Sign in with
Sign up | Sign in
Your question

Allowing multiple users to connect to multiple desktops

Last response: in Windows XP
Share
Anonymous
August 11, 2005 1:32:03 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I configured and got remote access to work for connecting myself to my office
computer. I conigured our router to forward port 3389 to my office's
internal IP address. Question being, how do I let others at my office do
the same. Do I forward port 3389 to their IP address at the same time? That
doesn't seem right to me. Or should I forward different port numbers to
their respective IP's? If so, what port numbers? Does it make a difference
which ports? Pleaes advise.
Anonymous
August 11, 2005 4:13:44 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

There are various strategies available...Not in any particular order...

* You could setup a VPN and tunnel all of your RDP requests through that.

http://www.microsoft.com/windowsserver2003/technologies...
http://www.onecomputerguy.com/networking/xp_vpn_server....
http://www.onecomputerguy.com/networking/xp_vpn.htm

Do you run any type of server on your network now?

An alternative to the above is to use a VPN end-point router and have your
remote clients connect to that. Here are some examples of those...

http://www.zyxel.com/product/category1.php?indexcate1=1...
http://www.linksys.com/servlet/Satellite?childpagename=...

* Open multiple ports on the firewall to the different machines...

http://theillustratednetwork.mvps.org/RemoteDesktop/Mul...

* Use a SSH tunnel to access multiple machines through one hole in the
firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
use a 2048-bit RSA private/public key pair for authentication...

http://sshwindows.sourceforge.net/
http://www.bitvise.com/tunnelier.html

How I did that with PuTTY...

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH...

* Use this SSL-VPN solution...This is very easy to setup and use...

http://3sp.com/showSslExplorer.do
http://www.broadbandreports.com/forum/remark,13775231

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"FWS" <FWS@discussions.microsoft.com> wrote in message
news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
>I configured and got remote access to work for connecting myself to my
>office
> computer. I conigured our router to forward port 3389 to my office's
> internal IP address. Question being, how do I let others at my office do
> the same. Do I forward port 3389 to their IP address at the same time?
> That
> doesn't seem right to me. Or should I forward different port numbers to
> their respective IP's? If so, what port numbers? Does it make a
> difference
> which ports? Pleaes advise.
Anonymous
August 11, 2005 4:13:45 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Thank you for the reply.

We use a pier-to-pier network for our small company. No server per se.

We have a netgear router. The link you send about opening other ports was
based on a linksys router and it references "Redirected Port" and "Listening
Port". On the Netgear, it has "Start Port" and "End Port" in the port
forwarding configuration. Are those the same?

FWS

"Sooner Al [MVP]" wrote:

> There are various strategies available...Not in any particular order...
>
> * You could setup a VPN and tunnel all of your RDP requests through that.
>
> http://www.microsoft.com/windowsserver2003/technologies...
> http://www.onecomputerguy.com/networking/xp_vpn_server....
> http://www.onecomputerguy.com/networking/xp_vpn.htm
>
> Do you run any type of server on your network now?
>
> An alternative to the above is to use a VPN end-point router and have your
> remote clients connect to that. Here are some examples of those...
>
> http://www.zyxel.com/product/category1.php?indexcate1=1...
> http://www.linksys.com/servlet/Satellite?childpagename=...
>
> * Open multiple ports on the firewall to the different machines...
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/Mul...
>
> * Use a SSH tunnel to access multiple machines through one hole in the
> firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
> use a 2048-bit RSA private/public key pair for authentication...
>
> http://sshwindows.sourceforge.net/
> http://www.bitvise.com/tunnelier.html
>
> How I did that with PuTTY...
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH...
>
> * Use this SSL-VPN solution...This is very easy to setup and use...
>
> http://3sp.com/showSslExplorer.do
> http://www.broadbandreports.com/forum/remark,13775231
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "FWS" <FWS@discussions.microsoft.com> wrote in message
> news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
> >I configured and got remote access to work for connecting myself to my
> >office
> > computer. I conigured our router to forward port 3389 to my office's
> > internal IP address. Question being, how do I let others at my office do
> > the same. Do I forward port 3389 to their IP address at the same time?
> > That
> > doesn't seem right to me. Or should I forward different port numbers to
> > their respective IP's? If so, what port numbers? Does it make a
> > difference
> > which ports? Pleaes advise.
>
>
>
Related resources
Anonymous
August 11, 2005 4:13:45 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Also, since we aren't running a server, can we create the VPN without any
additional equipment/software? Just create the connection like the second
link shows? Once you establish the VPN connection, you then create the
Remote Desktop connection? Using the local IP address since you're alaready
connected? Does using the VPN connection still require forwarding port 3389?

Thanks for your help.

FWS

"Sooner Al [MVP]" wrote:

> There are various strategies available...Not in any particular order...
>
> * You could setup a VPN and tunnel all of your RDP requests through that.
>
> http://www.microsoft.com/windowsserver2003/technologies...
> http://www.onecomputerguy.com/networking/xp_vpn_server....
> http://www.onecomputerguy.com/networking/xp_vpn.htm
>
> Do you run any type of server on your network now?
>
> An alternative to the above is to use a VPN end-point router and have your
> remote clients connect to that. Here are some examples of those...
>
> http://www.zyxel.com/product/category1.php?indexcate1=1...
> http://www.linksys.com/servlet/Satellite?childpagename=...
>
> * Open multiple ports on the firewall to the different machines...
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/Mul...
>
> * Use a SSH tunnel to access multiple machines through one hole in the
> firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
> use a 2048-bit RSA private/public key pair for authentication...
>
> http://sshwindows.sourceforge.net/
> http://www.bitvise.com/tunnelier.html
>
> How I did that with PuTTY...
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH...
>
> * Use this SSL-VPN solution...This is very easy to setup and use...
>
> http://3sp.com/showSslExplorer.do
> http://www.broadbandreports.com/forum/remark,13775231
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "FWS" <FWS@discussions.microsoft.com> wrote in message
> news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
> >I configured and got remote access to work for connecting myself to my
> >office
> > computer. I conigured our router to forward port 3389 to my office's
> > internal IP address. Question being, how do I let others at my office do
> > the same. Do I forward port 3389 to their IP address at the same time?
> > That
> > doesn't seem right to me. Or should I forward different port numbers to
> > their respective IP's? If so, what port numbers? Does it make a
> > difference
> > which ports? Pleaes advise.
>
>
>
Anonymous
August 11, 2005 6:36:02 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The downside with the XP PPTP VPN server is that you can only have one
incoming connection at a time. That's why I like either the SSH or SSL-VPN
solution if your not going to run a W2003 VPN server.

In the case of SSH you only need TCP Port 22 open. All incoming connections
go through that and each user can access her/his PC via the SSH tunnel. The
same with the SSL-VPN solution. In that case you only need TCP Port 443 open
to the server PC.

You would not need TCP Port 3389 open if you use either SSH, the SSL-VPN or
a W2003 VPN solution. All traffic goes through the tunnel...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"FWS" <FWS@discussions.microsoft.com> wrote in message
news:CEC73D21-C385-4C02-A69F-5459438F55AF@microsoft.com...
> Also, since we aren't running a server, can we create the VPN without any
> additional equipment/software? Just create the connection like the second
> link shows? Once you establish the VPN connection, you then create the
> Remote Desktop connection? Using the local IP address since you're
> alaready
> connected? Does using the VPN connection still require forwarding port
> 3389?
>
> Thanks for your help.
>
> FWS
>
> "Sooner Al [MVP]" wrote:
>
>> There are various strategies available...Not in any particular order...
>>
>> * You could setup a VPN and tunnel all of your RDP requests through that.
>>
>> http://www.microsoft.com/windowsserver2003/technologies...
>> http://www.onecomputerguy.com/networking/xp_vpn_server....
>> http://www.onecomputerguy.com/networking/xp_vpn.htm
>>
>> Do you run any type of server on your network now?
>>
>> An alternative to the above is to use a VPN end-point router and have
>> your
>> remote clients connect to that. Here are some examples of those...
>>
>> http://www.zyxel.com/product/category1.php?indexcate1=1...
>> http://www.linksys.com/servlet/Satellite?childpagename=...
>>
>> * Open multiple ports on the firewall to the different machines...
>>
>> http://theillustratednetwork.mvps.org/RemoteDesktop/Mul...
>>
>> * Use a SSH tunnel to access multiple machines through one hole in the
>> firewall, ie. TCP Port 22...I use this to access my home LAN...In my case
>> I
>> use a 2048-bit RSA private/public key pair for authentication...
>>
>> http://sshwindows.sourceforge.net/
>> http://www.bitvise.com/tunnelier.html
>>
>> How I did that with PuTTY...
>>
>> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH...
>>
>> * Use this SSL-VPN solution...This is very easy to setup and use...
>>
>> http://3sp.com/showSslExplorer.do
>> http://www.broadbandreports.com/forum/remark,13775231
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>>
>> "FWS" <FWS@discussions.microsoft.com> wrote in message
>> news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
>> >I configured and got remote access to work for connecting myself to my
>> >office
>> > computer. I conigured our router to forward port 3389 to my office's
>> > internal IP address. Question being, how do I let others at my office
>> > do
>> > the same. Do I forward port 3389 to their IP address at the same time?
>> > That
>> > doesn't seem right to me. Or should I forward different port numbers
>> > to
>> > their respective IP's? If so, what port numbers? Does it make a
>> > difference
>> > which ports? Pleaes advise.
>>
>>
>>
Anonymous
August 11, 2005 11:30:06 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

FWS <FWS@discussions.microsoft.com> wrote:

> We have a netgear router. The link you send about opening other
> ports was based on a linksys router and it references "Redirected
> Port" and "Listening Port". On the Netgear, it has "Start Port" and
> "End Port" in the port forwarding configuration. Are those the same?

No. "Start Port" and "End Port" refer to the numbers at the start and end of
a range of redirected ports. In your case, you will wish to redirect only
one port per local PC, so the start and end port numbers will be the same.

--
Robin Walker [MVP Networking]
rdhw@cam.ac.uk
Anonymous
August 11, 2005 11:30:07 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Then I what do I do with the "redirected port" and "listening port"....I
don't see those entries in my Netgear configurations........ Please advise.

FWS

"Robin Walker [MVP]" wrote:

> FWS <FWS@discussions.microsoft.com> wrote:
>
> > We have a netgear router. The link you send about opening other
> > ports was based on a linksys router and it references "Redirected
> > Port" and "Listening Port". On the Netgear, it has "Start Port" and
> > "End Port" in the port forwarding configuration. Are those the same?
>
> No. "Start Port" and "End Port" refer to the numbers at the start and end of
> a range of redirected ports. In your case, you will wish to redirect only
> one port per local PC, so the start and end port numbers will be the same.
>
> --
> Robin Walker [MVP Networking]
> rdhw@cam.ac.uk
>
>
>
Anonymous
August 12, 2005 9:06:00 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If your router does not support port redirection you can use the second
method described where you change the listening port on each PC to something
other than the default. Then setup your router as described.

Or...use the SSH or SSL-VPN method...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"FWS" <FWS@discussions.microsoft.com> wrote in message
news:2654F276-5B9B-4EAB-BFC8-DA3C98380D04@microsoft.com...
> Then I what do I do with the "redirected port" and "listening port"....I
> don't see those entries in my Netgear configurations........ Please
> advise.
>
> FWS
>
> "Robin Walker [MVP]" wrote:
>
>> FWS <FWS@discussions.microsoft.com> wrote:
>>
>> > We have a netgear router. The link you send about opening other
>> > ports was based on a linksys router and it references "Redirected
>> > Port" and "Listening Port". On the Netgear, it has "Start Port" and
>> > "End Port" in the port forwarding configuration. Are those the same?
>>
>> No. "Start Port" and "End Port" refer to the numbers at the start and end
>> of
>> a range of redirected ports. In your case, you will wish to redirect
>> only
>> one port per local PC, so the start and end port numbers will be the
>> same.
>>
>> --
>> Robin Walker [MVP Networking]
>> rdhw@cam.ac.uk
>>
>>
>>
Anonymous
August 12, 2005 4:31:09 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

FWS <FWS@discussions.microsoft.com> wrote:

> Then I what do I do with the "redirected port" and "listening
> port"....I don't see those entries in my Netgear
> configurations........

Consult your Netgear manual. Doing port translation might or might not be
supported. For instance, it is not supported on the normal Linksys
configuration. With Linksys, it is only supported on UPnP port-forwarding.

--
Robin Walker [MVP Networking]
rdhw@cam.ac.uk
Anonymous
August 13, 2005 2:45:08 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

FWS,

The really, really simple answer to your question is:

1. forward TCPIP from router to your PCs as follows:
3389 to pc 1
3390 to pc 2
3391 to pc 3
All at the router level

2. Then I use XP's advanced firewall settings to change the UPnP routing on
each client to tell it that 339x is 3389 on the machine. Note: if your
router supports UPnP, then step 1 is redundant.
3. And then I make sure 3389 is allowed on the firewall of each PC


Then each person can log in using the standard client with the following
convention:
your routers wan ip address:33xx

I use this all the time in a small office environment. But I use a
different block of ports so as to avoid hacker curiosity.

If you are just trying to allow yourself access to multiple machines (rather
than many:many), you can try this:
1. set up remote adminstration of your router to an obscure port
2. set up 3389 to forward to a target PC
3. log in to router first, enable the forward
4. log into remote PC
5. When finished, log back into router and turn off the forward
With this method, you don't have to add a bunch of funky forwards to the
router, nor funky upnp forwards. Works for me.



"FWS" wrote:

> Also, since we aren't running a server, can we create the VPN without any
> additional equipment/software? Just create the connection like the second
> link shows? Once you establish the VPN connection, you then create the
> Remote Desktop connection? Using the local IP address since you're alaready
> connected? Does using the VPN connection still require forwarding port 3389?
>
> Thanks for your help.
>
> FWS
>
> "Sooner Al [MVP]" wrote:
>
> > There are various strategies available...Not in any particular order...
> >
> > * You could setup a VPN and tunnel all of your RDP requests through that.
> >
> > http://www.microsoft.com/windowsserver2003/technologies...
> > http://www.onecomputerguy.com/networking/xp_vpn_server....
> > http://www.onecomputerguy.com/networking/xp_vpn.htm
> >
> > Do you run any type of server on your network now?
> >
> > An alternative to the above is to use a VPN end-point router and have your
> > remote clients connect to that. Here are some examples of those...
> >
> > http://www.zyxel.com/product/category1.php?indexcate1=1...
> > http://www.linksys.com/servlet/Satellite?childpagename=...
> >
> > * Open multiple ports on the firewall to the different machines...
> >
> > http://theillustratednetwork.mvps.org/RemoteDesktop/Mul...
> >
> > * Use a SSH tunnel to access multiple machines through one hole in the
> > firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
> > use a 2048-bit RSA private/public key pair for authentication...
> >
> > http://sshwindows.sourceforge.net/
> > http://www.bitvise.com/tunnelier.html
> >
> > How I did that with PuTTY...
> >
> > http://theillustratednetwork.mvps.org/RemoteDesktop/SSH...
> >
> > * Use this SSL-VPN solution...This is very easy to setup and use...
> >
> > http://3sp.com/showSslExplorer.do
> > http://www.broadbandreports.com/forum/remark,13775231
> >
> > --
> >
> > Al Jarvi (MS-MVP Windows Networking)
> >
> > Please post *ALL* questions and replies to the news group for the mutual
> > benefit of all of us...
> > The MS-MVP Program - http://mvp.support.microsoft.com
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights...
> >
> >
> > "FWS" <FWS@discussions.microsoft.com> wrote in message
> > news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
> > >I configured and got remote access to work for connecting myself to my
> > >office
> > > computer. I conigured our router to forward port 3389 to my office's
> > > internal IP address. Question being, how do I let others at my office do
> > > the same. Do I forward port 3389 to their IP address at the same time?
> > > That
> > > doesn't seem right to me. Or should I forward different port numbers to
> > > their respective IP's? If so, what port numbers? Does it make a
> > > difference
> > > which ports? Pleaes advise.
> >
> >
> >
!