Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Port mapping
  •  
blueduck

Messages: 5
Karma: 0
Send a private message to this user
Hi!

I've installed WinRoute on a PC (PC1) that I use to share my Internet connection with another PC on my LAN (PC2). When I'm not at home, I want to be able to use Remote Desktop on the both PCs.

For PC1, I've just put a rule for the incoming connection on port 3389 and it works fine.

For PC2, I'm trying to set a port mapping. I want PC1 to listen connection requests on TCP/5389 port and map them to TCP/3389 on PC2. So I've put the following rule:

Source: Internet interface on PC1
Destination: Firewall host
Service: TCP/5389
Action: Permit
Translation: 10.0.0.2:3389 (matching PC2)

But I still can't use RD on PC2 from Internet.
I saw that PC1 (Firewall host) doesn't open the TCP/5389 port on any interface it has. So I guess it can't receive any request, neither translate anything.

Should it open this port? Why doesn't it?

Blue Duck
PS: I hope my english is quite understandable... and apologize if it isn't Embarassed

[Updated on: Sat, 18 December 2004 18:01]

  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
try it, open tcp5389 in internet rules?!?!
  •  
blueduck

Messages: 5
Karma: 0
Send a private message to this user
I'm not sure to understand... You suggest I open the TCP/5389 port on PC1? I wish I manage to! How can I do that?

[Updated on: Sun, 19 December 2004 23:23]

  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
k sry, just add a rule that says:

Source: Internet interface on PC1
Destination: Firewall host
Service: TCP/5389
Action: Permit

just like ur NAT rule but without the translation part.

/gl
  •  
doubolplay1

Messages: 7
Karma: 0
Send a private message to this user
I am wondering if Wiper's suggestion worked in order to allow Remote desktop connection. I am having the same problem and I tried his suggestion but I still cannot connect.

OS=WIN2K Server ( Although , I dunno how much it matters )
Traffic Policy :
Source : Internet
Destination : Firewall
Service : Rdesk( port 4898)
Action : Permit
// The above rule is to open up the port to listen on )

rule # 2
Source : Internet
Destination : Firewall
Service : Rdesk ( port 4898)
Action : permit
Map:192.168.0.2:4900
// This is to send traffic on 4898 to 4900

the only problem is that is not working.
I just dont see how forwarding a port can be so complicated.
It really baffles me, because without Winroute running, I can do this through RRAS in special ports and it is perfect. I cannot understand why something so simple has to be difficult. Any help would be greatly appreciated, sincerely, Carlos

Edit : This might be a stupid question, but I did not see it in the manual . I have NAT enabled on the server , can this interfere with the firewall eventhough the firewall controls all traffic even before it hits the box ?

[Updated on: Sat, 25 December 2004 10:09]


"Attitude reflects Leadership!"
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
whats the mess with ports?? u wrote that u using tcp5389 to connect ur pc from internet with translation to 3389.

then u need open same port from internet of course. and what about those tcp4* ports??

get ur ports straight and follow my suggestions u should be fine.

/W
  •  
doubolplay1

Messages: 7
Karma: 0
Send a private message to this user
Wiper : I am sorry, I guess I did not specify that I am not "blueduck", I am just running into the same problem as he was , with the difference being that i am running win2kserver ( So I assume this is the only difference, being that he was probably running desktop version of an OS). I was actually directing my question to blueduck.

On the other hand, I pose the same question to you if you don't mind me asking for your assistance in this situation. Keeping in mind that I am running win2kserver and running RRAS with NAT enabled. Thanks and any help from the forum would be greatly appreciated, Sincerely, Carlos

"Attitude reflects Leadership!"
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
ups, my mistake.. so sry, i thought it was blueduck... i was to fast Smile

my solution should work 4 u 2 but at the ports u use of course...

And again... sry 4 the mixup Smile

/W
  •  
doubolplay1

Messages: 7
Karma: 0
Send a private message to this user
Wiper : Its cool, been there and done that Smile But, I am sorry to tell you that your suggestion does not work in my case. If you dont mind taking a look at my setup in my initial post , you will see my situation. And if anybody has any suggestions please feel free to try and crack this one , or to see if it is a bug. Sincerely, Carlos

"Attitude reflects Leadership!"
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
well it should b kinda easy, just translate (NAT destination mapping) at internal interface and open same ports at external in firewall. It works fine in my case. check ur translation settings in rule#2 my guess is that ur problem is there...

/W
  •  
blueduck

Messages: 5
Karma: 0
Send a private message to this user
Thanks for your suggestion, but... it doesn't work for me Sad

Tell me if I'm wrong, but I think the rule you suggest only opens the port in the firewall: if a connection come in, it will be permitted.
But the port isn't "physically" opened, I mean that no application is listening on it.

For example, when using WinGate for port mapping, it starts listening on the port mapped (i.e. it opens the socket) and, when it receive a connection, relay it to the LAN.

In KWF case, no port opened.
So I wonder if I've done something wrong or if I have to use a third-part software to artificially make the mapped port listening...
  •  
lqy1

Messages: 5
Karma: 0
Send a private message to this user
that may be a bug in kwf. use regedit to change the second PC's rdp port, for example 5389, kwf seem to able to map the same port to client.
Previous Topic: ICQ and Winroute???
Next Topic: VPN Login Before Logon
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 01:57:18 CET 2017

Total time taken to generate the page: 0.00548 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.