Need to open up ports for our company's server

[DeonH]

Hi all and thank you for your help. (I have posted this on the TP-Link forum but have had no reply yet.)

I need to open up port for remote desktop to our company's server.

I had to move our server from our office (which has a netgear router) to my home and I have a TP-Link TD-W8980 router. We are moving and new office does not have ADSL connection yet.

I know I have to open port 3389 for remote desktop. (Just for interesting sake, I can connect to the router via dyndns already, meaning my new IP address is already OK.)
In the router, I went to Forwarding | Virtual Servers and added a new service as follows:
Interface: pppoe_8_35_0_d (This note worries me just before the settings for interface: "Note: Virtual Server setup is supported only when there is available interface. Ports used by Remote Management or CWMP will not work." Does this mean that this router cannot do port forwarding.)
Service Port: 3389
IP Address: 192.168.1.150 (This is the IP address assigned to the server.)
Protocol: TCP
Status: Enabled

I did the same for Port Triggering.

For IPv4 Firewall, I have the following settings:
Mode: IP Address
Description: Remote Desktop
IP address: 192.168.1.150
Port: 3389

For some reason I do not understand, I cannot connect with Remote Desktop to the server. I get the 3 familiar messages that I cannot connect because the remote computer is switched off and so.

Can someone please help me out with what else I need to do to get this working. I need it to work within about 10 hours' time.

Please help me out.
Regards,
Deon

 

[guest2013-1]

Try select Protocol "All", and not just limiting yourself to TCP

The interface is just the router/modem. It's basically telling it where to expect the incoming connection from


Scan the router with a free online firewall checker to see which ports are open. I'm thinking maybe the port is open, and that the server is actually rejecting the connection, not the firewall.

Love how your company lets you host the server on dirty electricity btw.

Link:
http://www.manualslib.com/manual/444168/Tp-Link-Td-W8980.html?page=83#manual

 

[beesknieg]

Well if I had to do it i would never open my server to the world RDP is not very secure and you will get a few attack attempts if you leave your setup as is

If i was you i would look at setting up some kind of VPN and RDP after you secured a tunnel, but that is just me and what do I know

 

[AlphaJohn]

Well if I had to do it i would never open my server to the world RDP is not very secure and you will get a few attack attempts if you leave your setup as is

If i was you i would look at setting up some kind of VPN and RDP after you secured a tunnel, but that is just me and what do I know

^ This

Smoothwall + VPN tunnel is the way to go.

Don't know how people can leave Windows boxes open on the net. Just had to clean one again last month where the co left Terminal server out in the "open".

Edit: Forgot to mention the hacker left me a cool toy to play with: DUBrute, probably to attack another box. Once you see how this puppy works you will understand the fear.

 

[Bern]

Well if I had to do it i would never open my server to the world RDP is not very secure and you will get a few attack attempts if you leave your setup as is

If i was you i would look at setting up some kind of VPN and RDP after you secured a tunnel, but that is just me and what do I know

DO NOT open rdp up to the internet unless you are ok with getting hacked. I think TP - Link has a VPN option, use that or set up a Smoothwall or PFSense (my favourite) and use OpenVPN. You will need to set up a Dynamic DNS account as well unless your home connection includes a static IP.

 

[Dean]

Hi all and thank you for your help. (I have posted this on the TP-Link forum but have had no reply yet.)

I need to open up port for remote desktop to our company's server.

I had to move our server from our office (which has a netgear router) to my home and I have a TP-Link TD-W8980 router. We are moving and new office does not have ADSL connection yet.

I know I have to open port 3389 for remote desktop. (Just for interesting sake, I can connect to the router via dyndns already, meaning my new IP address is already OK.)
In the router, I went to Forwarding | Virtual Servers and added a new service as follows:
Interface: pppoe_8_35_0_d (This note worries me just before the settings for interface: "Note: Virtual Server setup is supported only when there is available interface. Ports used by Remote Management or CWMP will not work." Does this mean that this router cannot do port forwarding.)
Service Port: 3389
IP Address: 192.168.1.150 (This is the IP address assigned to the server.)
Protocol: TCP
Status: Enabled

I did the same for Port Triggering.

For IPv4 Firewall, I have the following settings:
Mode: IP Address
Description: Remote Desktop
IP address: 192.168.1.150
Port: 3389

For some reason I do not understand, I cannot connect with Remote Desktop to the server. I get the 3 familiar messages that I cannot connect because the remote computer is switched off and so.

Can someone please help me out with what else I need to do to get this working. I need it to work within about 10 hours' time.

Please help me out.
Regards,
Deon

This is very easy to do. I say this because I did it myself - only to get hacked and used as a node to target another attack on an educational institution in the states.
Really don't recommend it - I changed the setup to use Teamviewer after that happened twice in two weeks :/

 

[PsyWulf]

Logmein,Teamviewer,ammyy,or VPN + RDP

Opening RDP to the WWW directly is an invitation for chaos

 

[AlphaJohn]

Or simply just gimme your IP once your rdp is up and I will show you why its a bad idea

 

[nilsloff]

As has been said before: RDP on the Internet is a Very Bad Idea. Shall we start a bet on how long it will take to get hacked?

 

[DeonH]

Thanx guys for all the replies. I do get your point and that said, I take your point.

Our need is to connect remotely to our profiles on the server. How would you suggest we do it?

Thank you once again for your help.
Deon

 

[@udiS3]

Thanx guys for all the replies. I do get your point and that said, I take your point.

Our need is to connect remotely to our profiles on the server. How would you suggest we do it?

Thank you once again for your help.
Deon

Leaving your server accessible on the internet is not a good idea, as stated in the previous posts.

Configuring OpenVPN (generating keys, config) is time consuming and especially so
if you haven't worked with the tech before.

Considering the time frame, I would probably take the easiest route for now:
1) Smoothwall - vpn tunnel (will require a bit of setup/config and testing)
2) eleNet - cloud managed vpn

With eleNet you can create a vpn in a matter of minutes and any vpn client can dial in
using a choice of pptp/l2tp/openvpn. You also easily configure a vpn firewall in order to
allow/deny services on a particular vpn client.

 

[shauntir]

Interesting thread. Made me think about RDP security much more as well. Here's a good article I came across: The Dark Side of RDP.

So, as others have suggested. Create a VPN and perhaps change the port number for RDP.

 

[Bern]

Check your TP-Link - I am pretty sure they have a VPN feature you can use, the manual should have a simple how to on setting it up.

 

[shauntir]

Also, when you're trying to connect, ensure that the user you added to the RDP settings is part of the Administrator or Remote Desktop Connect? group...I think that may be causing an issue for you.