Rule to allow Remote Desktop

Hi cytcson,
For remote Desktop (from your PC to a remote PC) the first rule in your ruleset will cover this. (allow all Protocols outgoing)
For remote Desktop (from remote PC to your PC) you just need allow incoming to local port 3389 from any remote port. (any replies will be returned by your first rule)
So,... you can use the rules from your second posted image,.. and delete the 2 rules that are below the "block all" rule.

 

Hi,.. this rule you have posted (pic) will work for outbound remote desktop due to the "allow all outbound" rule. But it would not work for inbound (remote desktop from remote PC) as the remote PC will use random ports <1024 to connect in.

 

Sure. I usually only use the function in outbound remote admin situations and never for inbound so I never tested it in reverse. Keep in mind my original post recommended for him to be using "Any" Local port I also said he should state the actual remote IP (If static) since it would solve the issue.

 

So to round this up then.....cause I'm losing the will...

So is this correct? Will let me access my system from any remote system but also let me access other people's from my machine? [img=http://img89.imageshack.us/img89/8660/gwgj8.th.jpg]

I understand that stating the remote IP will increase security but for me it kind of deafeats the object as I wont want to access my system from just one other remote system. I want to have the ability to access my system from wherever I go.

 

This screenshot is correct, actually you almost had it correct the first screenshot you posted except you had to move a level up and change the local ip to Any instead of putting 192.168.1.2
I think cytscon is probably confused by our instructions lol anyway it works so leave it as it is.
By the way did you try using the protocol "UDP" or "TCP" or does it require both to work? Just curious since i can't test it myself.

 

Actually to confuse things further.... I would never use the MS version of remote admin inbound... I simply don't trust it. PC Anywhere when configured properly is better in my opinion and is more reliable and secure... Even a version of VNC is free and it works better. No dropped connection or weird errors and outright refusal to connect for no good reasons other than you have to reboot the pc to fix it. Anything is better than Microsoft for remote admin.


Just a thought!

 

Very confused by all your babble! You mean we went through all that and now you tell me I almost had it right in the first place!!! Ha!!

Yes I did. They both worked individually. Should I just use UDP then? Dare I ask..."Whats the difference?"

I have actually looked into using UltraVNC or RealVNC but I figured MS might be a bit more straight forward to start with (Ha Ha!! ) VNC uses port 5900 instead of 3389 doesn't it?

 

Yes that should work correctly.

Remote desktop will require TCP, to allow the connections.

 

Well the first time i told you to move the rule up. I thought you already tried it out. According to Stem you need both the protocols, but it worked for you by selecting only UDP. Perhaps the rule "allow all outbound" used the 2 protocols so your "remote desktop" rule doesn't require TCP/UDP. True TCP is needed for the connection.

If you adjust the rules "allow all outbound" + "remote desktop" -> only UDP protocol i wonder if it still works. Try this out and we know for sure
(don't forget to click on "modify rule" or the changes won't occur)

Whether you choose UDP or UDP/TCP it won't add any security risk.
And to your question about the difference between these 2 protocols eh you are better off without knowing. It will confuse you totally i don't want your brains to melt.

 

By adjusting the rule "allow all outbound" to UDP only stops my internet connection from working.

 

UDP

TCP

 

Port 5900 and JavaViewer port 5800

 

So would it just be a case of port forwarding those two on my router like I did with 3389 and then making two rules in GW - one for 5900 and one for 5800?

 

Technically speaking you are doing the same thing only from a different port set.

 

Cheers guys! Really appreciate the help!