What will happen if you set up remote desktop

[Ksyder]

I am currently setup to remote desktop into my computer at home where it is setup to forward the RDP connection to my lan ip address. However, I need remote access to a 2nd computer at home. I could set the router to port forward to the 2nd computer but I don't know what will happen if I have 2 different port forwards set up to 2 different computers on the same port.

I don't remember the ports offhand but if its relevant I can come back and add it.

I could try it but I'm out of town so I have no physical access to the router or pc's, so I'm afraid if I change it I might lose remote access altogether.

 

[mxnerd]

Logmein.com free account is better solution for home users. It's a lot faster and you don't have to worry about port forwarding even if you have multiple computers behind a router.

 

[Ksyder]

Great, I'll look into that. Thanks.

 

[her209]

You could port forward:

public ip:3389 to pc#1:3389
public ip:3390 to pc#2:3389

 

[mxnerd]

If you changed RDP port, you still have to change the registry

http://support.microsoft.com/kb/306759

http://support.microsoft.com/kb/304304/

 

[Nothinman]

I could set the router to port forward to the 2nd computer but I don't know what will happen if I have 2 different port forwards set up to 2 different computers on the same port.

You can't, how would the router know which internal host you meant whenever you connect?

If you changed RDP port, you still have to change the registry

Not if you just change the forwarded port on the router like her209 suggests.

 

[mxnerd]

Originally posted by: Nothinman

If you changed RDP port, you still have to change the registry

Not if you just change the forwarded port on the router like her209 suggests.

You mean registry doesn't have to be touched if ports being forwarded like that?

So only the client part must be modified like Microsoft said in here?

http://support.microsoft.com/kb/304304/

 

[Nothinman]

You mean registry doesn't have to be touched if ports being forwarded like that?

Right, the server is still listening on port 3389 regardless of what the router/firewall is forwarding on.

 

[Ksyder]

Originally posted by: Nothinman

I could set the router to port forward to the 2nd computer but I don't know what will happen if I have 2 different port forwards set up to 2 different computers on the same port.

You can't, how would the router know which internal host you meant whenever you connect?

Yes this was the original problem that would seem to occur if I tried to have 2 port forwards. Also, FWIW, one pc is running Vista Ultimate and the other is XP.

 

[mxnerd]

Originally posted by: Nothinman

You mean registry doesn't have to be touched if ports being forwarded like that?

Right, the server is still listening on port 3389 regardless of what the router/firewall is forwarding on.

Thanks.

I still suggest using Logmein for home users unless they want remote printing and file sharing and they don't have to worry about port forwarding.

My personal experience is Logmein is faster and won't disconnect as often as remote desktop.

 

[Ksyder]

Thanks for the replies, guys, I haven't had much of a chance to read up too much on what you guys are suggesting but I certainly will take a look here soon after the christmas/family time/basketball madness is over.

 

[Red Squirrel]

Do not have RDP directly accessable to the internet. That's a huge security risk. People could sit there all day trying to guess the password and you'll never know of it. I don't even think it makes any kind of log.

Setup a VPN or SSH gateway, then RDP from there.

 

[Nothinman]

Do not have RDP directly accessable to the internet. That's a huge security risk. People could sit there all day trying to guess the password and you'll never know of it. I don't even think it makes any kind of log.

RDP is encrypted and the logging in uses standard Windows login stuff so if you have a proper security policy in place it's not a problem.

 

[Red Squirrel]

You're still stuck managing that security on every machine rather then one central point though, and windows logs are not the easiest to parse, linux has tools such as fail2ban that can help detect brute force for ssh out of the box. (if going ssh tunnel route, but I'm sure fail2ban has some templates for openvpn or other solutions).

My current remote setup consists of a ssh gateway vm with decent security, and that vm is behind a NAT in which only allows certain ports out (to my main network). So in order to remote into a machine on my network I need to ssh in and then VNC into the ssh gateway (or I could map a tunneled port directly) then from vnc I can remote in. More complex but more secure then opening up each box individually.

logmein is also a great concept but I personally would not like the idea of relying on an external service + having my traffic going to through an extra path. Not sure if it's encrypted or not either, I'm hoping it at least is.

 

[JackMDS]

UltraVNC with AES encryption.

Simple and secure, http://www.ezlan.net/vnc.html

End of the page shows how to configure it for few computers on the same Network, takes less then 3 minuted work for each computer.

 

[RebateMonger]

Originally posted by: RedSquirrel
logmein is also a great concept but I personally would not like the idea of relying on an external service + having my traffic going to through an extra path. Not sure if it's encrypted or not either, I'm hoping it at least is.

While I have slight reservations about using external companies for some services, Logmein has a pretty good reputation and is widely used. It uses SSL certificates and traffic is encrypted.

 

[Nothinman]

You're still stuck managing that security on every machine rather then one central point though,

This thread is about a home machine, that means there's only point to manage. And if you've got enough machines that it matters you should be using GPOs to manage those settings anyway.

 

[RebateMonger]

It doesn't get much attention, but a Windows Home Server box can manage remote access for you. You turn on the remote access feature and bring up its default web site. It offers a list of all client PCs in the home or office for remote access. The clients still need to be Vista Business, Vista Ultimate, XP Pro, XP Tablet, or XP MCE.

WHS uses the same system as Windows Small Business Server 2003, SBS 2008, and Server 2008 to manage multiple incoming remote access requests on TCP Port 4125, which it translates to TCP Port 3389 for the internal RDP sessions.