Multiple remote desktop behind nat.

January 2, 2010 at 08:20:02
Specs: Windows XP
hi there,

I'm trying to connect to a remote pc at my
office using my home laptop.

we have enabled remote desktop on all
computers and changed the listening port from
3389 to 3395

PC1 : ip : 192.168.1.6 : RD listening port 3389
default
PC2 : ip : 192.168.1.7 : 3390
PC3 : ip : 192.168.1.8 : 3391
PC4 : ip : 192.168.1.9 : 3392
PC5 : ip : 192.168.1.10: 3393
PC6 : ip : 192.168.1.11: 3394
PC7 : ip : 192.168.1.12: 3395

We than set up our router to this configuration:

entry1
local ip : 192.168.1.6
public port from : 3389
public port to : 3389
local port : 3389

entry2
local ip : 192.168.1.7
public port from : 3390
public port to : 3390
local port : 3390

entry3
local ip : 192.168.1.8
public port from : 3391
public port to : 3391
local port : 3391

...
and so on for all pcs..


we are able to connect each other within the
office lan. eg. from pc1 to pc2
192.168.1.7:3390 and it works perfect.

We are not able to connect all the pc's from
the public network or from my home laptop
except PC1.

When I try from my home laptop
officeExternalIp:3389 it works it connects the
pc1

however when i try to connect the pc to via
officeExternalIp:3390
it doesn't connect.

we have tried several methods with the router
configuration and noticed that only 3389 port is
connecting fine.

I assume my laptop sending remote desktop
request via 3389 port. in other words my office
router getting remote desktop request only on
3389 public port even when I try
officeExternalIp:3390.

That's why only PC1 is connectible where
others unresponsive to the RDc request.

Does anyone knows how to change the
remote desktop requesting/sending port?


regards
Krishan .J


See More: Multiple remote desktop behind nat.

Report •


#1
January 2, 2010 at 08:41:09
The correct term for sending ports is source ports & they are random in windows, unix & linux. In other words, you don't choose them. I don't use remote desktop but as far as I know, the from port should be "any".

Also, from what I've read, there is a way to make one remote connection & still access all machines on the network. I don't think you need to create a connection for each PC.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
January 2, 2010 at 09:13:02
yes you were right, i can connect the pc1 and from the pc1
i'am able to connect the others. Due to the quality of
connection and some other reasons i wan to connect the pcs
in separate windows.

even i set my router the global port to any for all 7 entries..
same result only the default 3389 port is connecting.

is there any way I can change the source port? so my router
recognises there are 2 different RD connections on two
different ports incoming?

regards

krishan. J


Report •

#3
January 2, 2010 at 09:13:38
It would appear your router config is not working correctly.

Did you reboot it after the port changes?

When you do officeExternalIp:3390 from the internet it should work. After all in the rdp session you put that very ip:port so you are now sending on that port.


Report •

Related Solutions

#4
January 2, 2010 at 09:24:02
yes I have saved and restarted the router..
currently my settings are:

PC1 : ip : 192.168.1.6 : 3389
PC2 : ip : 192.168.1.16 : 3316

router:
entry1
local ip : 192.168.1.6
public port from : 3389
public port to : 3389
local port : 3389

entry2
local ip : 192.168.1.16
public port from : 3316
public port to : 3316
local port : 3316

entry3
Local ip : 192.168.1.16
public port from : 0
public port to : 65535
local port : 3316

have saved and rebooted the router.. when I call officeExternaIP im get connected to the PC1
when i call officeExternaIP:3389 im gettin connected to PC1
when i call officeExternaIP:3316 no responce

note:
when i delete the first entry form my router, than only im able to connect the pc2

can anyone see what im doing wrong?


regards

Krishan. J


Report •

#5
January 2, 2010 at 09:54:50
I guess you didn't understand about the source port being random. You still have a number there.

How do you know when a politician is lying? His mouth is moving.


Report •

#6
January 2, 2010 at 12:12:55
The public "from port" is random from 1024 to 65535.
The public "to port" is 3389 a.s.o.
The local "port" is 3389 a.s.o.

Report •

#7
January 2, 2010 at 16:20:30
hello paulsep,

thx for you comment, but I assume you didnt understand my situation, my previous post
says i have three entries in NAT section and it is listed below. maybe some programmes
uses random ports to connects to their clients but I'm sure RemoteDesktop only uses
3389.

all your configuration is only if i have single pc behind a NAT than your settings will work but i
have multiple computers. It means my router has to recognize there are more than one
different incoming requests which should be translated to different local ips.

lets say the router getting remote desktop request over the port 3389, on my NAT settings it
says everything coming via 3389 pass to the 3389 to the local pc1

assume im currently remotely connected to the pc1 using 3389 and now I want to connect
my pc2 in a seperate window. I open remotedesktop and enter my externalip:3316 to
connect the second pc.

here is the problem what im talking about, my router getting second remote desktop requst
again over the port 3389 not 3316. of course my router transfers the request to the pc1 not
pc2.

is it clear now??
I just want to send a RD request with specified public port in which it will hit my router
so it can recognize and translate to the local ip.

here my current settings.

Router:

entry1
local ip : 192.168.1.6
public port from : 3389
public port to : 3389
local port : 3389

entry2
local ip : 192.168.1.16
public port from : 3316
public port to : 3316
local port : 3316

entry3
Local ip : 192.168.1.16
public port from : 0
public port to : 65535
local port : 3316

currently I'm able to reach the PC1 but not the pc2
when i delete the entry1 I'm able to reach the PC2.

for your satisfaction I have deleted the entry3
and changed the entry1 and entry2 by following

entry1
local ip : 192.168.1.6
public port from : 0
public port to : 65535
local port : 3389

entry2
local ip : 192.168.1.16
public port from : 0
public port to : 3316
local port : 3316

i have also tried with
entry2
local ip : 192.168.1.16
public port from : 0
public port to : 3389
local port : 3316

all connects to only PC1.. any more suggestion? if you wan i can let you connect my pc
though teamviewer or vnc, so you can try yourself.


regards

Krishan. J


Report •

#8
January 2, 2010 at 17:17:25
ImKrishan

I understood you situation.
The a.s.o. meant, the other ports you listed like 3316, 33xx whatsoever.
The point is, the public ports from and to, must be from 1024 to 65535 because a client that tries to establish a connection to one of your PCs inside your network will use a random port out of the range of 1024 to 65535.
Therefor your public from must be 1024 and the public to must be 65535.

Thats the point.


Report •

#9
January 2, 2010 at 17:26:27
Ah, your problem is, that you haven't changed the ports for Remote Desktop.
See this howto:
http://support.microsoft.com/?scid=...

Report •

#10
January 2, 2010 at 22:37:10
In the first OP post
"we have enabled remote desktop on all
computers and changed the listening port from
3389 to 3395"

I took that as changing the listening port.

I don't thing the router is working correctly. Forward to pc2 if the only entry is evidence of this.

Perhaps a bios upgrade for the router IF this fits a bug fix....


Report •

#11
January 3, 2010 at 03:54:23

"paulsep wrote:
I understood you situation.
The a.s.o. meant, the other ports you listed like 3316, 33xx whatsoever.
The point is, the public ports from and to, must be from 1024 to 65535 because a client that tries to
establish a connection to one of your PCs inside your network will use a random port out of the
range of 1024 to 65535.
Therefor your public from must be 1024 and the public to must be 65535.
Thats the point."

I dont want to connect within the LAN, i want to be able to connect all 2 computers outside of the
LAN in separate windows.
so whats the point having an entry
entry1
public from:1024
public to :65535
locacl : 3389

entry2
public from:1024
public to :65535
locacl : 3316


it means anything comes between 1024 and 65535 will be passed to the first entry which is my
first PC. Even if the second remote desktop request comes in a different port lets say 3316
it will automatically transfered to the PC1 because the first entry has a range of 1024 and 65535.

paulsep NAT settings only for outside connections, not within LAN.

YES I HAVE ENABLED LISTENING PORTS in registry key.

my questions is why i'm unable to specify the remote desktop source port??
why my router always get remote desktop request on port 3389 even when i call
ExternalIP:3316?

is there any settings I can change on registry? or any software that i can specify the port?
please help.


regards

Krishan. J


@paul
do you have a laptop and a desktop ?
try to do what im trying to do. try to access the desktop and the laptop out side of your home in
separate remote sessions. you will see what im talking about.


@ wanderer
have you tried such a settings is it working for you? if yes i might agree my ADSL+2 router is not
working properly.
btw.. do you speak Deutsch?




Report •

#12
January 3, 2010 at 07:34:41
Ok, so have you already checked, the ports, e.g. 3316 is open and visible to the internet?
You can check it here:
www.auditmypc.com

Also when you're trying to establish the remote desktop connection to e.g. 192.168.1.7, did you enter the following in the remote desktop client:
e.g.:
dest_public_ip:3390

?


Report •

#13
January 3, 2010 at 07:39:27
Are you using an SSH tunnel through Putty? If not, do you think it's worth trying?

How do you know when a politician is lying? His mouth is moving.


Report •

#14
March 30, 2010 at 11:45:07
I'm not sure if you ever got this figured out but I am doing exactly what you are doing with a Cisco PIX. You don' have to change the listening port on the machines you want to connect to.

On my PIX I first had to first allow access from the outside in on port 3389. You should only have to do this once, basically you are opening the port up to allow traffic from the outside interface to the inside interface. On the PIX the command looks like this.

access-list outside_access_in permit tcp any interface outside eq 3389

Then I had to create a static route to each computer. One key thing here is the internal IP address of each workstation cannot change. You either have to set them to statics or reserved DHCP IP addresses. When setting up the static route you will set the outside port to what ever you like for example 3390, and then you set the inside port to 3389.
As part of the static route you will also need to include the IP address of the computer. On my PIX the command looks like this.
Computer 1
static (inside,outside) tcp interface 3392 192.168.1.42 3389 netmask 255.255.255.255

Computer 2

static (inside,outside) tcp interface 3393 192.168.1.43 3389 netmask 255.255.255.255

You would need to configure a route for each workstation. I don't know what type of router you are using, but you should be able to something similar on it.

If you are trouble shooting I would do the following.
First make sure you can connect to each workstation from the LAN side using remote desktop.

Then I would look at your router logs and see what is happening when you are trying to connect from the outside, it should tell you if it is being blocked or if it does not know what to do with the traffic.

I would also make sure that there is a clear network path from the router to the workstations. Are there any switches or other routers between your workstations and your outside router. Is there a firewall between your router and the internet? Some Cable/DSL modems have built in firewalls. Also is it possible your ISP is blocking those ports. I know my ISP blocks some ports.

Anyways good luck and I hope you have it resolved or this information helps you to resolve it.


Report •

#15
March 30, 2010 at 11:55:35
I want to add on more thing. paulsep was rambling on about random ports. Remote Desktop does not use random ports. It uses one port and that port is 3389. No ifs ands or buts! If you think its using random ports you are high and you should take another hit off your crack pipe. If you don't know what you are talking about, you should be on here giving out advice. All you are doing is confusing people and making yourself look like an idiot.

I also forgot to add when you connect from the outside using Remote Desktop client you will need to include the port number. For example if your outside ip address is 209.85.225.99, and your internal computer has a static route set on your router using port 3390, you would use 209.85.225.99:3390 in the Remote Desktop Client Computer name field, to connect to your internal workstation. If you don't add the port on, it will use the default port for remote desktop which 3389 and if you have that set to a different computer it will connect to that computer instead of the one you want to.


Report •

Ask Question