Port Forwarding

[bulldawg1979]

I am trying to help someone on another computer by using the Remote Assistance feature of Windows XP. I have a Netgear MR814 wireless router connected to my DSL modem. The other computer has just a DSL modem (Westell 2200). For the two computers to communicate, I assume I must open port 3389 on both machines. I went into the Westell modem and put 3389 in the Global Port Range (both start and end port boxes), then put 3389 in the Base Host box. There is nothing about inserting an IP Address.

In my machince, with the Netgear router, the settings for Port Forwarding required a service name, start and end ports, and Server IP. I inserted Remote Assist, 3389 in both start and end port boxes, and the LAN IP Address of MY machine (which I got by going to a command prompt and typing "ipconfig."). Is this correct? Or should it be the IP Address of the machine I want to remotely control?

Before answering the question of whether my IP address goes in the Netgear settings or the IP of the remote machine, I must confess that I am also confused about what the IP address needed is. I have gotten widely diverging advice from different technicians at BellSouth and I'm confused. For example, if you go to a website like www.ipchicken.com, it will identify my computer as having an IP Address starting as 68.223...... and the tech said this was the correct number to put in the router. Someone else said to use the LAN IP that comes from using the command "ipconfig" and usually looks like 192.168......

So, which is the correct IP Address to use in port forwarding and when someone asks what the IP Address of your machine is, which is the correct answer (192...or 68....)?

To sum up, I need to know whether I use the LAN IP address (usually 192.168....) in the settings or the IP address that I get using www.ipchicken.com (68.223.24....). Once I solve this dilemna, do I use the IP Address of MY computer in the Netgear settings or th IP address of the computer that I want to control?

If anybody can help me, I would be very, very grateful.

 

[Fardringle]

I have to admit that your description is somewhat confusing so please forgive me if I miss (or mis-understand) something.

First off, it sounds like you want to connect to the other person's computer from your computer. You have a separate modem and router, the other person has a Westell 2200 modem (which is also a router, by the way).

To make things clear, I'll refer to everything on your end of the connection as "YOU" or "YOUR" and everything on their end as "THEM" or "THEIR".

In order for YOU to connect to THEM, you don't need to do anything on your router unless your router (or software firewall on the PC) is specifically blocking outgoing Remote Assistance connections (it shouldn't be unless you told it to).

You need to do the following on THEIR system:
1) If the XP firewall is enabled, configure it to allow incoming Remote Assistance connections.
2) Obtain their internal (LAN) IP address by typing IPCONFIG on their computer.
3) Forward port 3389 on THEIR Westel modem/router to THEIR internal/LAN IP address.

After you have completed the steps listed above, do the following on YOUR system:
1) Enter THEIR external/WAN IP address (provided by their ISP, should be visible in the Westel config page) in the Remote Assistance connection prompt on YOUR computer.
2) When prompted to do so, type in the user name and password of an account on THEIR computer that is a member of the local Administrators group or has otherwise been given permission to connect remotely.

 

[bulldawg1979]

Your instructions are very concise and easy to understand. Out of the half dozen forums I have gone to for help, you have provided the best, most easily understood info. I would appreciate your feedback after I clarify a couple of things.

First, I began my port forwarding journey after getting instructions (with screen shots) from www.portforward.com for both the Netgear router and the Westell modem/router. The steps for the Westell included establishing the port, 3389, but there was no mention of or place to insert an IP address. Did I miss something in setting up the Westell?

From your instructions pertaining to my computer, it sounds as though it was not necessary for me to go into my Netgear router and setup port forwarding. Instead, the instructions you gave me sound like the way to use "Remote Desktop," which is different from "Remote Assistance." The user of the other computer has sent me an invitation using the Remote Assistance feature of XP (Start, Help and Support, Invite someone to help using Remote Assistance). Supposedly, I can open the invitation and put in the password the user created for the invitation and then connect to his computer. (When the user had a dialup internet connection, I used the Remote Assistance in this manner, successfully, on several occasions.) When I do this, I get the message that I cannot connect because the Remote Host Name cannot be resolved. This is the message i got before I understood the need to open ports and I'm still getting the message after trying to tinker with port settings. Obviously, I'm not setting up things correctly. By the way, I opened the invitation in notepad and it contains the remote user's 192.xx.xx.xx address. Somewhere it seems I read that this address should be edited out of the invitation and the 68.xx.xx.xx address inserted. Does this make sense?

I know I sound like a total noob and you're wondering why someone would want me to remotely control their computer. The fact is I'm trying to help an elderly relative who likes to check emails and surf the net, but constantly has very minor things go wrong with his computer. When I try to instruct him in simple steps, like "step one, click on the green start button at the bottom of your screen," he will get confused and hours later we are only on step 3. I thought that remotely controlling his computer would make our lives less stressful, but I've spent a couple of days trying to figure out how to get our computers to communicate.

I appreciate your help. Hope my additional questions are not too confusing. You did a great job of understanding my initial questions.
Thanks

 

[Fardringle]

Forwarding ports on your router only has an effect on someone trying to connect to computers on your network (behind your router) from somewhere else on the Internet. Except in some unusual circumstances, you shouldn't ever have to make any changes on your router in order to make a connection to an external resource on the Internet.

If you are getting the Remote Assistance requests through email, then yes, you need to substitute his external IP address (68.x.x.x) with the internal IP address (192.168.x.x) that is in the invitation in order to connect to his Westel Modem/Router. From there, the Modem/Router has to know where to send the connection request to get it to his PC so you'll need to have port 3389 forwarded to the internal IP address on his PC. I'm not very familiar with the internal workings of Westel devices so I'm afraid I can't be much help in finding the correct place to configure this setting on the router. I'll look around and see if I can find any useful documentation.

Once you have the port forwarded properly on his router, and incoming Remote Assistance connections enabled in the Windows XP Firewall settings (if he has XP installed), entering his external IP address in the connection information in the invitation he sends you should allow you to take control of his PC.

 

[bulldawg1979]

Originally posted by: Fardringle
Forwarding ports on your router only has an effect on someone trying to connect to computers on your network (behind your router) from somewhere else on the Internet. Except in some unusual circumstances, you shouldn't ever have to make any changes on your router in order to make a connection to an external resource on the Internet.

If you are getting the Remote Assistance requests through email, then yes, you need to substitute his external IP address (68.x.x.x) with the internal IP address (192.168.x.x) that is in the invitation in order to connect to his Westel Modem/Router. From there, the Modem/Router has to know where to send the connection request to get it to his PC so you'll need to have port 3389 forwarded to the internal IP address on his PC. I'm not very familiar with the internal workings of Westel devices so I'm afraid I can't be much help in finding the correct place to configure this setting on the router. I'll look around and see if I can find any useful documentation.

Once you have the port forwarded properly on his router, and incoming Remote Assistance connections enabled in the Windows XP Firewall settings (if he has XP installed), entering his external IP address in the connection information in the invitation he sends you should allow you to take control of his PC.

Here is the link, http://www.portforward.com/english/rout...stell/Westell2200Wirespeed/default.htm, I used to setup the Westell modem. I followed the steps and enabled port 3389 with TCP selected. The tech said I didn't need to enable the port with UDP selected. Do you agree?

Let me clarify, when the RA Invitation arrives at my computer, it contains his internal address (192.xxx.xxx.xxx). So, should I skip what you say here, "if you are getting the Remote Assistance requests through email, then yes, you need to substitute his external IP address (68.x.x.x) with the internal IP address (192.168.x.x) that is in the invitation in order to connect to his Westel Modem/Router."

If yes, then let's move to the next statement, "From there, the Modem/Router has to know where to send the connection request to get it to his PC so you'll need to have port 3389 forwarded to the internal IP address on his PC. I'm not very familiar with the internal workings of Westel devices so I'm afraid I can't be much help in finding the correct place to configure this setting on the router." When you start the sentence, I think you mean I need to instruct MY router to send the connection request to his remote computer, but then you say you can't help much because your not familiar with the Westell modem (which is on the remote computer that I want to help). Can you clarify this statement? I thing the term "port forwarding" is what is getting me all confused. It implies to me that I need to do something on my machine to forward information to his machine. However, I am coming to the conclusion that it means that I go to his machine and open port 3389, so it will accept my connection request. So, my machine is not actually forwarding anything to his, correct? If you have the time to go to the link above, you can see the exact steps given for setting up port forwarding on the Westell modem. On this site, there are instructions for setting up port forwarding on my Netgear MR814, also, but as you explain, I don't need to worry about this, unless I want someone to remotely control my computer, I suppose. Like I said above, I followed the steps exactly and opened port 3389 selecting TCP.

In your last paragraph, you say, "Once you have the port forwarded properly on his router, and incoming Remote Assistance connections enabled in the Windows XP Firewall settings (if he has XP installed), entering his external IP address in the connection information in the invitation he sends you should allow you to take control of his PC." This seems to contradict the statement in the first paragraph of your quote, "f you are getting the Remote Assistance requests through email, then yes, you need to substitute his external IP address (68.x.x.x) with the internal IP address (192.168.x.x) that is in the invitation in order to connect to his Westel Modem/Router." Can you clarify this statement? If the invitation comes with his 192.xxx.xxx.xxx address, do I leave it alone or change it to the external address, 68.xxx.xxx.xxx?

I'm very hopeful that you are going to be the one to get me connected, if I don't drive you insane in the process.
Many thanks!

 

[bulldawg1979]

Thanks to the advice I received on various forums, I put all of the puzzle pieces together and successfully connected to the remote PC. No thanks goes to my DSL tech support who gave me much incorrect information, and told me after several telephone calls that they didn't have a final answer. For example, they told me I HAD to open ports on both machines, and this proved to be incorrect. They were very off base in setting up port forwarding of the router on the remote machine. Thanks to a website, www.portforward.com, I was able to find great instructions on port forwarding of the Westell 2200 modem/router. The final piece of the puzzle that lead to success in connecting remotely was editing the Remote Assistance invitation. I've written some instructions for myself and thought I would post them here. It might help some poor soul spend less time than I did in researching and losing sleep over port forwarding and remote assistance.

Steps used in Remote Assistance Setup:

Notes: If Remote Computer is using Dialup connection, omit the directions about Port Forwarding and Editing the Remote Assistance Invitation. These instructions are specific to Windows XP. For clarity I will call the PC being used by the Assistant the LPC [Local PC] and the PC that needs to be remotely controlled by the Assistant the RPC [Remote PC]. For this setup, both PCs had a DSL connection to the internet. The LPC was behind a Netgear MR814 Wireless Router and the RPC was behind a Westell 2200 modem/router.

1. On the RPC, start off by making sure it is allowed to send Remote Assistance invitations. Right click on My Computer and select Properties. In the System Properties box, select the Remote tab and put a check mark in the ?Allow Remote Assistance Invitations to be sent from this computer.?
2. It?s a good idea to go to Services and make sure that ?Remote Desktop Help Session Manager? is Started in both the LPC and the RPC. (Control Panel-Administrative Tools-Services)
3. Check to make sure that the Windows XP firewall is disabled. (Network Connections-right click on LAN-select Properties- click Advanced tab- uncheck box for Internet Connection Firewall) In my case, both PCs were using the free version of Zone Alarm, a software firewall. I found that I could leave Zone Alarm running on the LPC (and this should be the case for Windows XP?s firewall), but I needed to shut it down on the RPC. It may be possible to setup your firewall to allow traffic between the PCs, but, if not, be aware that a firewall on the RPC may block communication.
4. The LPC DOESNOT have to worry about Port Forwarding. Advice from my DSL provider that ports on both machines had to be opened was incorrect. Forum members assured me it was not necessary to open port 3389 on the LPC and they were correct. Way to go forum members!
5. The router of the RPC has to open Port 3389. Each brand of router has its specific instructions for setting up port forwarding. I found the website www.portforward.com to be very helpful. It had instructions and screen shots of many brand name router settings. On the Westell modem, it was possible to put a range of ports to be opened. There was a box for a Start Port and a box for an End Port. Then a Base Host box was provided for a specific port number. I put 3389 in all of the boxes.
6. The RPC needs to send an invitation to the LPC asking for assistance (since a password is included in the invitation, the RPC user must tell the LPC user ahead of time what password will be used. (Start-HelpandSupport-Invite someone to help-Outlook Express option). Windows messenger is another option for sending the invitation, but I?ve never used it, so I do not know if it is possible to perform the same steps in messenger that I will describe when using Outlook Express. When the LPC receives the invitation attached to an Outlook Express email, it should be saved somewhere on the user?s hard drive, my preference is the Desktop for easy access. Go to the Desktop, right click on the invitation and select Open With Notepad. This will show you the contents of the Invitation. Look for the Private IP Address (192.xxx.xxx.xxx) of the RPC embedded in the message. Delete this address and insert the Public IP Address (68.xxx.xxx.xxx) of the RPC in the exact same location. Close Notepad. (An easy way to help the user of the RPC find their Public IP is to instruct them to go to a website like www.ipchicken.com. Otherwise, have the user go into the router settings of the RPC for the information.)
7. Click on the Invitation, insert the password and send the invitation. A message should pop up on the RPC asking the user if it is OK for the LPC to give assistance. As long as the user says OK, the user of the LPC should be in the driver?s seat of both PCs.

 

[Fardringle]

I'm glad you got it working. That's some good information for future reference on this issue.