DNS Issue on Server - Help

Status
Not open for further replies.
btw...Remote Desktop Connection on 2003 has up to 128 bit encryption, depending on what the client PC is capable of.
 
Nice. But if I don't do that, then I have to have port forwarding?

Yes. If you use Windows "Remote Desktop Connection" you'll need to open a port through the router.

My :2cents:: If you have a strong user password policy on the server, and you use Windows update on a regular basis - the Windows Remote vulnerabilities are minimal. Besides, weren't you using W.R. before the router replacement?

Hamachi is a nice product, but it also has it's own vulnerabilities. Personally, I lean towards a simple / minimalist approach. Why bring in a third party if unnecessary?

Like I said, that's just my :2cents:

We were using WR before the router was replaced, but I don't know if were using port forwarding or a third party program. I doubt it was the latter, but my boss didn't recall ever having to set up port forwarding either.

If your client PCs on the WAN side of the Firewall were using specifically Microsoft's Remote Desktop Connection I don't see how you could do it without opening a port on the router.

If you can, look at one of the clients Remote Desktop Connection setups. Is it pointing to the WAN IP address of the firewall? If so, then you weren't going through a third party.
 
Port forwarding is necessary to get through the router. I'm not aware of any vulnerabilities with Hamachi. The only interaction with the third party server is during the initial connection, after which a secure VPN tunnel between the two machines is established. Definitely, the simplest way would just be to forward the TCP 3389 port on the router to whatever the static IP is for your Windows 2003 machine.
 
Alright, here's where we were at when I came in today:

Although the DNS that the router was giving to the server was the same, the server said it was something completely different. I set up port forwarding in the router for TCP port 3389, but RDC won't connect from a computer outside the local network.
 
Alright, here's where we were at when I came in today:

Although the DNS that the router was giving to the server was the same, the server said it was something completely different. I set up port forwarding in the router for TCP port 3389, but RDC won't connect from a computer outside the local network.

Two things:

Is the client's RDC pointing to the correct IP address (the firewall's WAN Side IP)?

Is the firewall pointing to the correct IP (The server's)?
 
If I set the port to be forwarded, does that also mean it's open? Or is the router set to forward that when I do decide to open it?
 
On the router, I have two sections that look very similar. One is the port forwarding and the other is True Static IP Port Management. Do I need to concern myself with the latter?
 
never mind the PM, I got distracted :um:

On the router, I have two sections that look very similar. One is the port forwarding and the other is True Static IP Port Management. Do I need to concern myself with the latter?

I don't know what the "True Static IP Port Management" could be.

From a PC outside of your lan (Home, etc.), in a 'dos' window, you need to run ping as shown:

Ping 123.456.789.123 <enter>
(substitute your WAN SIDE IP for the numbers)

If you get a reply - good, if not - you've got something wrong with the address.
 
Awesome. I'll keep these suggestions ready for when I go back in. I'm only there an hour or two at a time, because it's such a small space. I get in the way of everyone else working.
 
When you use the GRC | Shields Up! Site...

Click Proceed

Then you'll see a blank field in the middle to enter the custom ports you want to scan.

Type: 3389 then click: "User Specified Custom Port Probe"

It will scan your FW to see if the 3389 port is open, then give you a report.

If you are "Stealth" or "Closed" on that port then it's not open to do it's job.

If the port is Open, then you probably have the port forwarded to the wrong address (should be the server's) in the FW.

OR

You don't have the "Enabled" box checked on the Port forwarding screen in your FW. :p

I hope it goes well, Good night and God Bless.
 
Status
Not open for further replies.
Back
Top