All home networking related discussions.
TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Remote Access

Tue May 31, 2005 10:48 pm

Hey guys,

This is my first post - hopefully this is the best place for it.

I have a small network at home that I am trying to connect to remotely (via Remote Desktop, or anything else that will work). I have a Dynamic ip address assigned from my ISP. I have configured my router to work with DynDNS.org. I have also forwarded port 3389 on my router and assigned a static IP address to my server (the one that I want to access remotely). Lastly I have enabled remote desktop connections on the server.

I am currently running Windows XP pro on all of my machines. I can connect using several different methods from the LAN side of my router (computer name, Local IP, DynDNS hostname, Internet IP address), but I am having problems with connecting from the WAN side.

If I left anything out, let me know. Thanks for the help,

TravisT

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Tue May 31, 2005 10:54 pm

What type of router?

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Tue May 31, 2005 10:57 pm

It's a Linksys WRT54G.

Also, I plan to integrate a 1900 series cisco switch into the equation later this week. I don't think this will change the outcome any but just so it can be known.

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Tue May 31, 2005 11:07 pm

Can you post screen shots of your router's port forwarding (et al) configs?

Also, have you tried making your server the "DMZ"? I believe that will forward all inbound requests to the server and therefore rule out tcp vs udp & wrong port number issues...

BTW, I think I'm going to create a "Home Networking" section and move ths post there. I think there is a lot of interest out there in this type of topic.

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Tue May 31, 2005 11:08 pm

Sounds good on moving the post. I will post screenshots tomorrow.

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Tue May 31, 2005 11:09 pm

Have you tried the DMZ?

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Tue May 31, 2005 11:23 pm

No I haven't, I guess that would be a good place to start. I will try that tomorrow also.

If my IP address is configured correctly with DynDNS, when I type the domain name into a web browser shouldn't I get my router's login page? Does that only work from the LAN side?

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Tue May 31, 2005 11:26 pm

If my IP address is configured correctly with DynDNS, when I type the domain name into a web browser shouldn't I get my router's login page? Does that only work from the LAN side?


Not sure on that one. I thought those things allowed for outside management via a browser...is it port 80 or something else? Sounds like a question for the manual:

ftp://ftp.linksys.com/pdf/wrt54gv1.1_ug.pdf

(page 32)

:wink:

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Tue May 31, 2005 11:35 pm

Uh oh...

You threw the book at me!

I did not have that enabled before, but I can't imagine that having anything to do with my remote desktop right??

There are probably too many pages to post all of my config, but if there are specific pages that would be helpful I can post those.

I will have to find a site to upload the screenshots to since we can't upload.

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Wed Jun 01, 2005 6:41 am

I did not have that enabled before, but I can't imagine that having anything to do with my remote desktop right??


Probably not, but it could confirm you have the correct public IP address...

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Wed Jun 01, 2005 2:00 pm

I seem to remember needing to open two ports for RDp when I was using it on my old domain controller... I'll take a look and see if I can find it.

As well, I would seriously suggest you NOT use the DMZ option as that will effectively put that machine directly on the internet, while still haveing access to you LAN. If you're satisfied with the security on it then go for it, just realize the consequences.

Infinite

Edit:

Well, I think I must have been wrong about the two ports. Not too sure what I was thinking there... All the docs I just looked through say you only need TCP port 3389.

The only other thing I can think of right off the top of my head is windows firewall blocking it?

Also

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Wed Jun 01, 2005 4:53 pm

That's the main reason that I didn't try DMZ in the first place (security). I know that when you enable remote desktop, it is supposed to disable the firewall in windows. I would not take this for granted except for the fact that I CAN connect, just not from the WAN, only from the LAN.

If the firewall was blocking the port, that would block it from both LAN and WAN. Here is my screenshot.

http://usera.imagecave.com/TravisT/PortForwarding.JPG

I am also thinking about updating my firmware in my router to enable some more features (and to practice with the added features). Maybe this will give me more control over what is happening.

jsfeni
New Member
Posts:
10
Joined:
Mon Apr 04, 2005 11:54 am

Thu Jun 02, 2005 2:53 pm

Well assuming 192.168.1.100 is the IP of your server, it looks correct.

The other things to check are that your DYNDNS.ORG account is updating correctly.

The only other thing I can think of right now is a routing problem. I assume the server can access the Internet. If the gateway is not set correctly, it can't respond to the request. However it would still work for the local subnet.

I have the same router with multiple hosts behind it runnig RD.

As suggested before, make sure you can at least access the config page from the Internet.

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Thu Jun 02, 2005 3:44 pm

192.168.1.100 is indeed my server's IP address. I can access the internet normally on my server.

Could it possibly be something with my ISP?

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Thu Jun 02, 2005 3:52 pm

Are you able to portscan yourself from the outside to verify that the port is open?

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Thu Jun 02, 2005 3:58 pm

yes port 3389 is open when I try portscanning from www.grc.com

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Thu Jun 02, 2005 4:55 pm

Ah HA!

Ok, now wer're getting somewhere. I think we can safely rule out your home network as the problem then.

What about where you are connecting from? Is it firewalled? is there a personal firewall on the client pc? If you telnet to port 3389 does it at least open a TCP session?

Infinite

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Thu Jun 02, 2005 11:49 pm

The same laptop that I use on my home network is the one I try to connect remotely with. I am not at home right now. I tried connecting through IE using my IP address (at home) my domain name and I tried port 8080 (that is what is enabled for remote router management), telnet port 23 (enabled in router firmware), and no port specified (port 80 I assume). I also tried connecting directly using hyperterminal and still no-go. The only firewall I have installed on the PC is the windows firewall in SP2 (XP Pro). Both computers should be configured correctly since it works from behind my lan. I really think my ISP does something to block this - I just don't understand what.

TravisT
Senior Member
Posts:
496
Joined:
Tue May 31, 2005 10:33 pm
Certs:
CCNA, Sec+

Wed Jun 08, 2005 6:09 pm

update:

I went to the extreme of calling my ISP because I have officially driven myself crazy trying to make sense out of this. I was hoping that they were going to tell me that they blocked port 3389 for some strange reason. Unfortunately they said that they only blocked ports 130-140 (or something like that).

Guess I'm back at square one...


Return to Home Networking

Who is online

Users browsing this forum: No registered users and 62 guests