Remote Desktop / Internet vs. External IP

[mystikmedia]

I recently got a new Motrola Surfboard gateway with the router and modem in one.

When I am in my office, I can connect to my PC without any trouble from my phone using the 192.168.0.5 IP address. However, when I try to connect using the external IP address (which I am sure is correct), it does not work. Anyone know what I need to do to make it work? Thank you.

 

[mystikmedia]

Opps. The subject on this post should have been "Internal vs External"...not Internet.

 

[Hawkeye22]

It sounds like your firewall is blocking WAN connections. You need to port forward TCP port 3389 to your computer.

 

[mystikmedia]

Unfortunately, that did not fix it. I can still connect using the internal IP address when I am in my office, but I cannot connect using the external IP address. I followed the instructions here just to be sure I had it correct: http://portforward.com/english/routers/port_forwarding/Motorola/SBG6580/Remote_Desktop.htm

 

[Hawkeye22]

Do you get an error when you try to connect or does it just wait and timeout? If it waits and times out, then it sounds like it being blocked. Check your windows firewall and make sure remote desktop is allowed over the WAN. Make sure your PC has a static IP address or the port forwarding will be useless.

 

[mystikmedia]

Thanks much for the replies. I have the Windows Firewall disabled. The Surfboard Firewall says it is not blocking any ports. I get the wait and timeout result. I use No-Ip to always keep my IP accessible from a domain URL, and it does have the correct URL.

 

[Hawkeye22]

Have you tried your WAN IP address. I know No-IP is supposed to track that, but I'd try the WAN IP address just in case. This is a pretty simple process that should just work. The onlything that can go wrong is the windows firewall (you say is off), the router's firewall, and router port forwarding. Remote desktop's listen port is 3389 by default. As long as no one changed it, it should work.

 

[mystikmedia]

Yes, I tried the WAN IP. No luck, unfortunately. I will check the rest again.

 

[mystikmedia]

This is what I have for the settings. Should anything be different?

www.blazemp.com/temp/port_forwarding.jpg

 

[eibgrad]

Hmm, sounds to me like the OP is saying he's trying to access the remote desktop using the WAN IP *** while on the same internal network ***! IOW, NOT from the actual internet side. If that's the case, this is normal. Most routers will NOT allow you access the external IP from inside the network (aka, NAT loopback).

 

[mystikmedia]

Well, I have tried it from outside of my network area too. It does not work there either.

 

[eibgrad]

And where might that outside network be? Not every network is equal. For example, if you're using your workplace as that outside network, it's entirely possible they're using a local firewall/proxy to BLOCK outbound connections in some cases (for security reasons).

That’s why you need to be VERY specific when describing a problem like this. Words like “office” might mean your home or workplace office. Or “outside network” might mean Mickey D’s open wifi or (again) your workplace. And each can present unique problems.

 

[mystikmedia]

Sorry about that. Let me try again...

Until I got my new router/modem combo (Motorola Surfboard Gateway), I had a separate modem and router. At that time, I could connect from my phone over 3G (Verizon) or WiFi to my PB via a Remote Desktop app. It uses the standard Windows Remote Desktop functionality. However, now that I am using the Surfboard Gateway, it will connect using the local IP, and will NOT connect using the WAN IP, whether I am at home where the WiFi is or in the car where it's 3G or 4G.

 

[mystikmedia]

PB = PC above (replying from phone)

 

[Hawkeye22]

I can still connect using the internal IP address when I am in my office, but I cannot connect using the external IP address.

Well, I have tried it from outside of my network area too. It does not work there either.

First you said you can connect from inside your network, then you said you can't connect from either. Which is it?

From outside your network, you need to connect to the WAN IP, but as I said eralier, you need to port forward port 3389 to your PC that you want to remote into. It will help if this PC has a static IP address otherwise port forwarding will be useless the next time your PC changes IP address.

 

[mystikmedia]

What I meant is... I had tried it when I was outside of the area of my WiFi. Meaning that my network would then not be active.

I got it working this morning. There is a DMZ setting, which opened it up. I am all set now. Thanks.

 

[Hawkeye22]

Be very careful putting it in a DMZ. This means all open ports are accessible from the Internet, not just the remote desktop port. If you don't have strong filters in place, this PC will be vunerable to outside attack.

 

[Boscogn]

You need to go into your router and port forward your WAN IP to your PC's LAN IP. So when you hit your WAN IP via RDP (port 3389) it forwards to your desktop PC. I believe you can even lock it further down by port # or you can set it to any/any.

 

[Bucc]

Does limiting the TCP and UDP ports in the port forwarding to only 3389 for RDP remove vulnerabilities that arise from invoking the DMZ or does the DMZ create other vulnerabilities that should be considered? Hawkeye22 mentioned putting filters in place, I assumed this meant limiting the forwarded ports but not sure. Thanks for any light!

You need to go into your router and port forward your WAN IP to your PC's LAN IP. So when you hit your WAN IP via RDP (port 3389) it forwards to your desktop PC. I believe you can even lock it further down by port # or you can set it to any/any.