WinXP Remote Desktop via the Internet

[leeym]

Is it possible to connect one WinXP box through the Internet to another within a corporate network via the Remote Desktop. If so, should I just enter the IP address of the host computer name along with the firewall port assigned to it (i.e. 100.100.100.100:81)? Is it that simple?

Also, are there designated firewall ports for Remote Desktop?

Thanks

 

[spyordie007]

yes, so long as TCP traffic can make it from one host to the other.

the default port for remote desktop is 3389

-Erik

 

[leeym]

Great. Now what If I have multiple machine within my network that need to be controlled remotely? Should I assign other ports, such as 3390, 3391, etc?

Thanks

 

[spyordie007]

you should be able to direct multiple ports on your firewall to the same port and differant ips internally; this is the way I've done it in several setups.

ie:
x.x.x.x:3385 > a.a.a.a:3389
x.x.x.x:3386 > a.a.a.b:3389
x.x.x.x:3387 > a.a.a.c:3389
x.x.x.x:3388 > a.a.a.d:3389
x.x.x.x:3389 > a.a.a.e:3389
and so on...

-Erik

 

[leeym]

One more thing. Do you have any encryption settings enabled. Thanks man

 

[spyordie007]

encryption for what?

 

[leeym]

well if I'm off-site and I access files remotely using Remote Desktop over the Internet, someone can sniff out the info being passed back and forth. At least in PC Anywhere there are different levels of encryption settings.

Does this make sense, or am I rambling?...LOL

Thanks

 

[spyordie007]

in 2k3 server and xp's remote desktop there is 128bit session encryption already taking place

 

[leeym]

I did not know that. With all the reading I've done on this subject, I'm surprised that fact has yet to be cited. Can you direct me to a site where it gives me more info about its encryption methods?

Thanks

 

[spyordie007]

doing a quick search I cant find any really good articles to direct you to, but here are a few to start with:
http://support.microsoft.com/default.aspx?scid=kb;en-us;275727
http://www.infosysintel.com/Content/Networking/remotedesktop.asp
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html (see the paragraph on using encryption)

Note that with 2K or 2K3 server you can specify what the minimum encryption level to allow on down-level clients, I dont think there is a way to specify this within the GUI for XP Pro (it might be possible with a registry entry).

-Erik

 

[Cr0nJ0b]

I do SSH tunneling from the office to home. Passing the SSH over the router to the internal network. I don't have the same issue you do with routing to multiple servers since my SSH endpoint is on my firewall router. In Putty you can just tell it which clients to forward packets to.

anyways...ssh tunneling is the perferred way to dial in over the internet. opening ports is always a risky endeavour, since anyone can then use those ports.

winbeta.org has some good papers on shh tunneling for RDP under the XP forums.

 

[leeym]

These articles were great. I have now changed the encyption settings on my Windows 2003 Server to 'high.'

New question: I've got another server but's on WinXP. How can I change the encryption settings here as I think the process to do so is different.

Thanks

 

[leeym]

hey man,

again your insight has been great. i did try adding another port on my firewall and assigned it to another winxp box. i gave it 3388, but it didnt work. i double checked that it would accept incoming connections. what's odfd is that i can to it within my network. thoughts?

thoughts.

 

[spyordie007]

I've got another server but's on WinXP. How can I change the encryption settings here as I think the process to do so is different.

Like I said I'm not sure if it's possible to change the required encryption settings under XP; if it's possible it will probably be a registry setting. If I get some spare time later tonight I'll go through some of the documentation I have to see if I can find a key that will do it.

i did try adding another port on my firewall and assigned it to another winxp box. i gave it 3388, but it didnt work. i double checked that it would accept incoming connections. what's odfd is that i can to it within my network. thoughts?

What firewall are you using? Most firewalls are going to work like this; but I wouldnt be surprised if there are some out there that wont work.

-Erik

 

[spyordie007]

okay I did some checking and I couldnt find any registry keys that would force high encryption on XP servers. Not that this means it isnt possible of course, the truth is out there...

-Erik

 

[yelo333]

You might want to check out tight VNC, available here, as, although I've never tried remote desktop, is very full-featured(especially the development version 🙂):

http://www.tightvnc.com/

 

[Allanv]

You will also need to change the listening port if forwarding to another XP boxen.

i have 4 boxes behind a router and have changed the ports in the regisrty to

3388, 4000 4050 5000, they are then all running a dns client so i would pick a pc like this

server1.dynu.com:4050
server2.dynu.com:3388

How to change the listening port

reboot and then connect to them from the outside, remember to port forward from the router to the servers the correct ports

Regards

Allanv

 

[spyordie007]

Originally posted by: Allanv
You will also need to change the listening port if forwarding to another XP boxen.

i have 4 boxes behind a router and have changed the ports in the regisrty to

3388, 4000 4050 5000, they are then all running a dns client so i would pick a pc like this

server1.dynu.com:4050
server2.dynu.com:3388

How to change the listening port

reboot and then connect to them from the outside, remember to port forward from the router to the servers the correct ports

Regards

Allanv

You dont have to change the listening port, most firewalls will allow you to configure their port forwarding from a differant external port that than which your service is listening on.