Windows Remote Desktop: Configuring Your Firewall and Router
By Eric Geier
In Part 1 of this tutorial series, we configured Windows to accept remote desktop connections, so we can log into and use a PC anywhere in the World with Microsoft's Remote Desktop Connection client application. In Part 2, we configured Windows to accept remote connections via a Web browser, so the client application doesn't have to be installed on the computer from which you are connecting.
However, neither of these methods will work until your firewall is configured to allow remote connections. This tutorial addresses that. Plus, to connect to your PC via the Internet, your router must be properly configured.
In this tutorial, we'll tell the firewall on the PC that's hosting the remote connection that it is okay to allow incoming connections on the appropriate port. We'll also tell your router where to forward remote desktop connections. Let's get started.
Letting the Traffic Past Your Firewall
Since you will be trying to connect to your PC from the local network or Internet, your firewall software must be configured to let the traffic through. Enabling the Remote Desktop feature on Windows automatically configures Windows Firewall with the appropriate settings; however, you must manually configure any other third-party firewall software you have installed on your computer. To do this, add UDP port 3389 (which Remote Desktop uses) to your firewall's authorized list. If needed, refer to the help and documentation of the firewall program for assistance.
It's possible to change your Windows Firewall settings and accidentally mess up the setting automatically made when you enabled Remote Desktop. Therefore, to be on the safe side we'll verify Remote Desktop connections can pass through.
If you are also setting up Web access to the Remote Desktop Connection, you must add TCP port 80 (or the port you choose for IIS if you changed from the default) to your Windows Firewall and any other third-party firewall. Windows doesn't automatically add this port to the authorized list, so you will have to do it yourself.
Follow these steps in Windows Vista to verify the Windows Firewall settings or add the Web access port:
If you're using Windows XP, here's how to verify the Windows Firewall settings and/or add the Web access port:
If you are using other third-party firewall utilities, make sure you add these ports to them as well. If you find you're having problems later when connecting, consider disabling all firewall software except Windows Firewall.
Configuring Your Router
If your PC isn't directly connected to your Internet modem, and it is running through a wired or wireless router, you must configure the router to connect to the Remote Desktop connection via the Internet. This configuration lets your router know where to direct Remote Desktop connections that originate from the Internet.
Configuring your router consists of setting it to forward data, which comes in to certain ports, to the computer you have set up with the Remote Desktop Connection. For either Windows XP or Vista, TCP port 3389 (which Remote Desktop uses) must be forwarded to the Remote Desktop PC. If you are setting up Web access, you also must forward TCP port 80 (or the non-default port you set) to the host computer.
If you aren't sure exactly how to set up these port forwards, these steps should help:
Now you must make sure the port(s) are always forwarded to the correct computer. If you are using dynamic IP addresses on your local network (which is the default method), meaning they're automatically assigned to your computers using the router's DHCP server, you'll need to do some additional configuration. You must assign a static IP address to at least the computer that's going to be hosting the Remote Desktop Connection. This is because the IP address you just set up to forward the ports to will sometime be given to another computer or become unused if it's being automatically assigned.
You have two ways you can go about giving your computer a permanent IP address. You can reserve an IP address for the computer in the router's configuration utility, if your router supports it. This is preferred so you don't have to change your computer's actual settings and connecting to other networks will be much easier. However, if the feature isn't available you can always manually assign your computer (network adapter) with a static IP address in Windows, such as Figure 4 shows.Stay tuned-in for the final installment of this series, where we'll connect to the remote desktop connection via the client application and via Web access. Plus, we'll discuss how to overcome having a dynamic (changing) IP address.
About the Author: Eric Geier is the Founder and President of Sky-Nets, a Wi-Fi Hotspot Network. He is also the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).
For more help, check out the PracticallyNetworked Forums.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|