Remote Desktop from work to home

A

azn712

Limp Gawd
Joined
Oct 2, 2004
Messages
369
I recently setup the remote desktop function on my HTPC at home and enabled remote access function in my router. I forwarded all the ports required for remote desktop as well as the ports for WOL. Last night, i was able to remote access my router, and my HTPC from a friend's home(a home network, instead of a work network).

Today, i am having trouble accessing my router and my HTPC(at work, with a work laptop). I did manage to access my router via proxies. So i am thinking, the problem may be due to the company's network settings/configurations.

So my question is: is there anyway that i could test whether the company allows outbond remote desktop? If it turns out that they dont, Are there any web based services allow me to access my HTPC remotely? I actually do like windows 7's RD client that came with OS. So that would be my first choice, but i guess i will settle for any cheap(free) third party softwares.

thanks for the help guys.

update

*****My focus for now is to find a web-based service that is able to access the Remote Desktop Client on my HTPC*****
 
Last edited:
A lot of the places I do installs at block outbount remote desktop. Its normal.

Try Logmein/TeamViewer

load up join.me session on your htpc. copy the link then try to access it at work.
 
I would either go with

logmein (has free version), or

VPN into your network then RDP.
 
koolaidkitten said:
Couldn't you just change the port #?
or switch to VNC.
Click to expand...

VNC may work too.

As far as changing the port....

My g/f is a teacher and runs the PC Club. Which in turn means I run the PC club :mad:

I setup 8 VM's at my house and forwarded ports appropriately so they could RDP into them for a project I set up for them.

For instance I would forward 3390 on my WAN to 3389 to a specific VM

then they tried to connect to hostname:3390 and it was a no go. didnt matter what port they used.

So for the OP its definitly worth trying, but it could be hit or miss.
 
jadams said:
A lot of the places I do installs at block outbount remote desktop. Its normal.

Try Logmein/TeamViewer

load up join.me session on your htpc. copy the link then try to access it at work.
Click to expand...

Changed to a different port, still doesnt work.

Thanks for all the third party software suggestions. This is probably just me, but i dont feel comfortable running an other server software when i already have the default RDP running. At the moment, i still would like to do this via RDP, but will turn to VNC if there is no other options.


Also, why can't i remote access my router? That's just strange to me. Do businesses normally block that as well?
 
Last edited:
What kind of router is it? Probably safe to assume its not setup to accept connections for the gui on the wan interface. If it has that option, enable it. If not forward a port to the LAN interface.

A convenient thing LMI uses is a direct link to connect to your pc. You dont have to login to your account then connect to it. Just fire up your browser and navigate to the link and you're presented with a login right into your pc.
 
You can set up a tunnel on your box at home. VPN or SSH. And use the tunnel to connect to it and access your RDP server.
 
They may be blocking port 3389 on your corporate lan.

azn712 said:
I recently setup the remote desktop function on my HTPC at home and enabled remote access function in my router. I forwarded all the ports required for remote desktop as well as the ports for WOL. Last night, i was able to remote access my router, and my HTPC from a friend's home(a home network, instead of a work network).

Today, i am having trouble accessing my router and my HTPC(at work, with a work laptop). I did manage to access my router via proxies. So i am thinking, the problem may be due to the company's network settings/configurations.

So my question is: is there anyway that i could test whether the company allows outbond remote desktop? If it turns out that they dont, Are there any web based services allow me to access my HTPC remotely? I actually do like windows 7's RD client that came with OS. So that would be my first choice, but i guess i will settle for any cheap(free) third party softwares.

thanks for the help guys.
Click to expand...
 
jadams said:
What kind of router is it? Probably safe to assume its not setup to accept connections for the gui on the wan interface. If it has that option, enable it. If not forward a port to the LAN interface.

A convenient thing LMI uses is a direct link to connect to your pc. You dont have to login to your account then connect to it. Just fire up your browser and navigate to the link and you're presented with a login right into your pc.
Click to expand...

I was able to connect from a friend's place. So all the settings should be fine on my router's end.

You can set up a tunnel on your box at home. VPN or SSH. And use the tunnel to connect to it and access your RDP server.
Click to expand...

Could you elaborate please?

They may be blocking port 3389 on your corporate lan.
Click to expand...

I tried port 500, no success. Also, do i need to change the settings on my HTPC's RDP in order for it to take connections through ports other than 3389?
 
azn712 said:
Also, do i need to change the settings on my HTPC's RDP in order for it to take connections through ports other than 3389?
Click to expand...

You can change rdp's lisetning port in the registry but i advise against it. Instead specify a redirect of some static port to redirect to 3389 on the box you're trying to get to. Does this make sense?

This is what I did in my earlier post when I was setting up the vm's at my location for her pc club project.
 
Don't open RDP, VNC or anything like that to the outside. Too dangerous. Setup a SSH server and use a SSH tunnel instead. Also don't use the standard SSH port, use anything but that. Also if you want to be even safer, install fail2ban to block IPs that fail to login more then nn times. If you don't use a different port you MUST have fail2ban or you'll get hacked in a matter of hours by brute force bots.
 
haha, sounds like i am approaching this the wrong way. Here is what i ultimated wanted to achieve with the RDP idea. Maybe this is an easier way to do this.

I want to be able to remote control my uTorrent. (I know that uTorrent has a build-in server, but i dont normally download the torrent tracker/seed/file in advance) So i need to somehow control the computer, so i can download the torrent tracker/seed/file from a torrent search engine.
I would like to achieve this without keeping my computer on the whole time (WOL function) and perhaps a way to put it to sleep once i am done with using it.
 
utorrent's webgui allows you to open a torrent form the gui, or by address. No need to have access to the machine.

For complete ease of use I'd still recommend LogMeIn, just too easy to setup vs anything else.
 
Wow you guys...

One of the rules is not to circumvent network controls put in place on a school or workplace system...
 
jadams said:
utorrent's webgui allows you to open a torrent form the gui, or by address. No need to have access to the machine.

For complete ease of use I'd still recommend LogMeIn, just too easy to setup vs anything else.
Click to expand...

jadams is correct......but I like doing things the hard way. It is more fun and you learn a lot. I think you should setup a VPN server. :D
 
sc0tty8 said:
Wow you guys...

One of the rules is not to circumvent network controls put in place on a school or workplace system...
Click to expand...

The torrenting is happening off their network, so it's not really a big deal.

I'd still use the SSH tunnel, or VPN idea though. SSH Tunnel is easier to setup. Even if you don't care about THAT box, if it does get hacked they can hack the rest of your network from there. There's a lot of worms and bots out there that will do this in a matter of seconds. RDP or VNC open to the outside is asking for trouble.
 
Red Squirrel said:
The torrenting is happening off their network, so it's not really a big deal.

I'd still use the SSH tunnel, or VPN idea though. SSH Tunnel is easier to setup. Even if you don't care about THAT box, if it does get hacked they can hack the rest of your network from there. There's a lot of worms and bots out there that will do this in a matter of seconds. RDP or VNC open to the outside is asking for trouble.
Click to expand...

If you setup password policies with a lockout after so many invalid attempts is it any different than someone trying to get in while on your lan?

I admit, not the most secure thing to do. but just a question.
 
jadams said:
If you setup password policies with a lockout after so many invalid attempts is it any different than someone trying to get in while on your lan?

I admit, not the most secure thing to do. but just a question.
Click to expand...

If there is a way in RDP to block the IP after too many invalid tries, then that could probably work ok as well. The key is being able to give nn strikes then block the IP. Just locking out the whole account temporarily and such can help a bit but wont do much. Bots have unlimited time, so while it will take longer, they will still eventually get in. It could take days, weeks, months, even years, but they will get in. Windows also lacks when it comes to the logging department, so you'll have no clue that someone is trying to get in.

Another thing you can do is if you are planing to access it from only one or few places, block all IPs except for the places you will be accessing it from. That's what I do for my home VPN. I sometimes log in from work, and only my work IP is allowed.
 
Blocking by IP would be most secure I agree, if it were possible. Also, couldnt I create a rule on my firewall to only allow incoming traffic on 3389 from certain IP's (my work having a static one) Plus if the account is disabled randomly one day that would definitely throw up a red flag. I'd also disable the local admin account and create a new one under a different name. Also a policy that would force a password change every 30 days rather than 90. I'd also do a port redirect, I wouldnt have 3389 open. Id only accept the incoming request on a really random port in the 60k range somewhere.

In the end its all too much headache... LMI and forget it.

This reminds me of our ftp server at work that I've caught brute force bots on twice in the last 3 months. They try to use the admin account for which there isnt one. I think I'll create an admin account on it and give it access to one folder just to see what they upload to it. :D
 
You could block at the firewall too if that's easier. That may even be the best bet, that way it's in one central location.
 
You must log in or register to reply here.
Back
Top