Networking/Computing Tips/Tricks

One of the best features of Windows (XP Professional, Vista and Windows 7, 8, 10) is the Remote Desktop Connection feature. This feature allows you to connect to another computer as if you are using that computer.  Some examples would be:

  • allowing access to your home/small business computer when you are away

  • gaining information on one computer that is not on the system you are using

  • providing project team members access to your system(s) without revealing the network to their private system so that viruses and so forth cannot be introduced.  

In some cases you may have more than one computer or server or even virtual machines that you want to access remotely.

(Now, we assume you have Remote Desktop turned on and allowed for the machines you wish to modify.  That procedure is not covered here.)

Let's talk about how you can accomplish this.  At a high level there are three things that need to be done:

  1. Make sure each PC/VM you want to make accesible has a fixed and unique local IP address in your LAN.  This means you have to configure the IP address manually so it will work in the LAN network but never have the IP change due to a power cycle of your DHCP server (usually your Router).
  2. Make sure you have each computer that you want to support remote desktop access listening on a unique port number.  This is needed because there is a default port number all systems listen for remote desktop connections on: TCP Port 3389.  Therefore, if you want to connect to more than one system on the LAN remotely, each system needs to be on a different Port.  For example, let's assume we have 3 PCs we want to set up for remote desktop connection.  We will assign Port 3390 on PC 1, Port 3391 on PC 2, and Port 3392 on Port 3.  Don't worry, these ports are available and will not conflict with any other applications.  You can verify this here.
  3. Allow the Windows Firewall to use the port configured (other than Port 3389) for Remote Desktop Connections.
  4. Configure your Router to forward packets received on the Public IP:Port to the Private IP:Port for each system.

PLEASE READ THE COMPLETE INSTRUCTIONS BEFORE YOU START.

OK time for specifics.

Step 1: Fix the IP addresses of the PC's/VM's you want to make accessible.

You can skip to Step 2 if you already have statically configured your PC's/VM's.

Begin by discovering the Current dynamic IP Address on your PC's/VM's.

  1. Click on Start, Run
  2. Type CMD and press Enter
  3. At the blinking cursor, type "ipconfig /all" and press Enter (note the space between "ipconfig" and the /)
  4. Find the section for the Connected Ethernet Adapter and note the following  information:
    1. IP Address
    2. Subnet Mask
    3. Default Gateway
    4. DNS Servers
  5. Type "exit" and press Enter to close the window

Now, let's assign a static IP.  We suggest using the same IP it was dynamically assigned, which you discovered above.  Alternatively, you may wish to use a completely different IP address.

  1. Click on Start, Control Panel
  2. In Classic View: Open Network Connections; In Category View: Select Network and Internet Connections, then click on Network Connections
  3. Right-click on your active LAN or Internet connection
  4. Click on Properties
  5. In the General tab, highlight Internet Protocol (TCP/IP) and click Properties
  6. Under the General tab, click Use the following IP Address and enter the information you wrote down in the previous section for this computer including:
    1. IP address
    2. Subnet mask
    3. Default gateway
  7. Click the option for Use the following DNS server addresses and enter the DNS servers your router is using
  8. Click OK and then click OK again to leave the Network Settings section
  9. Restart your computer
  10. Follow the procedure above to check your current IP address and verify it's the same as before.  If you selected a different IP, then it should be changed.
  11. Finally, test the connection and make sure you can still access the Internet.  If you can, you are ready to proceed.

Step 2: Configuring the Computers on the LAN to listen to different Remote Desktop Port numbers

  1. Click on Start, Run
  2. Type REGEDIT and press Enter
  3. Click on the plus signs (+) next to the following sections in the Registry Editor in the order shown:
    1. HKEY_LOCAL_MACHINE
    2. System
    3. CurrentControlSet
    4. Control
    5. TerminalServer
    6. WinStations
  4. Click on the RDP-TCP folder to open it. 
  5. In the right-hand column find the item called PortNumber and double click it.  You should get a pop-up.
  6. In the pop-up, choose the Decimal option under Base and type the new port number (replacing the default 3389) using a port number such as 3390.  Remember, this will be different for each PC.
  7. Click OK
  8. Close the Registry Editor

You will need to repeat this procedure on each computer you wish to access remotely using a different port number in each PC.  The changes will not take effect until the PC or VM is restarted.  Before you restart, perform the next step.

Step 3: Changing the Firewall to Allow Access

Now that each computer is assigned a unique port to use for Remote Desktop, you'll have to tell the firewall running on each computer to allow that port through. Follow these steps to change the Windows Firewall to allow access.

  1. In the Control Panel, click on the option for Security Center
  2. Verify Windows Firewall is turned on and, click on Windows Firewall under the heading "Manage Security Settings For" (usually near the bottom of the screen)
  3. Click on the Exceptions tab
  4. Click on the Add Port button
  5. In the Name field, type "Remote Desktop 2"
  6. In the Port field, type the port you assigned to the computer in the previous section: 3390, or 3391, etc.
  7. Choose TCP as the protocol and Click OK
  8. Verify that there is a checkmark for the option "Remote Desktop 2"
  9. Click OK

Again, the changes will not take effect until a restart.  Restart the machine.

Time for the last step.

Step 4: Configuring your Router to Port Forward the Remote Desktop Ports to the Appropriate PC's/VM's

Now this may be different on your router type or brand, but it should be simple to adapt the procedure below to your Router.

  1. Log into your router (usually requires you to http://192.168.0.1 or http://192.168.1.1)
  2. Navigate to the"Applications and Gaming" configuration screen.  Should look something like this: Applications_Gaming
  3. Under each of the headings, you will enter one entry for each PC as follows:
  4. Application - just use the name of the PC
  5. Start - use the port number you configured (i.e. 3390)
  6. End - same number (i.e. 3390)
  7. Protocol - Select "both"
  8. IP Address - this is the local LAN IP address of the system using that Port that you fixed (i.e. 192.168.1.200)
  9. Select the Enable
  10. Repeat this process for each computer you configured.
  11. Save the Settings.

 

Also, it's best if your internet connection to your LAN is assigned a static IP by your ISP. If you dont have a static IP, you will find it harder to connect because your IP will change each time your router is rebooted. To discover your current LAN IP, go to the website WhatIsMyIP.COM and it will show you your current IP.

As an alternative, you can sign up for a free Dynamic DNS account to track your IP and have the ability to access your network. You can sign up for DynDNS by visiting their site at http://www.dyndns.com or http://www.tzo.net

 

Verification: Now you can test the remote desktop connections from another location.

  1. On your laptop or another computer not connected to your LAN, open the Remote Desktop Connection software under Accessories and Communications
  2. On the Remote Desktop screen, type the IP of the network you want to connect to followed by a colon and the port number you wish to connect to.  For example: 15.10.10.10:3390 or www.yourdyndns.tzo.net:3390
  3. Finally, click connect and see if you can reach your computer. If the connection is successful, you will be presented with the login screen for your computer.  Type your username and password, then click Ok to access your computer.
  4. Test this connection for each computer you wish to connect to behind your local area network.

We have sucessfully tested this process ourselves, but let us know if you come across anything we are missing. 

 

Comments powered by CComment

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP Assessment AToM Baseline BGP Bloom's Taxonomy Broadband Cable cat CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud CMD Coloring Rules Computer Consulting Customer Support Data Center Data Networking DHCPv6 DNS Docker Documentation Dublin-Traceroute dumpcap ECMP Ethernet Ethics Evaluation Field Operations Fragmentation G-MPLS GeoIP Git GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 India Interface Control Internet IoT IPsec IPv4 IPv6 IRINN IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC Macro Microsoft mininet Monitoring MPLS mtr MTU Multicast Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap NSE Observations Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Paris-Traceroute Parrot PIM PMTU Policy POTS POTS to Pipes PPP Profile Programming Project Management PW3E Python QoS QUIC Remote Desktop Requirements Resume Review RIP Routing RPL RSVP Rural SDN Security Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark Testing TLS Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN Writing Zenmap ZigBee

Twitter Feed