Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RDP, web server issue


  • Please log in to reply

#1
hal_jordan

hal_jordan

    Member

  • Member
  • PipPip
  • 29 posts
Good evening all!
I have an issue that I have kicked around for a few weeks now.
I have 2 pc's and 1 laptop, setup as follows:
Falkin Desktop - XP Pro
Jordan Desktop - Ubuntu
Wacka laptop - XP Pro

I have a LinkSys router, NAT enabled, all 3 pc's connect to the internet through this router. From behind the router, I can RDP from laptop to desktop and vice versa. I can also access my web server (Apache 2.0), which is setup on the Linux box from either behind or outside of the router.

What I cannot do, is access my XP box(s) from outside of the router.
I have port forwarding enabled;
I am trying to access it via the external ip (per whatismyipcom);
I have rdp enabled on box(es);
I have port 3389 enabled on router;
I have port 3389 enabled on Zone Alarm

I am not sure, because I have heard conflicting advice from elsewhere, but I have not setup a static address on the any of the boxes. The ip's are being pulled from a 1-49 range (192.168.1.100-192.168.1.150), and when I try, then my internet connection drops.

I was told that I need to set the ip on my box(es) within the range of ip's and I have been told OUTSIDE of the range. 192.168.1.151 fpr example.
As long as I do not bounce the router OR the pc's, the ip's *should* remain the same, right? The gateway and dns have not changed, so how can my router reassign internal ip's?

Thanks in advance for your help
Tim
  • 0

Advertisements


#2
hal_jordan

hal_jordan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Bump
  • 0

#3
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts
Please don't bump.

What I'd like to know is why you want to access the XP machine from outside the router? Doesn't this defeat the whole point of having a router if you're going to bypass it?

But anyway, this is probably related to Zonealarm's settings.

Edited by Neil Jones, 22 December 2005 - 05:56 PM.

  • 0

#4
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
I'm not sure I follow... What do you mean you can't access your XP boxes from outside the router? Why are you trying to access them? What are you trying to do? Are you attempting to connect to each individual computer via it's internal IP (ie: 192.168.1.101)? For what purpose? You can only connect to those addresses if you're on the same network as them. You can not connect with your external IP and then an internal IP... The only possible thing you could hope to accomplish is to connect to a Web Server (your Apache server), which you said worked. So, I'm not sure what exactly is the problem. Everything seems to be okay to me. All of your computers must have an internal IP within the range allocated.

If you could clear things up a bit for me, I'll try to help.
  • 0

#5
hal_jordan

hal_jordan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Dan and Neil, thanks for your replies' I will not bump again :tazz:
I'd like to be able to access my xp box from work, that's all. I am not certain that it is an ZA setting, since I have even tried unloading ZA to take it out of the equation.
That's it; if I am any where else with a broadband connection, I should be able to access my box as long as I have remote desptop enabled on the host pc (which it is).
So, if port 3389 is open, port forwarding to the internal ip is enabled and set correctly (it is), then I am at a loss.

Thanks!
  • 0

#6
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts
Oh well in that case give the XP machine a fixed IP address from the router and put it into the router's DMZ Zone. This basically exposes it to the internet without going through the router's own internal firewall.

Of course this has its own security risks and what not but if that's a risk you're happy to take then that's up to you...
  • 0

#7
1999

1999

    New Member

  • Member
  • Pip
  • 3 posts
Hey Hal, hope all has been working well for you.

Might be a bit late, but I thought I'd give my input.

Part of the reason you might have been having trouble is that you had two XP boxes on the LAN side, both listening on port 3389 which is the default.

If you were able to do full static routes with multiple external IPs or advanced port mapping, you'd have no problem, but most home Internet setups and home-class routers do not support this.

The solution I've seen work is to change the listening ports of your two internal XP boxes to something different. Think of it like an IP conflict, because both boxes are listening on the same port, the conflict lies there.

Say you change Falkin's RDP listener to 3489 and Wacka's to 3589. These are just arbitrary numbers, you could use 3390 and 3391 respectivly, just make sure they don't conflict with any other service ports you're using like BitTorrent or a gaming port.

So if your external IP were 200.100.50.25 you would then in RDP type 200.100.50.25:3489 to connect to Falkin.

Got it?

Also, the way to change the listener port is a registry change in a MS KB article ... I can try and pull up the link here.

here ya go - http://support.micro...kb;en-us;306759

Edited by 1999, 17 January 2006 - 10:46 PM.

  • 0

#8
1999

1999

    New Member

  • Member
  • Pip
  • 3 posts
Also, I'd strongly reccomend NOT just opening any of your boxes to a DMZ port and just leaving it. Doing this is the same as bypassing the router for that machine. You're just leaving it wide open to attacks.

I can't believe this was actually suggested.

Edited by 1999, 17 January 2006 - 10:46 PM.

  • 0

#9
hal_jordan

hal_jordan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Also, I'd strongly reccomend NOT just opening any of your boxes to a DMZ port and just leaving it. Doing this is the same as bypassing the router for that machine. You're just leaving it wide open to attacks.

I can't believe this was actually suggested.


Thanks for the advice on changing the ports; that has to be it. I will try that tonight. I had no intention of opening up a computer in a DMZ. Thanks again!
  • 0

#10
1999

1999

    New Member

  • Member
  • Pip
  • 3 posts
Awesome. Let me know how it turns out!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP