F5F Stay Refreshed Power Users Networks Configuring RDP over the internet

Configuring RDP over the internet

Configuring RDP over the internet

Pages (2): Previous 1 2
P
pikkon128
Member
Find
164
10-07-2024, 03:35 AM
#11
Sharing RDP connections over the web is quite simple, even when multiple routers are involved. With these example IPs:

- Public Interface ISP Modem: 99.99.99.99
- Internal Interface ISP Modem: 192.168.0.1
- External Interface TPLink Wifi Router: 192.168.0.254
- Internal Interface TPLink Wifi Router: 192.168.1.1

Device 1 IP: 192.168.1.10
Device 2 IP: 192.168.1.11
Device 3 IP: 192.168.1.12

For Device 1: Connect via RDP on port 3389 from the Public Interface to the External Router at 192.168.0.254.
On the router side, forward port 3389 from the Public Interface to the TPLink Wifi Router and then to Device 1 on port 3389.

For Device 2: Use port 3390 from the Public Interface to the same router, then forward to Device 2’s port 3389.
For Device 3: Port 3391 from the Public Interface to the router, forward to Device 3’s port 3389.

To reach these devices, simply open RDP on your public IP and specify the correct port.

From a security standpoint, exposing RDP directly to the internet is risky. The presence of vulnerabilities in RDP and the ease of brute-force attacks make it a vulnerable target. If you must expose it, make sure all exposed devices are fully updated and use strong, unique passwords. Limiting access to specific IPs is preferable. A safer alternative is setting up an RDP gateway like Guacamole: https://guacamole.apache.org/. A dedicated Linux server running Guacamole can be safely connected to the internet if properly configured. Keep in mind that even Guacamole has known issues—ensure the server software and operating system are regularly updated, and only enable necessary features.
Reply
Reply
P
pikkon128
10-07-2024, 03:35 AM #11

Sharing RDP connections over the web is quite simple, even when multiple routers are involved. With these example IPs:

- Public Interface ISP Modem: 99.99.99.99
- Internal Interface ISP Modem: 192.168.0.1
- External Interface TPLink Wifi Router: 192.168.0.254
- Internal Interface TPLink Wifi Router: 192.168.1.1

Device 1 IP: 192.168.1.10
Device 2 IP: 192.168.1.11
Device 3 IP: 192.168.1.12

For Device 1: Connect via RDP on port 3389 from the Public Interface to the External Router at 192.168.0.254.
On the router side, forward port 3389 from the Public Interface to the TPLink Wifi Router and then to Device 1 on port 3389.

For Device 2: Use port 3390 from the Public Interface to the same router, then forward to Device 2’s port 3389.
For Device 3: Port 3391 from the Public Interface to the router, forward to Device 3’s port 3389.

To reach these devices, simply open RDP on your public IP and specify the correct port.

From a security standpoint, exposing RDP directly to the internet is risky. The presence of vulnerabilities in RDP and the ease of brute-force attacks make it a vulnerable target. If you must expose it, make sure all exposed devices are fully updated and use strong, unique passwords. Limiting access to specific IPs is preferable. A safer alternative is setting up an RDP gateway like Guacamole: https://guacamole.apache.org/. A dedicated Linux server running Guacamole can be safely connected to the internet if properly configured. Keep in mind that even Guacamole has known issues—ensure the server software and operating system are regularly updated, and only enable necessary features.

Reply
Reply
M
MasterHD7
Senior Member
Find
340
10-07-2024, 03:35 AM
#12
Thanks for your feedback. I've already addressed most of the points you raised. I've experimented with various port numbers on the modem, Wi-Fi and computers to find a more stable connection. Updated the firewall to include the RDP port and followed best practices such as using SSL-only sessions, restricting user accounts, limiting MAC addresses to the network, and keeping systems patched. Connecting online always comes with risks, and I'm aware that no perfect solution exists. It seems we need to weigh the risks against the benefits. For now, RDP appears to be a reasonable option. Guacamole has a challenging learning curve, Linux presents its own challenges, and maintaining a VPN provider feels risky. I’m leaning toward trusting my money for the time being.
Reply
Reply
M
MasterHD7
10-07-2024, 03:35 AM #12

Thanks for your feedback. I've already addressed most of the points you raised. I've experimented with various port numbers on the modem, Wi-Fi and computers to find a more stable connection. Updated the firewall to include the RDP port and followed best practices such as using SSL-only sessions, restricting user accounts, limiting MAC addresses to the network, and keeping systems patched. Connecting online always comes with risks, and I'm aware that no perfect solution exists. It seems we need to weigh the risks against the benefits. For now, RDP appears to be a reasonable option. Guacamole has a challenging learning curve, Linux presents its own challenges, and maintaining a VPN provider feels risky. I’m leaning toward trusting my money for the time being.

Reply
Reply
Pages (2): Previous 1 2