Teledata
@t-dialin.net
| [Kerio 4.x] Kerio/Sunbelt blocks RDP
Hello,
i've got a Problem: I am trying to connect my PC from another computer with the RDP, which is included in Windows XP. Everytime i switch of the firewall, it works. I created a rule, but i am not sure if that is the right rule.
Please see the screenshots below:
»www.eriks-light-house.de/hc_001.jpg
»www.eriks-light-house.de/hc_002.jpg
»www.eriks-light-house.de/hc_003.jpg
For Help I would be very thankfull - If you need more information, don't hesitate to ask 
Teledata |
|
Mister_E
join:2004-04-02
Etobicoke, ON
edit:
August 22nd, @11:11PM
| I believe your port rules are too strict - RDP expects communication to be directed to local port 3389, however, the outgoing port used for communication could be any. Picture above is from Kerio 2.15, but you should get the idea:
If you're connecting from a computer with Kerio installed (as in the pic above), you need to set the local end point port to be any and the remote end point to be 3389 (and ideally specified to the ip address you're connecting to).
If it's the computer you're trying to control remotely that has Kerio installed, the opposite would be true - e.g. connection is to local port 3389, but the remote port can be varied. |
|
Teledata
@t-dialin.net
| Hi,
thank you for your quick reply.
I changed the rule like in the screen below:
»www.eriks-light-house.de/hc_004.jpg
But it still don't work. It try to connect from another PC to my PC at home. My PC at home has the kerio/sunbelt firewall installed. As I said - if I shut down the firewall, it works.
Do you have any other idea? |
|
Mister_E
join:2004-04-02
Etobicoke, ON
edit:
August 24th, @01:24AM
| First, I would specify the protocol as TCP.
Then, for the local port, you need to specify 3389 - don't specify all ports as this will leave your system open!
For the remote options, the port number should be set to all (or blank - I don't remember what Kerio 4.x uses). If the IP you're connecting from doesn't change (e.g. a static internet IP) you can specify it for added security - otherwise, don't specify an IP or set an IP range that belongs to the IP block you connect from.
Finally, the application specified should be C:\WINDOWS\system32\svchost.exe (as it's svchost that's listening to requests on port 3389 and will manage the Terminal services connection - assuming you're running XP at home). If this doesn't work, you may have to change the application specified to 'Any' to allow communication on port 3389 to get where it needs to go.
Also, if you have a router in between the home PC you're connecting to, you may have configure it to port forward 3389 to the PC's internal IP address. (If your router supports a VPN connection/VPN server, you'll be better off using this to establish the connection - see below.)
BE WARNED though, opening port 3389 is a security risk - many port scanners check to see if this port is open and attack via it, etc. The best solution is to set up a VPN connection first, then run Remote Desktop over the VPN. |
|
