Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 firewall - allow alternate ports for RDP

10 Aug 2009   #1

Windows 7 RTM
 
 
Windows 7 firewall - allow alternate ports for RDP

Hi all,

I'm looking for help configuring Windows 7 (RTM) firewall to allow traffic for an alternate Remote Desktop listening port in the most secure way possible. I know how to just open up the port completely, which works, but I'd rather not do that if I can just open it up for the Remote Desktop program.

I don't seem to be able to just "copy" the built-in Remote Desktop rule and change the port because the port number cannot be edited in some of the built in rules (or copies thereof, I guess). If it matters, I need to be able to access this port with both "old" and "new" versions of Remote Desktop (from an XP machine, as well as another windows 7 machine, for example).

Can anyone offer any assistance or otherwise offer any advice for my situation?

Thanks,
Scott

My System SpecsSystem Spec
.

10 Aug 2009   #2

 

AFAIK, RDP has always used 3389 - why would you need separate posts? After all, you cannot have multiple RD sessions, anyway, coming into the machine, so I fail to see the need for alternate ports....

Have you tried editing the existing ED rule to just add another port?
My System SpecsSystem Spec
10 Aug 2009   #3

Windows 7 RTM
 
 

Thanks for the reply. The reason I'd like to open alternate ports is because I have two computers behind my router that I'd like to connect to with Remote Desktop. I have the router configured to forward requests on port 3389 to one computer, and another port for the other computer.

As for editing the existing rule, when I try to do that I get the following message:

"This is a predefined rule and some of its properties cannot be modified."
My System SpecsSystem Spec
.


10 Aug 2009   #4

 

Hmmm, doesn't your router allow port mapping? I mean that it takes incoming, say port 4455, and sends that to IP#1 @ port 3389, and takes incoming @ port 3389 and sends to IP #2 @ 3389?

As for editing the existing rule, yah, saw that myself when I started fooling with it.

However, I think using the path
Code:
%windir%\system32\mstsc.exe
I think you might be able to create a second rule if need be....and make it a separate port....
My System SpecsSystem Spec
10 Aug 2009   #5

Windows 7 RTM
 
 

I tried using:
%windir%\system32\mstsc.exe

as the program name, but this rule does not work. I'm trying to connect from an XP computer, so my guess is that the XP version and the windows 7 version of the mstsc.exe are different enough that the windows 7 firewall doesn't recognize them as the same for the purposes of the rule. That's the best I could come up with.

With respect to the port mapping, my router software (linksys wrt54g2) only allows me to forward incoming ports to IP addresses, not specific ports at that IP address. Maybe a third party firmware for the router would allow me to do this? That would be pretty slick, and would probably be a good solution to my problem... I'll look into it.
My System SpecsSystem Spec
12 Aug 2009   #6

server 2008 r2
 
 

Hi,

You can change the listening port through regedit:

How to change the listening port for Remote Desktop

Then, on your RDP connection just append the port after the IP

192.168.0.1:4455


HTH,
Rico
My System SpecsSystem Spec
12 Aug 2009   #7

Windows 7 RTM
 
 

Hi all,

Thanks for the replies. In the end, I took JohnGalt's advice and set up port-to-port (single port) forwarding. Because the Linksys WRT54G2 default firmware doesn't allow this, I flashed my router with DD-WRT, which does allow port-to-port forwarding. This allowed me to keep the Remote Desktop listening at port 3389 (default) and also use the built-in Windows Firewall rules, while at the same time directing external Remote Desktop requests to two different computers on my home network by specifying the port from the RDP client.
My System SpecsSystem Spec
03 Sep 2009   #8

Windows 7 Ultimate
 
 

scottfreeze,

I had this same problem and the solution is actually so rediculously simple that I wanted to slam my head against the wall after fighting with it for hours.

You create a custom rule with the program specifications set exactly like the preconfigured one. In other words, you assign the rule to a specific program and the path is "System". Set it to your custom TCP port and save it. Go back and edit it, go to the Advanced tab and make sure you allow Edge Traversal. As long as you port forward it in your router then you're golden.

I could do what you did, but I feel much more comfortable with it being on a completely different port.
My System SpecsSystem Spec
06 Sep 2009   #9

 

Quote   Quote: Originally Posted by scottfreeze View Post
Hi all,

Thanks for the replies. In the end, I took JohnGalt's advice and set up port-to-port (single port) forwarding. Because the Linksys WRT54G2 default firmware doesn't allow this, I flashed my router with DD-WRT, which does allow port-to-port forwarding. This allowed me to keep the Remote Desktop listening at port 3389 (default) and also use the built-in Windows Firewall rules, while at the same time directing external Remote Desktop requests to two different computers on my home network by specifying the port from the RDP client.
I am highly surprised that the native Router did not allow port forwarding in the settings. however, you're still better off with DD-WRT - it rocks.

****

Good answer, Kaosu - I didn't think about the Edge traversal part of the FW settings. makes sense, in retrospect.

Stickified and Rep added.
My System SpecsSystem Spec
Reply

 Windows 7 firewall - allow alternate ports for RDP




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:22 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33