Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question on Remote Administration multiple servers behind firewall.

Status
Not open for further replies.
dwessell

dwessell

Programmer
Jan 26, 2006
114
US
I have two servers sitting behind a firewall that handles NAT. Of course only the firewall has a public IP.

I have installed and setup Terminal Services, and forwarded that port to one of the servers. Now users can use Terminal Services to remotely access applications, and I can use it to remotely Administer that server.

However, that still leaves me with one server that I would like to be able to remotely administer. If I understand correctly, there isn't a difference between the Remote Desktop for Administration and using Remote Desktop for Terminal Services.. Except for licensing of course.. Am I correct in this?

And is so, in order to remotely administer the second machine, I would just need to setup remote administration to utilize a different port, and then forward that port.. Correct?

Thanks
David
 
Sort by date Sort by votes
What type of firewall?

You COULD set it up that port 3389 of your external firewall, points to port 3389 of server #1 internally

Then pick another port... say... 13389 externally, pointed to port 3389 internally...

However, you are circumventing the purposes of Firewalls. With all the nasties out there that specifically target port 3389, are you sure you want to expose your internal network?

Wouldn't something like VPN be a better option for you?
 
Upvote 0 Downvote
Hi hunterdw,

Unfortunately the VPN won't work for our remote workers. One of the main pieces of software that they use just choke on the upstream bandwith.. Even if we increased our bandwith to a 1.5 T1, I'm still not guaranteed that it would work.. Leaving me with Terminal Services as the best option for remote working.

I would like to be able to remotely administer the servers as well. Thus forwarding port 3389 to server two (That has Terminal Services installed). Then thinking of having server one allow Remote Desktop Administration over port 13389, and have that port forwarded to server one.. So that both servers could be administered remotely, and allow users to use the Terminal Services when working remotely...

Thanks
David
 
Upvote 0 Downvote
It's an option. You really don't have to change your servers though. On your firewall, you could forward ports however you want.

Just because it's 3389 internally, doesn't mean you have to "advertise" 3389 externally...

You could RDP server.domain.com:12345 and have a firewall rule that says in effect, "if you get traffic on 12345, forward to port 3389 on server #1"

Then... going forward... "listen on 23456 and forward to port 3389 on server #2"

or whatever

it's about your firewall rules.

What I described works perfectly on linksys, cisco pix, and any linux based ipchains firewalls. I've done it before. and do it still at times when VPN isn't an option as you stated.

--DW
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
521
MaioMaio
MaioMaio
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
403
DrB0b
DrB0b
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
326
StevenFromSouth
StevenFromSouth
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
258
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top