Rule to allow Remote Desktop

Discussion in 'Other Ghost Security Software' started by cytscon, Oct 31, 2006.

Thread Status:
Not open for further replies.
  1. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    The Goal.
    Basically I want to be able to access my system remotely but also have the ability to access a friend/family members pc from my own.

    Background
    I've set up port forwarding on my router to allow 3389. I have a dynamic IP address so I've registered with no-ip.com so I can always locate it. All the remote settings on my pc are enabled and ready.

    The Problem
    I was able to test to see if port 3389 was working using a free tool - www.canyouseeme.org - Now at first it didn't, but then I instructed GhostWall to "AllowAll" and it worked!! No surprise there.... I tried to create a rule in GhostWall but I'm obviously doing something wrong.

    I've also tried using Windows Firewall instead of GW but that doesn't appear to work either?? Its weird...I turned off both firewalls completely (I think) so nothing was running... expecting it to work but it didn't!?!? The only way it seems to work is if I "AllowAll" in GhostWall.

    Anyone shed any light? I've attached a pic of my GW with the rule I created but I guess it must be wrong. [img=http://img171.imageshack.us/img171/9517/gwbf5pl6.th.jpg]

    Also, on my router I put protocol as both TCP & UDP (It said put both if not sure) What’s the correct one?

    Many thanks.
     
  2. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Move the last rule above "block all" by selecting it first and then press the button with the arrow pointing upwards, the priority of the ruleset works from top to bottom.
    Also closing GW doesn't meant it's closed it is still running in the background.
     
    Last edited: Oct 31, 2006
  3. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    So was the rule I created correct then? I just need to move it up? What about the protocol - Is it TCP or UDP or should I just leave it on both?
     
  4. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    UDP, if it doesn't work try both
     
  5. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Here Try this! (highlighted area!):)
     

    Attached Files:

  6. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Ok thanks!

    Can I just double check though...Is the Rule correct?

    Description: Remote Desktop
    Protocol: I'll try UDP first if doesn't work then both UDP/TCP
    Local IP: This being my computer IP
    Local Port: 3389
    Action: Allow
    Direction: Incoming
    Remote IP: Any (unless I specify a certain remote computer)
    Remote Port: Any
     
  7. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Oh right... Now I'm confued

    You've put the local IP as any? How come? Shouldn't that just be your own IP? My IP on the router is dynamic so I had to create a static one for the computer itself.

    Also I'd put Local port as 3389 whereas you've put Remote put as 3389o_O?

    Sorry could you just explain? Does this work for you? Have you got a similar set up to me?
     
  8. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    You did open port 3389 on your router. That is an external port in relation to your computer. It requires a bi-directional exchange. thus open remote port 3389 on your "Software Firewall" and it doesn't really matter which local ip it goes to as long as the proper port is the one filtered. You may want to specify which "External IP" is allowed to come in for increased security... (This would be stated in the "Remote IP" section)
     
    Last edited: Oct 31, 2006
  9. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Right, gotcha! Yes I did open (port forward) port 3389 on my router. (I hope anyway) So by putting "any" for Local IP doesn't put me at more of a security risk?
     
  10. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
  11. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Description: Remote Desktop (incoming)
    Protocol: try UDP first if doesn't work then both UDP/TCP
    Local IP: 192.168.1.2
    Local Port: 3389
    Action: Allow
    Direction: Incoming
    Remote IP: Any (unless you specify a certain remote computer)
    Remote Port: Any

    Description: Remote Desktop (outgoing)
    Protocol: I'll try UDP first if doesn't work then both UDP/TCP
    Local IP: Any (or 192.168.1.2 or specify a diff local ip)
    Local Port: Any
    Action: Allow
    Direction: outgoing
    Remote IP: Specify a certain remote computer
    Remote Port: 3389
     
  12. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Sorry dont understand? Are you just repeating what I'm saying?
     
  13. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Right! A break through maybe... Got it to work by specifing the Local Port as "3389" and the Remote Port as "Any".

    Make sense to anyone?
     
  14. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    I'm trying to tell you to make 2 rules, one for incoming and the other for outgoing :) Try this out and let us know if it works
     
  15. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Oh! 2 Rules?? Why 2? Ok I'll try.

    Read my post above...got it to work but going against whats been saido_O
     
  16. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Ok this worked. But only when I specified the Local IP as "Any". Specifing "192.168.1.2" for Incoming didn't work. And on outgoing you said for the Remote IP "Specify a certain remote computer" What d'you mean? It worked anyway, not sure its right but it worked...

    Have a look:
    [img=http://img443.imageshack.us/img443/8311/gwgu6.th.jpg]

    This has confused me even more though now. Why 2 rules?
     
  17. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Can you put the rule "allow all outbound" between "remote desktop outgoing" & "block all" and test it again i would like to know if that works.

    After looking at your first screenshot which you posted i saw your local ip 192.168.1.2 so i thought you wanted to access your computer within your LAN.

    If your goal is to access your own computer from the outside in that case you have to specify your internet address not your own local network address or you can simply use "ANY".
     
  18. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Yes it did work. Whats the reason for that? Should I keep it there or leave it at the top?
    Yes I want to be able to access my comp from outside. By internet address d'you been the IP. Mine isn't static on my router so I'll need to use a Dynamic DNS through no-ip.com

    So is that it all set up working properly now? I dont understand why I've had to create 2 rules thougho_O
     
  19. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Ok since it's not static you have to use "Any" in the Local IP field.
    Now that's working you can leave it like that.

    Remember you succeeded it the first time by using the rule you created
    Description: Remote Desktop
    Protocol: UDP/TCP
    Local IP: Any
    Local Port: 3389
    Action: Allow
    Direction: Both
    Remote IP: Any
    Remote Port: Any

    Make this rule again and put my 2 rules + "allow all outbound" below "block all"
    Do the test again and i bet it will not work. Let me know ok?
     
  20. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Sorry, you've lost me. Are you just trying to prove a point now or have I got to put in 3 rules now....sorry.
     
  21. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Above you stated you got it working by using the rule mention by Hermes but setting Local Port to 3389 and Remote Port to Any. I would like you to make this rule again BUT put the two rules (incoming/outgoing) i told you to create with the "allow all outbound" rule below the "Block All" rule and do the test again.
    I would like to see if the previous rule you created still works
     
  22. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    Ok I understand. But by putting the "allow all outbound" below the "block all" simply stops my internet connection responding! Is that what you mean't?
     
  23. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Not really but it's close. The reason that rule (direction = both) worked was because the "allow all outbound" was at the top. It allowed all protocol , any local/remote ip & port for the outgoing traffic so that rule setting direction is both was kinda double and as you can see it would not have worked if the "allow all outbound" was blocked by the "block all" rule.

    You can use either my approach using the 2 rules and put the allow all outbound in between. Or put the allow all outbound above with this rule (local ip = any, local port = 3389, remote port&ip = any) Either way you still need 2 rules. :cool:
     
  24. cytscon

    cytscon Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    19
    Location:
    West Midlands, England
    I'm not entirely sure I get it but anyway...they both work.

    This one:
    [img=http://img414.imageshack.us/img414/1610/gwpr4.th.jpg]
    Or this one:
    [img=http://img524.imageshack.us/img524/7906/gw2jr4.th.jpg]
     
  25. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I Think it would be more efficient if you had all included into the same rule.
     

    Attached Files:

Thread Status:
Not open for further replies.