EFW Support

How to remote Computer using Windows remote Desktop From Outside? I Hope you help me THANK YOU..

Very easy.
Go to: Firewall > Port forwarding / NAT > Destination NAT

Select the following options:

Access from:
Type = ANY

Target:
Type = Zone/VPN/Uplink
Select interfaces = Uplink main - IP:All known

Filter policy = ALLOW

Service/Port:
Service = ANY
Protocol = TCP + UDP
Target port/range = 3389

Translate to:
Type = IP
DNAT Policy = NAT

Insert IP = THE IP ADDRESS OF THE PC RUNNING RDP ON YOUR NETWORK
Port/Range = 3389 (OR THE PORT YOUR RDP CLIENT IS LISTENING ON)


Remember that RDP can listen on a different port other than 3389, however, you will need to change a registry key.
You can also run the RDP client on a different port other than 3389.

By changing the default listening ports on your client PCs, you can connect directly from the outside to any PC behind your firewall.
eg: Workstation1=3389, Workstation2=3390, Workstation3=3391 ...


Remember to also change your outgoing firewall to allow the traffic through the ports you run RDP on.
(Firewall > Outgoing traffic)

Thank You for your Reply STEVE. I have another question How about if ever they have another settings of Remote Desktop. and where i can do this instruction you gave me? Add a new port forwarding rule?.. thank you again..

Yes, you just Add a new destination NAT rule. Go to Firewall > Port forwarding / NAT > Destination NAT
You can add as many as you like.

For example, if you have 5 machines behind Endian , you will need to create 5 rules.
Each rule will be the same except for the  Insert IP  and the Port/Range fields.

eg:
192.168.10.1  Port 3391   (This will redirect port 3391 to PC with IP address 192.168.10.1)
192.168.10.2  Port 3392   (This will redirect port 3392 to PC with IP address 192.168.10.2)
192.168.10.3  Port 3393   (This will redirect port 3393 to PC with IP address 192.168.10.3)
192.168.10.4  Port 3394   (This will redirect port 3394 to PC with IP address 192.168.10.4)
192.168.10.5  Port 3395   (This will redirect port 3395 to PC with IP address 192.168.10.5)

Then change the RDP istening ports on each of your 5 PCs
To find out how to change the RDP Listening port go here : http://support.microsoft.com/kb/306759

To connect from the Internet using RDP to one of your machines, you will need to know your public IP address (or domain name).
If you don't have a permanent public IP address, use a Dynamic DNS service like DYNDNS.

Now, if you want to connect to PC with IP address 192.168.10.3,
use a RDP client and in the box type: mydomain.dyndns.org:3393

Hi! Steve.. cannot see what you mean and i only see is Port Forwarding / NAT > Port Forwarding... and dont have a Destination NAT. im using now a Endian Firewall Community release 2.2... THANK YOU for all your reply..

The above information is for version 2.3
Version 2.2 is a little easier.
All you need to do is add a simple Port Forwarding rule.

See this information for version 2.2: http://www.endian.com/fileadmin/documentation/efw-admin-guide/en/efw-admin-guide.html#id2766543

Use these settings:
Protocol = TCP
Alias IP = DEFAULT IP
Source Port = 3389
Destination IP = IP ADDRESS OF THE PC YOU WANT TO CONNECT TO
Destination Port = 3389
Enabled = Yes

You should now be able to connect to your PC using RDP from the Internet.

Hi! STEVE... THANK YOU very much for your all help.. I DID... ;D :D.. by the way if ever i have a server i want to connect from outside what settings i can do for port forwarding?

If you have a Web server behind Endian, all you have to do is set:

Source Port = 80
Destination IP = IP address of your Web Server
Destination Port = 80

This is basic Port forwarding.
Remember you can only use the same port number 1 time.

OK.. THANK YOU.. but if incase i have a SAP? what port i can use? do you have a list of port i can use?

THANK YOU Steve for your help...

Please Helpme i cannot Connect by outside with remote desktop.
Anybody can help me.
this is my configuration.

Access from:
Type = ANY

Target:
Type = Zone/VPN/Uplink
Select interfaces = Uplink main - IP:All known

Filter policy = ALLOW

Service/Port:
Service = ANY
Protocol = TCP + UDP
Target port/range = 3389

Translate to:
Type = IP
DNAT Policy = NAT

Insert IP = 192.168.60.10
Port/Range = 3389

But DOnt COnnect, Please can Help Me..

Try turning off your Outgoing firewall.

If that works then create a rule for your Outgoing firewall:


Source: Green
Destination: Red
Service/Port: TCP 3389
Policy: Allow (or Allow with IPS)

Enable your outgoing firewall and it should work
:)

Are you sure that the client has the efw as gateway?

All of this is very well, however I would suggest that opening your firewall like this compromises the whole reasoning behind having it it the first place.  A simple port scan on your north side IP would reveal the open ports.

You would be better suited (IMO) setting up some kind of VPN (2.3 supports OpenVPN out of the box).  With the VPN you could also push DNS and then once connected you can simply use the green side IP's or names of the machines and the default port for your RDP without any (potential) compromise.

to be deleted...