You need to use port forwarding.

Example: we use ultravnc and port 5903 is forwarded to our internal address
192.168.1.3

5904 goes to 192.168.1.4
etc.....

Remotely we use 64.37.182.40:5903 to access Edit Bay 1
and 64.37.182.40:5904 to access Edit Bay 2

We also have enabled Wake-On-Lan on each computer to enable us to turn on
a computer from home. This has saved me a trip back to the office!

I have set up port forwarding to port 1389 (which is what remote desktop uses). I even called D-Link and they said that it was Microsoft's sub par application. I find this unlikely as I use remote desktop all the time at work (state agency).

I am still at a loss and would like to get it going with Microsoft's remote desktop.

I will check out the software link above, I also looked at Sourceforge.net for remote desktop software but I hate installing stuff that I don't know will work (this is a Vista 64 system).

j razz

You should be forwarding TCP 3389 (UDP 3389 might also be used for audio/ clipboard functions) for Remote Desktop.

If pertinent, the Windows firewall should have the scope broad enough to allow external IPs to have access. Usually this is simply a tickbox, but as you can access from the local address range (IP subnet) - that is probably fine.

The address you target from the Internet should be the Internet side of the D-Link. You may have public IPs enough for your workstations too, but I'll assume that you don't at this stage. 192.168.x.y, 172.16.0.0 thru 172.31.255.255, 10.x.y.z and 169.254.x.y are all useless addresses to target from the Internet. They should only have a purpose in the private network.

from a cmd.exe prompt, enter this command:
netstat -an

this will allow you to see what ports are being listened to.
It is wise to keep a long password and to change the administrator's username from administrator to something else. Or to impose an access policy based on source addresses from the perspective of the big outside. Alternatively swap out your D-Link router for a unit that supports a VPN. Then you'll have a high security protocol and you'll probably also be able to browse your office network as part of your network neighborhood (instead of having to remember lots of public IP numbers). Security is a lot easier with an onion skin approach too.

I generally prefer to use VNC (UltraVNC specifically) to establish the connection if I'm checking back on my render progress etc. Just because Vegas throws a wobbly when it sees the virtual-audio device override the native audio device on the machine. Even if you connect and reconnect, it doesn't seem to enjoy the audio subsystem changes that Windows forces on it. In these situations I'd rather do without sound and keep running with stability.

1) Make sure destination PC has a password set on the account - remote desktop will not work without full username and password credentials

I changed the port to what you described above via d-links direct page. It was a no go. Same message.

I am using the pc's actual IP address to connect not the routers. I also am using a username and password that corresponds to that particular pc.

I have also made sure that all allowances have been made for Remote Desktop on the PC I am trying to access. Still a no go.

This makes me want to go get a new router!

j razz

If you PC address is Internet routable. Which isn't all that uncommon for businesses.... Then you may need to adjust the D-Link's firewall.

Firstly, the D-Link needs to route your PCs traffic to the Internet rather than masquerading the local addresses behind it's external/internet-side address. Check on the routed-subnet modes of the D-link.

Once you've done this then only the firewall rules (which maybe direction-context-sensitive) could be in the way. You could try dropping the firewall but do so only with the RDP machine as the only PC on the LAN side of the router. Also ensure that Windows has all other ports firewall protected (check the exceptions and presented services in the control panel tool).

Most routers assume that you have non-routable addresses on the LAN side. They won't care that you are not using one of the private address ranges that I mentioned earlier. I assume you are not? (If you are then you are simply using the wrong public IP when you are targetting).

Finally (for now), where are you testing from? It is often difficult to simulate an external connection experience from the same side of the network as where the host lives. Some routers allow this folding-back experience, but most are too thick to do it right (whether port forwarded or NAT'd).

You've certainly been confused along the line. If you use a router for port forwarding, then implicitly you would use the public IP of that router. Not any routed subnets that the ISP has provided you with. Possibly the WAN/internet address of the D-Link is not in the same block as you've issued to your PCs (which in IP terms makes your network a routed one rather than a bridge-forwarded network).

Sorry if I've gone all too techie on you.


netstat -an should show 'SYN' when you do eventually hit your host PC.
If you are unsure of the diags from the remote desktop client, from a cmd.exe prompt:
telnet <public IP that befits this> 3389

and if the screen clears - you've connected. the host netstat -an should show a new connection.

If it rejects, then you need to find out what has rejected. Possibly the firewall, but also, possibly the ISP if they don't let certain ports be presented. But RDP is an unusual one for them to restrict as it is a low bandwidth app in the large majority of cases.

I am almost positive I understood maybe two sentences of what you said.

I have been testing via my office as well as my home (inside and outside of the LAN).

I tried the cmd you gave below but it says it is not recognizable as a command (telnet). I tried it with the space between the > and the 3389 and I tried it together (of course I supplied my ip).

If you care to invest anymore time in this, email me and I can give you access to try it.

j razz

I've written you a personal mail. Primarily attempting to understand the numbering (IP topology) environment you are working to right now.

www.whatismy.com and www.whatismyip.com are good URLs to run across multiple machines at the (RDP) hosting location you want to access. Then if everything comes up as being masqueraded by the D-Link, then we know that port forwarding is the main objective. If each PC has a repeatable and consistent static address then there is probably a D-Link packet filter in the way.

Maybe personal email will be easier..... I'm rather a novice at D-link gear. GUI/command controls seem to change drastically between models (unlike ciscoSystems and DrayTek ).

Networking is full of strange concepts but although IT people blame the telecoms industry, the Internet Protocol was made this incomprehensible by computer geeks primarily!

RBartlett knows his stuff. Thanks for all the help on this.

j razz