17 replies to this topic

[XxthugstylezxX]

Ok i've registered at dyndns got my domain etc etc. I configured everything to allow myself to RDP to my desktop from where ever. Everything on a default stand worked perfectly. However i tried to secure it and now it does not work at all.

What i've done security wise:
- Changed the default port that terminal service listenes on via registry edit. In this case i've changed the default port from 3389 to 3387.
- Changed local security polocies to allow only 1 user, in this case my added administrators acount. I deleted the administrators group, and remote login group.
- I configured my router which is where i believe the problem is to port forward on port 3387.

I unfortunatly use at&t's modem/router/wireless 2wire. Model 3800HGV-B. For those of you that use this god aweful device. You know that the "firewall" is complete crap. You really cant port forward. You can only define a firewall exception. When i added the default RDP, and Remote Assistance it worked. Now it does not work.

Sorry if that did not make much sense im currently on about 3 hours of sleep for the past 48 hours. However any help would be appriciated.

[tekio]

Nmap-online or Shields Up might help determine if the modem is accepting connections on the specified RDP port. Hope that helps a little.

[mirrorshades]

Make sure that you're specifying the correct port from outside. In other words, are you forwarding port 3389 on the WAN to 3387 on your target, or are you forwarding port 3387 on the WAN to 3387 on your target?

Can you RDP to your box on port 3387 on the local network?

Also, get some sleep instead. If you're lacking as much as you say you are, your brain will begin to shut down soon and you'll just make bad decisions about stuff. (Like, real-life stuff, not just this.)

[phr34kc0der]

Whenever i need to check whether my router is forwarding ports correctly i use http://canyouseeme.org/

[XxthugstylezxX]

All of those were/are great suggestions.

- Nmap-online did not show any good results. Granted it's been a while since i've used nmap.
- sheilds up also did not turn up any results for me
- canyouseeme.org showed my newly listening port of 3390 open and forwarding correctly, and i also checked 3389 and the previous one i set of 3387 that both did not get through.

Seeing that conyouseeme.org shows 3390 does port forward that mean that its on my computers end of why i cannot connect?

If anyone wants to try, and by all means its my computer and i am giving explicit permission to do so. Try to connect to xplicit.servebbs.com:3390

[tekio]

I can connect, check your logs. Are the encryption levels correct for both client and server. Oh ya, a lot of modems/routers will not allow connection from the LAN/WLAN to reversed back to the WAN. My Qwest Action Tech was like that.

Edited by tekio, 08 February 2009 - 02:22 PM.

[XxthugstylezxX]

That may be what it was then. Before i set the new port, it was working locally on my lan. Obviously through another computer. However since doing everything else i have yet to be able to use that same computer to remote. My overall goal is to beable to work on my computer obviously anywhere. However i also want to connect locally, which thinking about it I can do via work groups. Thanks for the help, just a bit more testing and hopefully i can move onto my next tasks. =)

[phasma]

When I RDP to your server, it asked me for login credentials.

[XxthugstylezxX]

When I RDP to your server, it asked me for login credentials.

Was that with the default port? Or with the port I have RDP listening on via 3390?

[tekio]

When I RDP to your server, it asked me for login credentials.

Was that with the default port? Or with the port I have RDP listening on via 3390?

xplicit.servebbs.com:3390

Just tried the default and it times out.

Edited by tekio, 08 February 2009 - 02:42 PM.

[mirrorshades]

If anyone wants to try, and by all means its my computer and i am giving explicit permission to do so. Try to connect to xplicit.servebbs.com:3390

Works for me. Im in ur RDP, haX0ring ur d00ds.

And yes, if you're trying to connect to the *outside* of your network from the inside, chances are that it will just timeout. This is designed to prevent packets traveling between two nodes on your local network from taking a field trip through the Internet first.

[phasma]

If anyone wants to try, and by all means its my computer and i am giving explicit permission to do so. Try to connect to xplicit.servebbs.com:3390

Works for me. Im in ur RDP, haX0ring ur d00ds.

And yes, if you're trying to connect to the *outside* of your network from the inside, chances are that it will just timeout. This is designed to prevent packets traveling between two nodes on your local network from taking a field trip through the Internet first.

You didn't get prompted for any type of login credentials?

[XxthugstylezxX]

This is great feedback. Thanks guys! Now that i have all your IP's logged time to start my real dirty work hehe.

So I guess what i've gathered and based on what's been said. The default port of 3389 will work locally? As it has before, before i started tinkering with the security. However when I have terminal service listening on a different port it will not work locally, due to packets going out and coming back in. Which makes perfect sense. That is unless my machine was sitting on a DMZ. However and this is something im going to be able to test myself... I should be able to use RDP locally through my local work group? Still using the newly defined port terminal service is listening on. I guess I still have a bit of work to do.

Again thanks guys. You saved me the trouble of having to call a bunch of friends that know nothing about computers and explaining step by step how to do this. hehe

[mirrorshades]

You didn't get prompted for any type of login credentials?

Well yes, of course I did. But that's the point up to which he was testing; he just wanted to be able to get to the login screen from Teh Interweb.

[mirrorshades]

So I guess what i've gathered and based on what's been said. The default port of 3389 will work locally? As it has before, before i started tinkering with the security. However when I have terminal service listening on a different port it will not work locally, due to packets going out and coming back in. Which makes perfect sense. That is unless my machine was sitting on a DMZ. However and this is something im going to be able to test myself... I should be able to use RDP locally through my local work group? Still using the newly defined port terminal service is listening on. I guess I still have a bit of work to do.

What port is RDP set to on the machine you're trying to connect? That is the port you should use when on your local network... don't worry about what your WAN is set to, since it doesn't matter (you should just be using the local hostname or IP address from inside your network).

3390 works from outside, but that has no bearing on the server itself; that's just the port forwarding. You could have 3390 on the outside forward to 3389 on the target box and it would work the same way. You can have any port on your WAN forward to any server/port on your LAN, and neither one has any bearing on the other... you just have to remember that they might be different when you're outside.

[XxthugstylezxX]

So I guess what i've gathered and based on what's been said. The default port of 3389 will work locally? As it has before, before i started tinkering with the security. However when I have terminal service listening on a different port it will not work locally, due to packets going out and coming back in. Which makes perfect sense. That is unless my machine was sitting on a DMZ. However and this is something im going to be able to test myself... I should be able to use RDP locally through my local work group? Still using the newly defined port terminal service is listening on. I guess I still have a bit of work to do.

What port is RDP set to on the machine you're trying to connect? That is the port you should use when on your local network... don't worry about what your WAN is set to, since it doesn't matter (you should just be using the local hostname or IP address from inside your network).

3390 works from outside, but that has no bearing on the server itself; that's just the port forwarding. You could have 3390 on the outside forward to 3389 on the target box and it would work the same way. You can have any port on your WAN forward to any server/port on your LAN, and neither one has any bearing on the other... you just have to remember that they might be different when you're outside.

I have RDP on my local machine listening on port 3390. Due to my router not really port forwarding I had open up the port on the firewall of the router. So I really couldnt just have port 3390 forward to RDP's default 3389 without buying a different router. Since it's not my house I really cant up and buy a new router and say hey Mom/Dad im replacing this POS with this not so POS. That's why i took the route I did. Testing further I could still remote locally to my machine however i still had to specify the port. The default port did not take. Thanks again guys for all the help.

[johnnymanson]

If you can log on to the remote desktop on the non-standard port locally but not remotely, it is possible that the remote client is being blocked by the firewall where you running the client. Many schools and businesses don't want you to connect to outside servers and may have your chosen port as well as 3389 blocked. Try connecting from several different places before you give up. You may have to search for another port that the firewall allows.

[johnnymanson]

I was able to connect and get the login prompt on your remote desktop. It must be setup correctly. If you are using Vista as a client this could be a problem. I have has problems connecting to a non-standard port from a Vista client before. You can temoprarily shut off the firewall on the Vista machine and test. If you can connect with the Vista firewall disabled, this it the problem. I had to use Commodo firewall instead of the Windose firewall. Good luck!