Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to Allow Access to Port 3389 ???

Status
Not open for further replies.
grobermatic

grobermatic

Technical User
Dec 21, 2002
153
0
0
GB
I'm trying to get started with Remote Access. I have 3 machines running on a Wireless Broadband Router (Belkin 54g model - with hardware firewall) I also have ZoneAlarm running on 2 of the machines.

I've configured the hardware firewall to redirect port 3389 to 101,102,103 for each of the internal machine IPs on the network. I've done this for both TCP and UDP.

I've also setup an expert rule on ZoneAlarm Pro to do the same.

The problem is I can only get remote access to work internally, (behind the firewall) I can't access any computer on my network from another conputer outside my home network and firewall. (eg my computer at work)

Anything else I should have checked?

Cheers

Craig

--------------------------------------------------------------------------------------------------------
"Time-traveling is just too dangerous. Better that I devote myself to study the other great mystery of the universe: Women!" .. Dr E. Brown (1985)
 
Sort by date Sort by votes
Port 3389 can only be assigned (port forwarded) to one specific internal IP.

You need to be able to establish a range of external ports that can be mapped one on one to each given internal IP.
 
Upvote 0 Downvote
As VOP said, just forward port 3389 to PC-A behind the firewall. Once you are able to access PC-A, run remote desktop from PC-A to log into the other PCs. I have a few customers that have between 1 to 20 PCs that we need to access remotely so I only forward port 3389 to one server. Then from this server I access any other workstation from this server. If you have multiple public IPs, then you can map each public IP to one workstation behind the firewall. However to achieve this, you must have a device that allows multiple IP mappings like Cisco 5xx Pix firewall series. I think you can also get Cisco Routers to do the same. SOHO routers like Linksys, Dlinks and such only allows one public IP mapping to one internet IP mapping.
 
Upvote 0 Downvote
Hi, thanks for replying...

I've done all the above...

My router now forwards port 3389 to 100 for the internal IP 192.168.2.3. Ive also set this up on ZoneAlarm on the computer that has this IP.

When trying to access my WAN IP through remote access I get the message :

"The client could not connect to the remote computer

Remote connections might not be enabled or the computer might be too busy to accept new connections

please try connecting later, if this problem continues to occur please contact your network administrator"

If I type my IP into the address bar of IE6 :

HTTP://[WAN IP]

I get my router's setup menu.

If I try to get remote access through IE6 :

HTTP://[WAN IP]/tsweb

I get : "The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. "

Any further ideas

--------------------------------------------------------------------------------------------------------
"Time-traveling is just too dangerous. Better that I devote myself to study the other great mystery of the universe: Women!" .. Dr E. Brown (1985)
 
Upvote 0 Downvote
You have two levels of firewall complexity - your router and Zonealarm (ZA). What remote app are you using - is there more than one such app on your machine now? You could also try another (fairly simple and secure) remote app such as radmin ( on port 4899.

Would suggest that you remove Zonealarm (ZA) from the mix until you can get the basics working. See several google articles which could offer clues on this:


You will probably utimately find that your ZA security level may be too high to allow a remote connection. Did you enable in ZA your remote app to both 'allow connect' and 'allow server'.
 
Upvote 0 Downvote
Just noticed something else here:

Is your remote app configured to listen and/or respond on port 100 on your internal IP? Maybe it is still expecting port 3389.
 
Upvote 0 Downvote
By typing in your Wan IP you shouldn't be getting the setup menu.

Where are you typing this in from (internally or externally)? What is the first digit of the Wan IP entered?
 
Upvote 0 Downvote
Terminal Service Web (tsweb) requires port 80 and port 3389.

You should be able to connect to the default server website @ HTTP://[WAN IP]/ before any of if this works.

Now try HTTP://[WAN IP]/TSWEB

If this does not work check in order…
· Check your Event Log for licensing issues.(Win2k Terminal services may require registration.)
· Browser Settings and ActiveX controls
· Reinstall Terminal Services

You may also wish try this.
Windows NT 4.0, Windows 2000 Server, Windows XP and Windows Server 2003's came with a standalone client (Terminal Services Advanced Client) or (Remote Desktop Connection client) these clients only use 3389 and offer a few more client options.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sue Adams
  • Locked
  • Question
Setting up a VPN to print documents to work printer in one city from home
Replies
2
Views
79
goombawaho
goombawaho
stanlyn
  • Locked
  • Question
Remote Desktop Access with Secure HTML Browser
Replies
0
Views
103
stanlyn
stanlyn
kjv1611
  • Locked
  • Question
Best Free or Cheap Remote Access Application / Tool for Windows 8 and 10?
Replies
0
Views
99
kjv1611
kjv1611
Destro1924
  • Locked
  • Question
Cisco 877w Access lits/port forwarding issues- Help needed
Replies
0
Views
102
Destro1924
Destro1924
Ntelos
  • Locked
  • Question
Question regarding remote connection to dvr
Replies
1
Views
116
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top