#8
February 29, 2012 at 04:00:04
Well, looking at the manual (pp.49-50), you certainly should be able to do that with your router. Try it with just one port forward, setting the External Port Start and Finish both to 1234 (for example) and the Internal Port Start and Finish to 3389 with the appropriate Server address. Set the protocol to TCP/UDP. This should work. If it does then try adding another similar rule and see what happens.

One thought does strike me - you are testing from a computer external to your network, aren't you? Port forwarding won't work if the computer you are testing from is within your network.


Report •

#9
February 29, 2012 at 06:35:13
Exactly what I did, ijack.
Tried it again even with 1234 but with no luck.

As for your question - that's a definite yes.
I'm testing the connection using my neighbor's unsecured wireless and even 3GS on my mobile sometimes.

I've no idea why it doesn't work.
Do you think I ought to change the listening port and get done with it?

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •

#10
February 29, 2012 at 07:07:40
wanderer

working smart isn't being lazy :-)

LOL - It's been said, "neccessity is the mother of all invention." I beg to differ, it's laziness. Someone looks at something and says to him/herself "This is way too much work" and proceeds to figure out a simpler, easier, way to accomplish the same task. As I've said in the past, "I'm not lazy, I'm an efficiency expert!"

paradoxwizard

I've read all your comments and ijack here nailed it.

This would have been good to know at the outset. What I read didn't sound quite like what ijack said.

I'm curious why you want to do something this complex when you could accomplish the same thing in a much easier fashion (ie: my "lazy" approach)?

I'm a firm believer in KISS and unless there's a specific reason to torture yourself trying to set this up, and therefore leave yourself open for extra work later when troubleshooting issues, I would do it the easiest way possible.

So why are you doing it this way specifically?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#11
February 29, 2012 at 07:14:55
Hey, Curt.

Sorry I didn't make myself clearer.

I don't think what I'm doing is that complex.
All in all, it shouldn't be problematic.

And as I said, since I'm using Windows built-in firewall, I'd rather use the default port, being a predefined rule and all.

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •

#12
February 29, 2012 at 07:27:29
I don't think what I'm doing is that complex.
All in all, it shouldn't be problematic.

In the face of all you've unsuccessfully tried to-date you're still not getting that it is indeed complex.

I know you thiink it shouldn't be problematic, but it is, as is proven out by your inability to get it working.

Keep in mind you're using a SOHO Router to do this which is not the same thing as using an enterprise level device. Even if the manual says it's capable of doing what you wish, that doesn't mean it can, or will do it properly. The fact that you can't get it working leads to only two conclusions.
1) You're the problem (no offense meant)
or
2) The equipment is the problem

I suspect from what you said and done already, you aren't the problem.

You still haven't answered my question so I'm going to ask again out of curiosity and cussed stubbornness.........

Why are you using such a complex approach? What are your requirements/needs that make you think this is the best way to do it.

Using my method, you can continue to use the builtin windows firewall and only need to create a single port forward on your router using port 3389. As long as all PC's in your LAN are configured to accept RDC sessions, you can, once connected to the target PC through the port forward, then fire up RDC on that PC and connect to every other PC in your LAN.

I know this works as I do it to the windows computers on my home LAN all the time and have for years.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#13
February 29, 2012 at 07:38:54
Curt,

I can think of reasons why the OP might not want to do it your way. Perhaps he doesn't want to leave one computer running all the time, for instance. Or he might like to give some people access to one PC, by telling them what port to connect to, but not to another. (Not the best security, admittedly.)

Anyway, what he wants to do shouldn't be that difficult or complex. Some might think it the easiest solution to the problem. I just tried port forwarding, changing the port as well as the IP address, with my Thompson SpeedTouch (not the most versatile router in the world), and it worked just fine. I was doing it with port 80, rather than 3389, but was able to connect to port 80 on two different machines by forwarding different ports.

I'd be interested to know why the OP is having problems like this, so await the result of a test with just one forwarding rule. (And confirmation that he is testing with a machine that is outside the local network.)

OP,

A simple way that you can test from within the network is to go to http://www.yougetsignal.com/tools/o... and type in the port you are testing. If the forward is working, and the target machine is listening on that port, it should show that port as being open. Switch of the target computer and try again, and this time it should show the port as being closed.


Report •

#14
February 29, 2012 at 07:56:52
Curt, I'm not offended at all. :)
I'm not dismissing your method "on the fly" and most of all: I do appreciate your help, as well as any one who comments here!

Without thinking too much of myself, I wouldn't say I'm an expert but I do know a thing or two about networking.

One of the reasons I don't wish to do that is security. Using the default port is kind of like sending an open invitation (I'm using DDNS). Not that any of my computers store the very meaning of life but I'm guessing I'd hate to compromise data.

Also, doing things your way means that at least two computers would have to be turned on for this. And, while in session, no one else would be able to use the computer I initially accessed (That is, unless I run a patch that would allow multiple concurrent RDP sessions).

Obviously, I have no intention to make things complex, but I am looking for the best (and comfortable) solution. My guess is, other than the method you're using, the only option left is to change the listening port on every computer, while reconfiguring Windows built-in firewall settings.

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •

#15
February 29, 2012 at 09:08:03
Thanks for answering. I was curious.

One of the reasons I don't wish to do that is security. Using the default port is kind of like sending an open invitation

Logical and I understand totally. However, knowing something is listening on port 3389 and even being able to connect to it, isn't the same thing as knowing the login information necessary to get all the way inside the LAN once you've connected to whatever is listening on that port.

Also, doing things your way means that at least two computers would have to be turned on for this.

No matter which way you slice it, if you wish to connect to a computer remotely, it has to be on.

So regardless of which way you do it, you still need to have those computers on unless the NIC's on them are WOL capable. If they are WOL capable, then you'd have to connect to one computer that's been left on in order to send the magic "wake up" packets to whichever other computer(s) you might wish to connect to. I don't know if you could send that magic packet through the router directly.

And, while in session, no one else would be able to use the computer I initially accessed

Very true. While I do this all the time at home, knowing full well nobody there is trying to use my computer, this isn't necessarily going to be true for a work environment.

Obviously, I have no intention to make things complex, but I am looking for the best (and comfortable) solution. My guess is, other than the method you're using, the only option left is to change the listening port on every computer, while reconfiguring Windows built-in firewall settings.

Actually, there is another alternative. You could use 3'd party software to connect remotely. We're using a product called TeamViewer here at work and the guys in the PC department like it a lot. It connects through a 3'd party server (both ends have to have the application up and running in order to connect) so you don't even need to play with firewall settings to use it.

It might be worth it for you to look into something like TeamViewer.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#16
February 29, 2012 at 10:01:38
ijack, I've tested several ports but I'm afraid to report it only works when the external and internal ports are the same. Really weird. Could be the router itself proving problematic, though it's pretty reliable.

Curt, while I agree that "knowing something is listening on port 3389 and even being able to connect to it, isn't the same thing as knowing the login information necessary [...]" It's still an opportunity for malicious activity and poses as a threat.

I've actually looked into this whole WOL technology. Pretty neat but, as with any, not perfect. It's irrelevant for me, I'm afraid. :)

Oh, I adore TeamViewer. It's great. The only downside is when I'm in front of a computer with strict policy and limited permissions.

I think I'll either hard reset my router or just change the listening port and modify the firewall settings.

I thank you all for your help!

"I'm tired. But then again I'm so hungry I can't sleep. But what's the point of eating if your sleepy?" - Sniff, The Moomins.


Report •


Ask Question