Remote Desktop

Are you accessing across the Internet or on the same LAN? Are there any firewalls/routers between you and the server (not necessarily ON the server as you already mentioned)?

I'm accessing it through the internet. The computer's right next to me though even though it's not under a network.

Can you post a brief description then of the network layout? You say it's going through the Internet but it's right next to you. Can you confirm you mean "Internet" as in "out to the ISP and back", or just to a hub/switch then the server? Are you on a home or work LAN?

Actually I'm not explaining this right. I am on LAN running a netgear router. One computer is xp and the other is server 2003. I'm trying to connect to the win 2003 server from xp. I can connect to it when I use the ip address of the server which is 192.168.0.3

But I can't connect to it when I use the dynamic ip of 69.x.x.x I need to connect using the dynamic ip because I need to connect to this server even when I'm not at home sitting right next to it on another computer.

Really, what I'm asking is how can I connect to this server through the internet and with only having dynamic ip rather than static.

btw sprkymrk I appreciate your quick response & your help.

Okay, I see now.
What you need to do on your netgear is to set up forwarding. Forward port 3389 to the internal ip address of the server (say 192.168.whatever.whatever) Make sure you have that address statically assigned on the server. I don't have a netgear, so I can't say specifically how to get to the port forwrding, but poke around a bit and you'll find it.

You won't be able to test from home behind the router without some major configuration modifications, so find somewhere close by. (neighbors unsecured wireless network

maybe).

The dynamic ip is a different problem all together, but there are scripts and free programs that will email your ip to yourself every 30 minutes or something. A creative google search should help you find something suitable, or maybe a smart tech on this site already has something that works.

You can you a Dynamic DNS service. I peronally use DynDns.org because it is free and my router supports it.

If you are going to do it by a FQDN over the internet then you need to use Remote Desktop Web Connection. It can be installed through Add/Remove Windows Components in the Add/Remove Programs.

You will then need to forward the http port that you use for accessing it through IE and also forward RDP 3389 to the server you are wanting to connect to.

I am sure that you can google the term Remote Desktop Web Connection and get a Step by Step tutorial for setting that up.

Thanks sprkymrk, I'll be trying what you suggested for the next few minutes. On the dynamic ip issue, anyone use the dyndns solution for this? How did it work for you?

sprkymrk wrote:

Okay, I see now.
What you need to do on your netgear is to set up forwarding. Forward port 3389 to the internal ip address of the server (say 192.168.whatever.whatever) Make sure you have that address statically assigned on the server. I don't have a netgear, so I can't say specifically how to get to the port forwrding, but poke around a bit and you'll find it.

You won't be able to test from home behind the router without some major configuration modifications, so find somewhere close by. (neighbors unsecured wireless network : maybe).

The dynamic ip is a different problem all together, but there are scripts and free programs that will email your ip to yourself every 30 minutes or something. A creative google search should help you find something suitable, or maybe a smart tech on this site already has something that works.

You barely beat me on posting a response

vistalavista wrote:

Thanks sprkymrk, I'll be trying what you suggested for the next few minutes. On the dynamic ip issue, anyone use the dyndns solution for this? How did it work for you?

Works Great!!!

Silver Bullet wrote:

vistalavista wrote:

Thanks sprkymrk, I'll be trying what you suggested for the next few minutes. On the dynamic ip issue, anyone use the dyndns solution for this? How did it work for you?

Works Great!!!

Good to hear. I might try that. btw, thanks for your help:) It's the thought that counts.

vistalavista wrote:

Thanks sprkymrk, I'll be trying what you suggested for the next few minutes. On the dynamic ip issue, anyone use the dyndns solution for this? How did it work for you?

Good luck.
I have heard that dyndns works well. And if Silver Bullet says it works, you can bet it does.

Ok, I just need to verify this.

I setup port forwarding on the router by putting in port 3389 for the starting and ending port. (I'm assuming 3389 is the remote desktop port. Am I correct?)

It's also asking me for the server ip address I just need to verify it wants the public ip and not the servers private address.

vistalavista wrote:

Ok, I just need to verify this.

I setup port forwarding on the router by putting in port 3389 for the starting and ending port. (I'm assuming 3389 is the remote desktop port. Am I correct?)

It's also asking me for the server ip address I just need to verify it wants the public ip and not the servers private address.

Yes 3389 is the Remote Desktop Protocol (RDP) TCP port that you need to forward.

In your router you will enter the private IP address of the Server to forward it to.

Silver Bullet wrote:

In your router you will enter the private IP address of the Server to forward it to.

As SB said. And to further clarify:
When you are out and about, and you want to use RDP to your server, you connect to the external IP address of your router (the one issued by the ISP). In other words, connect as if you wanted to RDP to the router. When the router detects a connection to port 3389, it uses your forwarding rule which says "If something knocks on port 3389, don't answer it, just forward it to this other guy at ip address 192.168.x.x (or whatever the ip address on your server is).

Make sure your server is locked down tight though. There are a lot of scans out there looking for open ports at 3389. They will attempt to brute force your RDP server. Make the userid/pw long and strong. If you have a laptop which is the only thing you will ever connect to your server with, change the listening port on the server via a registry setting, then create a custom RDP connection saved on your laptop that uses this other port (say 45300 or something else obscure). Instructions can be found on technet. Then of course, change the port forward rule on your router to the new port as well.

I tested this from work and was able to connect with no problem. Thanks for all the help

Is there any firewall that you recommend?

vistalavista wrote:

I tested this from work and was able to connect with no problem. Thanks for all the help

Is there any firewall that you recommend?

Symantec Gateway Security 3.0 Appliance. It will only set you back about $15,000.

Otherwise, are you asking about a personal firewall on the server or a device behind your router? The W2K3 server has a built in firewall, turned off by default. You could turn it on, but that may complicate matters a little if you are also accessing it via a LAN setup or if it's a DC or something. Otherwise, just be careful, watch your security logs (you are auditing logons at least, right?), and as I mentioned use strong passwords. A VPN would also work to help encrypt your RDP traffic, but you would then want to turn off port forwarding on your router and instead allow udp 500 (for IKE/IPSec VPN traffic). A little research on google will give you a lot of options. Good luck!

troys3

I've used Sygate, which is free and easy to configure. I currently use Zone Alarm which rocks imo. I've used Symantec for years, but found it to be bloated. It is good stuff though.

I think I'll pass on that expensive Symantec firewall. As for Zone Alarm, I don't think it works on a server. I think I'll use the builtin firewall.

Also, I often connect to my server from public places. Once I connect, it saves my ip address on the Remote Desktop login windows. The next person that uses Remote Desktop knows what my ip address and could try to get into my server. Is there anyway of clearing my ip address from the Remote Desktop login after I've disconnected? Should I be worried about this?