5 Replies Latest reply on Jan 23, 2011 5:16 PM by rcamm

    Port Forwarding

      Hope someone can help

      I am using a snapgear 300sg router.  Works fine, but I need to do some NAT and port forwarding.  I have to allow users access to their own systems from outside the firewall.

       

      Normally no problem, but I need to change the ports.

       

      I am using 3390-3395.  Users access using the router ip address:3390 for example.  But it doesn't work.  The only way I can rdp is using the default ports.

       

      Any other port but default results in a failed connect.  I am attaching a photo of my NAT configuratoin.

       

      Thanks for any help.

        • 1. Re: Port Forwarding

          Why don't you use VPN for that?

          • 2. Re: Port Forwarding

            We were using VPN, but it was taking 20 minutes or more to accress the data on our server.  However, when we used RDP the response was significantly improved as I would expect.  We just can't tollerate waiting 20 minutes to open a spread sheet.  So we are moving to a RDP solution where each employee can access his/her desktop from our remote location.  Problem is we need to do port forwarding to port 3389.  Nothing I have tried works.  If I don't use the default port I get a connection refused.

             

            Monday I will replace the Snapgear router with something that I know works and provides a little better security.  I would prefer to use the Snapgear, but if it won't support our needs I have no choice.

             

            Thanks for your input, I appreciate the thought.

            • 3. Re: Port Forwarding

              Either I don't understand you or you don't understand my suggestion. There is no noticable slowdown with VPN unless you have more VPN connections than the Snapgear can handle. It sounds like your employees were using the VPN to connect to shares and open the documents directly. This is crazy, the whole document has to be downloaded which can take a while, depending on the size. This is not the fault of the Snapgear, it's a faulty usage scenario. Of course, you would use RDP, but over the VPN, not directly. There is no noticable slowdown compared to a direct connection. There is no need to use a different RDP port then (which I assume you want to use for "security by obscurity").

              • 4. Re: Port Forwarding

                Sorry, but I did understand.  Yes, you are right, we are using an application and then attempting to open a share directly from the application.  Way to slow.  Because of the way these files are maintained, it must be done that way.  We tried RDP over vpn but then we lost some print capability at the remote site.  So we are trying rdp directly, but I have to direct the rdp to multiple computers.  Hence the requirement to use different ports to connect to different machines behind the firewall.

                 

                The real problem is that when ever I try to configure per the manual, it get a connection refused.  In other wordes from the remote site if I use xxx.xxx.xxx.xxx:6666 to connect and try to translate to xxx.xxx.xxx.xxx:3389 I get a connection refused.  But if I just leave the configuration to any and let defaults handle it, everything works fine.

                 

                Thanks.

                • 5. Re: Port Forwarding

                  The VPN is the best solution...It should not affect printing, other than to perhaps make printing easier, as you could map a printer from the RDP server over the VPN to the remote office printer.

                   

                  Regarding your port forwarding, if you use on the UTM device

                   

                  system -> diagnostics -> packet capture

                   

                  and use parameters such as

                   

                  -s 1500 ip host w.x.y.z

                   

                  where w.x.y.z is the public or private VPN IP address on the RDP client, you can trace the connection to the UTM, and out of the UTM to the RDP server.

                  Using these disgnostics you can see where the connection is being broken

                   

                  Hope this helps.