Dismiss Notice

Welcome To CK5!

Registering is free and easy! Hope to see you on the forums soon.

Score a FREE t-shirt and membership sticker when you sign up for a Premium Membership and choose the recurring plan.

Remote Desktop Question

Discussion in 'The Lounge' started by hunterguy86, Sep 22, 2006.

  1. hunterguy86

    hunterguy86 1/2 ton status

    Joined:
    Jan 10, 2005
    Posts:
    2,477
    Likes Received:
    0
    Location:
    San Marcos, Texas
    I want to change the listening port that remote desktop uses to allow remote access into win xp pro. On my machine I use the default port (3389) and it works great. However If I want to remote into my living room box I would have to change LAN IP addresses in the router and its just annoying.

    I thought that you could just edit the registry and change the listening port. However that doesnt seem to work. I can't remote into the machine after I change the port when I enter MYWANIP:3391. However If I just enter the LAN IP I can remote into it just fine. I did make sure that I have the proper port forwarded into the router.

    What am I missing here?
     
    Last edited: Sep 22, 2006
  2. CDA 455

    CDA 455 3/4 ton status

    Joined:
    Jun 2, 2006
    Posts:
    8,598
    Likes Received:
    0
    Location:
    43rd State
    Just add a quart of ATF to it, it'll work fine :D:haha:!!
     
  3. dremu

    dremu Officious Thread Derailer Premium Member

    Joined:
    Feb 27, 2000
    Posts:
    15,969
    Likes Received:
    462
    Location:
    East of San Francisco
    If you're running the Windows firewall -- or indeed, any firewall -- you'll need to tell it to keep that port open.

    -- A
     
  4. SkysTheLimit

    SkysTheLimit 1/2 ton status

    Joined:
    May 23, 2003
    Posts:
    530
    Likes Received:
    0
    Location:
    Tampa, FL
    I'm assuming you want to connect from the outside world to 2 different boxes inside your network.

    based on that assumption, leave your listener setting alone and let the router do all the work. it should have a feature called port triggering. it may be called something on different brands. I think linksys puts it under applications and games or something like that. then you tell it incoming connections on XXXX port from the outside are routed to your living room box on 3389.

    then default route will take you to your machine, while WANIP:XXXX will take you to your living room machine.

    or get a real firewall and set up a VPN and don't worry about it. http://www.astaro.com
     
  5. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    When you changed the listening port on the living room machine (call it machine B), did you also changed port forwarding on the router?
    So now you should have two port forwarding entries in the router, 3389 to machine A, 3391 to machine B.
    Can you access machine B from the lan side? IE, can you get on machine A and get into machine B at 3391, and get on machine B and hit machine A at 3389?

    This should help you be sure you changed the port correctly, yes, it is just a reg entry and a reboot:
    http://support.microsoft.com/kb/187623/
    http://support.microsoft.com/default.aspx?scid=kb;en-us;306759

    I do this at home now, mostly so I can do personal web surfing from work without everything I do being seen by corp, and also so I can leave web pages open and pick up where I left off from anywhere.

    Here's what I did, it's really pretty simple:
    - Change the listening port on my terminal server (server version of remote desktop). I didn't do this for routing purposes, I did it for security purposes. Any goof can do a port scan and find you have the default RD port open, then proceed with a dictionary attack or something to get into your machine. I used an arbitrary very high port, like somewhere in the 12000's, so if someone does find it in a port scan, they won't know exactly what it is immediately, and few casual hackers are patient enough to scan through a range that high.
    - Give the machine a static IP address. Probably the same one it gets by DHCP, but add 100 to it, up to 254 (so if it's 192.168.1.105, make it 192.168.1.205)
    - Set up port forwarding in the router to forward all incoming traffic for that port to the IP specified above
    - Check the windoze firewall, but if you can hit it by the old lan ip, then I doubt the firewall is a problem, sounds more like you didn't actually change the listening port

    I just got Verizon Fios, and run through 2 routers and a firewall to get to my lan from the outside. It runs like clockwork, going on 5 years of this setup... I have a script that runs every hour on my home server and sends me an email if it's public net IP address changes, too. :D
     
  6. hunterguy86

    hunterguy86 1/2 ton status

    Joined:
    Jan 10, 2005
    Posts:
    2,477
    Likes Received:
    0
    Location:
    San Marcos, Texas
    I followed the instructions on the microsoft KB (2nd link you posted) to change the listening port and it is forwarded in the router. The LAN IP is set static in TCP/IP. If I use the LAN IP of machine B I can remote into it. However I cannot remote into it when using the WAN IP in the format MYWANIP:3391

    The reason I want this to work is so my roommate can remote into it and do homework while I'm remoted in at the same time. I have all of my work stuff on my computer at the house because we dont sit at the same computer every day. (I work in internet tech support. It's pretty sad that I cant figure this out. :crazy: )

    My thinking is when I edited the registry to change the listening port, its not taking it or something, though it does show the new port number.
     
  7. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    Wait, so if you're home, on the lan, and you try to get into it using lanip:3391, you *can* get into it?
    If that's the case, the problem is your router. If you're home, on your lan, and you're trying to use wanip:3391, and you *can't* get into it, it may be that your ISP or router does not allow you to go out and back in, and you need to test this from the outside.

    Either way, if you can get into the machine by address:3391 at all, then the port is indeed changed. If you get into it by just typing the ip address and no specific port, then the port is not changed.

    If you want, pm me your public IP and I'll see if I can get a login prompt from my house, that can be your off-lan test.
     
  8. hunterguy86

    hunterguy86 1/2 ton status

    Joined:
    Jan 10, 2005
    Posts:
    2,477
    Likes Received:
    0
    Location:
    San Marcos, Texas
    If I am on machine A I can type in the following: 192.168.2.4 and it will take me to the login prompt for machine B. But if I type in WANIP:3391 or LANIP:3391 it doesnt work. So I guess this means editing the reqistry didnt work.
     
  9. hunterguy86

    hunterguy86 1/2 ton status

    Joined:
    Jan 10, 2005
    Posts:
    2,477
    Likes Received:
    0
    Location:
    San Marcos, Texas
    Heres a screen shot of my router. This shows how I have port forwarding configured.

    [​IMG]
     
  10. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    The port forwarding config looks correct, but you have to get the machine port changed. Did you reboot it after the regedit?
     
  11. hunterguy86

    hunterguy86 1/2 ton status

    Joined:
    Jan 10, 2005
    Posts:
    2,477
    Likes Received:
    0
    Location:
    San Marcos, Texas
    Ya I rebooted after regedit. Specs are windows XP pro. Anti virus is AVG. No other types of firewall except windows firewall. Not sure what else to check/turn off.

    Here is a screenshot of where I changed the port. [​IMG]
     
  12. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    Try testing the port;

    -Click Start->Run and type CMD, then hit enter
    -at the command prompt, type "Telnet 192.168.2.4 3391"
    --If the prompt window goes blank except for a blinking cursor in the top corner, then the port has actually been changed.
    --If the windows stays and just says "Connecting to [blah blah], then eventually times out, the port is not responding, and probably not changed.

    The fact that you can get into it without specifying a port indicates the port has not been changed, though.
     

Share This Page