How can I set WIndows 7 Firewall to allow Remote Deskop on alternate port
Hi all,I just upgraded from Vista to Win 7 Pro on a mchine in my home network.I have my router/gateway at home set to forward port 3391 to my Win 7 machine.As in previous versions of Windows in the registry I set the port for RDP to that port also and rebooted.I allowed Remote Connections from any type machine (as I have XP at the office).I can connect to my Win 7 desktop from the office as long as Windows Firewall is turned off.I tried allowing TCP Port 3391 in the Firewall for both incoming and outgoing connections.However, whenever the Firewall is on I cannot make a connection.I do NOT want to leave port 3389 as the RDP port as that is a GREATER security risk.I always use non-standard ports for remote desktop.SO what do I need to do to accomplish that in Win7.I thought that I had done everything correctly.Thanks
March 6th, 2010 11:58pm

Can your router change the port number during port forwarding? That actually gives you the best of both worlds, in that you could leave your RDP port at default for internal use on your home network, yet externally it will be available on another port.As the Windows firewall is normally set to deny incoming connections that don't match a rule, and the Remote Desktop (TCP-In) rule is predefined and the port number cannot be altered, you'll need to make a new rule to allow a connection on an alternate port. Bring up Windows Firewall with Advanced Security, click on Inbound Rules, and examine the Remote Desktop (TCP-In) rule as a guide for making the new one. In the process (or after you've made the first connection) you could even set IP address restrictions in the new rule to ensure only your work gateway can get in.I assume you've brought up Remote Desktop from another computer inside your LAN. If not, there are several settings you'll need to enable to get the computer to accept incoming RDP connections.Good luck.-Noel
Free Windows Admin Tool Kit Click here and download it now
March 7th, 2010 7:39am

Thanks Noel,Both your suggestions are excellent.Yes I can convert external Port 3391 to internal Port 3389 and direct it to the correct static internal IP address. That will most likely solve the problem.>>I assume you've brought up Remote Desktop from another computer inside your LAN.Actually I have been able to connect to the internal windows 7 machine from a machine at the office outside of my LAN...using port 3391.But that works only when Windows Firewall is off.Your 2nd suggestion of looking at all the advanced settings in WF to allow Remote Desktop in via 3389 is a good one. That might clue me in to what is missing in my own attempts to open the Windows Firewall to 3391, as clearly the port forwarding on my router is working correctly.If I can't figure out the Win Firewall setting in 30 minutes I will resort to your first suggestion...although that won't work for all 4 of my home computers.I suppose VPN is also another option.I'll let you know how I make out. Thanks again
March 7th, 2010 5:26pm

I studied the way Windows Firewall was set up to accept Remote Desktop conncections and followed that model to set up access via an alternate port to a non-standard RDP port. It worked!Thanks for the suggestions.
Free Windows Admin Tool Kit Click here and download it now
March 7th, 2010 6:34pm

Hey John, I tried using the same model too but I'm having problems. On the machine I'm trying to change the port number (my win7 machine), I can rdp to 127.0.0.2:<port_number> and it works fine. But I can't rdp to <external_ip>:<port_number>. It does connect and pops up asking for credentials, but when I supply the right password, I get the response that the credentials are not valid! And this happens with every user on the system (ie, I tried using each user on the machine when giving credentials). The only difference between the predefined Windows Firewall rule for RDP and my rule for allowing incoming traffic on the new port number is that the predefined rule is calling the program "System." What program is that? How do I call it? I even tried calling C:\Windows\System32\svchost.exe and even changing the services supported in my new rule to Remote Desktop Services. But then I couldn't even access <external_ip> using mtsc.exe. Any suggestions? I would rather not have to set up a redirect on the router, although I can if need be. I would prefer though to set up Windows Firewall to allow incoming RDP connections to the Windows RDP server using the port number I set in the registry settings for the RDP server (or Terminal Server). Thanks. God bless David Hiran Watson e:hiranwatson@gmail.com
February 24th, 2011 1:22am

David It's been so long since I've made the firewall changes that I had to remote to my home Win7 machine to take a look at the settings. LOL. I created an inbound and outbound rule for the port I wanted to use. For the Service I clicked the radio button for "All programs" rather than selecting a particular service. Of course I also changed the RDP listening port in the Windows registry to match the port specified in the rules. That's about it. Good luck.
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2011 2:53pm

Hi John, so maybe that's what I'm missing - an outbound rule as well. Thanks.God bless David Hiran Watson e:hiranwatson@gmail.com
February 24th, 2011 9:54pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics