Rule to allow Remote Desktop

The Goal.
Basically I want to be able to access my system remotely but also have the ability to access a friend/family members pc from my own.

Background
I've set up port forwarding on my router to allow 3389. I have a dynamic IP address so I've registered with no-ip.com so I can always locate it. All the remote settings on my pc are enabled and ready.

The Problem
I was able to test to see if port 3389 was working using a free tool - www.canyouseeme.org - Now at first it didn't, but then I instructed GhostWall to "AllowAll" and it worked!! No surprise there.... I tried to create a rule in GhostWall but I'm obviously doing something wrong.

I've also tried using Windows Firewall instead of GW but that doesn't appear to work either?? Its weird...I turned off both firewalls completely (I think) so nothing was running... expecting it to work but it didn't!?!? The only way it seems to work is if I "AllowAll" in GhostWall.

Anyone shed any light? I've attached a pic of my GW with the rule I created but I guess it must be wrong. [img=http://img171.imageshack.us/img171/9517/gwbf5pl6.th.jpg]

Also, on my router I put protocol as both TCP & UDP (It said put both if not sure) What’s the correct one?

Many thanks.

 

Move the last rule above "block all" by selecting it first and then press the button with the arrow pointing upwards, the priority of the ruleset works from top to bottom.
Also closing GW doesn't meant it's closed it is still running in the background.

 

So was the rule I created correct then? I just need to move it up? What about the protocol - Is it TCP or UDP or should I just leave it on both?

 

UDP, if it doesn't work try both

 

Here Try this! (highlighted area!)

 

Ok thanks!

Can I just double check though...Is the Rule correct?

Description: Remote Desktop
Protocol: I'll try UDP first if doesn't work then both UDP/TCP
Local IP: This being my computer IP
Local Port: 3389
Action: Allow
Direction: Incoming
Remote IP: Any (unless I specify a certain remote computer)
Remote Port: Any

 

Oh right... Now I'm confued

You've put the local IP as any? How come? Shouldn't that just be your own IP? My IP on the router is dynamic so I had to create a static one for the computer itself.

Also I'd put Local port as 3389 whereas you've put Remote put as 3389?

Sorry could you just explain? Does this work for you? Have you got a similar set up to me?

 

You did open port 3389 on your router. That is an external port in relation to your computer. It requires a bi-directional exchange. thus open remote port 3389 on your "Software Firewall" and it doesn't really matter which local ip it goes to as long as the proper port is the one filtered. You may want to specify which "External IP" is allowed to come in for increased security... (This would be stated in the "Remote IP" section)

 

Right, gotcha! Yes I did open (port forward) port 3389 on my router. (I hope anyway) So by putting "any" for Local IP doesn't put me at more of a security risk?

 

Right I've set the rule as you stated - Have a look:
[img=http://img508.imageshack.us/img508/2326/gwwy4.th.jpg]

But when I use that www.canyouseeme.org it still doesn't find me, but again if I just press "allowall" it finds the port. Help!

 

Description: Remote Desktop (incoming)
Protocol: try UDP first if doesn't work then both UDP/TCP
Local IP: 192.168.1.2
Local Port: 3389
Action: Allow
Direction: Incoming
Remote IP: Any (unless you specify a certain remote computer)
Remote Port: Any

Description: Remote Desktop (outgoing)
Protocol: I'll try UDP first if doesn't work then both UDP/TCP
Local IP: Any (or 192.168.1.2 or specify a diff local ip)
Local Port: Any
Action: Allow
Direction: outgoing
Remote IP: Specify a certain remote computer
Remote Port: 3389

 

Sorry dont understand? Are you just repeating what I'm saying?

 

Right! A break through maybe... Got it to work by specifing the Local Port as "3389" and the Remote Port as "Any".

Make sense to anyone?

 

I'm trying to tell you to make 2 rules, one for incoming and the other for outgoing Try this out and let us know if it works

 

Oh! 2 Rules?? Why 2? Ok I'll try.

Read my post above...got it to work but going against whats been said

 

Ok this worked. But only when I specified the Local IP as "Any". Specifing "192.168.1.2" for Incoming didn't work. And on outgoing you said for the Remote IP "Specify a certain remote computer" What d'you mean? It worked anyway, not sure its right but it worked...

Have a look:
[img=http://img443.imageshack.us/img443/8311/gwgu6.th.jpg]

This has confused me even more though now. Why 2 rules?

 

Can you put the rule "allow all outbound" between "remote desktop outgoing" & "block all" and test it again i would like to know if that works.

After looking at your first screenshot which you posted i saw your local ip 192.168.1.2 so i thought you wanted to access your computer within your LAN.

If your goal is to access your own computer from the outside in that case you have to specify your internet address not your own local network address or you can simply use "ANY".

 

Yes it did work. Whats the reason for that? Should I keep it there or leave it at the top?

Yes I want to be able to access my comp from outside. By internet address d'you been the IP. Mine isn't static on my router so I'll need to use a Dynamic DNS through no-ip.com

So is that it all set up working properly now? I dont understand why I've had to create 2 rules though

 

Ok since it's not static you have to use "Any" in the Local IP field.
Now that's working you can leave it like that.

Remember you succeeded it the first time by using the rule you created
Description: Remote Desktop
Protocol: UDP/TCP
Local IP: Any
Local Port: 3389
Action: Allow
Direction: Both
Remote IP: Any
Remote Port: Any

Make this rule again and put my 2 rules + "allow all outbound" below "block all"
Do the test again and i bet it will not work. Let me know ok?

 

Sorry, you've lost me. Are you just trying to prove a point now or have I got to put in 3 rules now....sorry.

 

Above you stated you got it working by using the rule mention by Hermes but setting Local Port to 3389 and Remote Port to Any. I would like you to make this rule again BUT put the two rules (incoming/outgoing) i told you to create with the "allow all outbound" rule below the "Block All" rule and do the test again.
I would like to see if the previous rule you created still works

 

Ok I understand. But by putting the "allow all outbound" below the "block all" simply stops my internet connection responding! Is that what you mean't?

 

Not really but it's close. The reason that rule (direction = both) worked was because the "allow all outbound" was at the top. It allowed all protocol , any local/remote ip & port for the outgoing traffic so that rule setting direction is both was kinda double and as you can see it would not have worked if the "allow all outbound" was blocked by the "block all" rule.

You can use either my approach using the 2 rules and put the allow all outbound in between. Or put the allow all outbound above with this rule (local ip = any, local port = 3389, remote port&ip = any) Either way you still need 2 rules.

 

I'm not entirely sure I get it but anyway...they both work.

This one:
[img=http://img414.imageshack.us/img414/1610/gwpr4.th.jpg]
Or this one:
[img=http://img524.imageshack.us/img524/7906/gw2jr4.th.jpg]

 

I Think it would be more efficient if you had all included into the same rule.