Windows Remote Desktop??

[Guest]

[c8799p]

Hi, I have the Comodo Pro version 3.0.25.378,  I can use Windows remote if I am home on the SAME (wireless) network, but when I am traveling, I can't connect to my home computer (where the Comodo is installed).  I added port 3389 to allow remote access, but it still doesn't work.  Is there something else I need to adjust either on the Comodo firewall OR maybe my Linksys router, or both?  Thanks!

[grue155]

Welcome to the forums, c8799p.

Remote access can be a difficult thing to set up, as you're discovering. The Windows "remote dektop" facilities don't seem to be very friendly to NAT/routers. Are you trying to use the regular Windows "remote desktop", or one of the competing products/services?

And, what model Linksys router do you have? There may be something in it's setup that needs to be tweaked also.

[c8799p]

Thanks for your help, grue155.  I'm using the Windows Remote desktop which is part of XP.  As mentioned, it works "remotely" when I remote into the HOME desktop from downstairs (using a wireless laptop on the same home network), but when I travel for work, such as in a hotel, etc. I can't remote into the HOME desktop computer.  Just so you know, I CAN remote into my WORK computer (located at a different location) using Windows Desktop Remote on the same laptop, so I know it's not the laptop, it has something to do with a setting on my HOME desktop.  You asked about router:  I'm connected first to Time Warner's cable Modem Surfboard SB4100, and in turn, that's connected to a Linksys RT31P2 Cable Modem (because I'm using Vonage as my phone carrier).

[grue155]

Doing some digging, and reading over what I've been able to find, it looks like several things need to be done. My reference on this is http://www.microsoft.com/windowsxp/using/networking/expert/russel_05Feb.mspx which pretty much seems to describe the entire process.

Looking over the user guide for yor Linksys RT31P2, there are some changes that will need to be made to its setup, and to your HOME desktop machine.

The Linksys needs to be set up for port forwarding, for TCP port 3389. But, it needs an IP address of the HOME desktop. If the desktop machine is getting a dynamic address, it may or may not get the same address each time.

So, the desktop machine will need to be assigned a static address. The Linksys provides addresses in the 192.168.15.x range (where x is 100 to 149). The desktop needs an address outside that range, but within the range of 1 to 254. For the sake of presentation, I'll assume the desktop is assigned 192.168.15.80.

With the desktop given a fixed address, then you can login to the Linksys, and go to the "Applications and Gaming" tab. Here you will need to enter the details for the port forwarding:

application:  some name - it's a label for your use - call it "remote desktop"
start and end: 3389 and 3389
protocol: TCP
IP Address: 192.168.15.80 , this is the LAN address of your desktop
Enable: yes, check the box

then "Save" to apply the changes. Linksys will now pass Internet traffic to your desktop on port 3389.

On your desktop, since you can already use remote desktop on your LAN, I would presume the CFP rules are already in place and working. You should have at least this rule present in your firewall Global Rules:

allow TCP in from any to zone[MyLAN] where srcport is any and destport is 3389

At this point, you should be able to access your desktop machine from the Internet. Which raises a boatload of security concerns. I'm a LAN/email admin on dayjob. From site firewall logs, I know that port 3389 is very heavily scanned. I would presume the scans to be folks looking for open machines. You're opening up a machine, so I can almost guarantee that your desktop machine will be attacked.

At the very least, have a very very good password on the Windows login. If the desktop is an XP Pro machine, I'd strongly suggest seting up a PPTP VPN so you have an encrypted connection and a second layer of passwords.

Since the desktop machine is running CFP v3, I also strongly suggest you make the full use you can of Defense+ to harden your machine.

This should get you going using the remote desktop. If, in your traveling, you use wireless hotspots, be aware that remote desktop isn't, so far as I know, an encrypted connection, and hotspots are usually very easy to sniff.

[c8799p]

Well, I followed your instructions and I still can't log in remotely from a distant location.  I'm currently in New Jersey (and I also tried it in NY), and it's not letting me connect to my home computer via my laptop.  The Windows Remote connection DOES work when my laptop is on the same internal (wireless) network, but not when I'm traveling.  Help!   

[grue155]

Sorry for the delay in getting back to you.

Just to make sure I understand your network connection, it is something like this:

laptop --- hotspot ---- Internet ----- router/RT31P2 ------ desktop

where hotspot is whatever connection service host/ISP that is available to you at where-ever you are.

In reading over the Microsoft web pages about how remote desktop works, it seems that it all should be working. But, one question, regarding how your router connects to the Internet.

I'll presume that your router is getting a dynamic assigned address from your ISP. This means that the Internet address you want to connect to is going to change from time to time (how fast, depends on your ISP).

So the question then, is how you determine what IP address to use to make the connection across the Internet? On your router, on the Setup tab, for DDNS services, is the DDNS (dynamic DNS) enabled?

Using the dynamic DNS is by far the simpliest way of connecting to a host with a dynamic IP address. The dyndns.org service is free, and I've found it to be very reliable.

[mileswilliams]

Your desktop will seem to have two ip addresses... when you are home you will have something like 192.168.1.80 (using above example) when you are attempting to connect from outside of the lan (home network) you aren't trying to connect to the pc. You want to be trying to connect to the Router... it then passes the information on to the pc... so...

login to your router find out what its ip address is then try connecting to that... it will work from home as well as from outside the lan.

What is the ip address you are entering in when you are attempting the remote connection ?

[mileswilliams]

Almost forgot... you NEED a password for xp remote control to work.

[Tags:]