Results 1 to 5 of 5

Thread: I am trying to access my desktop computer on my home netw...

  1. #1
    parryjm Guest

    Default I am trying to access my desktop computer on my home netw...



    I am trying to access my desktop computer on my home network remotely over the Internet from my laptop using Microsoft s Remote Desktop Connection.
    Since my ISP issues Dynamic IP addresses, I subscribe to No-IP.com for a free sub-domain, so that I don t have to worry about IP addresses constantly changing in the future.

    I m looking for some help on how to create ZoneAlarm firewall rule(s) that will allow me to access my home desktop computer using my laptop regardless of
    the IP address that gets assigned to my laptop.


    As long as I know the IP address assigned to my laptop, I can create a specific firewall on my home desktop computer to allow access for my laptop computer.
    I ve demonstrated that I can do this and it worked.
    I was able to logon to my home desktop computer using Microsoft s Remote Desktop Connection because I allowed ZoneAlarm for the specific IP address assigned to my laptop to gain access.

    Where the problem arises is when I attempt to access my home desktop computer from a different wireless Access Point (AP) using a different IP address for my laptop.
    ZoneAlarm blocks my access.

    I tried creating a firewall rule under the expert tab to allow access, but ZoneAlarm still blocks access.

    Here is some relevant information





    Let s say the host name for my laptop is called Laptop





    Let s say the host name for my desktop is called Server





    Let s say my domain name through No-IP.com is called laptop.no-ip.org

    I use a D-Link DI-624 wireless router connected to my Internet cable modem.
    I ve configured the router to allow access through for Remote Desktop Connection and that works.
    I ve also assigned my home desktop computer a static IP address of 192.168.0.105.




    Here is the firewall rule that I created that is not working





    Source: Host name is laptop.no-ip.org . Lookup returns the correct IP address.





    Destination: Specify an IP address of 192.168.0.105.





    Protocol: S pecified Any (although I m not comfortable using Any ).





    Time: Specified Any .




    When I look in the ZoneAlarm log, it tells me access is blocked.
    It appends a 5-digit number after the source IP.
    Every attempt that I make this number seem to increment.
    I'm assuming this is some sort of port number?




    Maybe I m not setting up the rule properly or what I m trying to do is not possible.
    Can someone provide me some assistance?

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    zaswing Guest

    Default Re: I am trying to access my desktop computer on my home netw...

    I am not at all sure you really need expert rules for that.
    If you read the alert, it normally tells precisely what IPs and ports and protocols were blocked. If the alert screen didn't show, see the logs in c:\windows\Internet Logs.

    I think you need to allow TCP in and out from any (1024-5000) local port on your laptop to Remote server's port 3389. RDP running on your desktop needs to be allowed TCP in and out over just port 3389.
    That S thing tells you it's a TCP connection type message.
    You may also need on the server or both sides NetBios, local UDP ports 137,138, TCP 139 and if some encryption is going on, UDP port 500, 4500 I think on both.

    Once you get your connection done, you may well see this from ZA - so just allow it Trusted access.
    OSFW,2008/02/23,16:31:50 -5:00 GMT,UNKNOWN(0),Remote Desktop Connection,C:\Documents and Settings\Owner\Desktop\Remote Desktop\mstsc.exe,EXECUTION,GLOBALWINDOWSHOOK,SRC

    Disclaimer: I never used RDP on my XP-home in a situation other than through VPN to work where the server was definitely communicating over 3389 but it was all hidden by the VPN protocol.

  3. #3
    parryjm Guest

    Default Re: I am trying to access my desktop computer on my home netw...



    Thank you for your assistance.

    I prefer not to use expert rules if this can be done another way.

    The alerts (and also the log) specify which IP address and ports/protocol were blocked.
    The IP addressed assigned to my laptop will vary, so what every controlled access I put in place will need to be flexible enough to allow me access using my laptop, but nobody else.
    Below are the alerts from my log file as I attempted a RDP session from my laptop through my wireless AP, but each time the session was blocked.
    I masked the IP addresses for security reasons...




    FWIN,2008/07/06,09:52:48 -4:00 GMT,xx.xx.xx.xx:60951,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:21:32 -4:00 GMT,xx.xx.xx.xx:61122,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:26:34 -4:00 GMT,xx.xx.xx.xx:61154,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:39:10 -4:00 GMT,xx.xx.xx.xx:61190,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:45:36 -4:00 GMT,xx.xx.xx.xx:61212,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:54:08 -4:00 GMT,xx.xx.xx.xx:61248,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,10:59:04 -4:00 GMT,xx.xx.xx.xx:61264,192.168.0.105:3389,TCP (flags:S)

    FWIN,2008/07/06,11:02:30 -4:00 GMT,xx.xx.xx.xx:61281,192.168.0.105:3389,TCP (flags:S)




    I may some assistance as to where in I need to make the changes you are suggesting

    (a)

    Allow TCP in and out from any (1024-5000) local port on your laptop to Remote server's port 3389. RDP running on your desktop needs to be allowed TCP in and out over just port 3389.

    (b)

    You may also need on the server or both sides NetBios, local UDP ports 137,138, TCP 139 and if some encryption is going on, UDP port 500, 4500 I think on both.




    Do I make these above changes within my D-Link Router, Windows or ZoneAlarm?




    Since I will not have physical access to my home desktop for several months at a time, any access control that I establish will need to work every time while I am away.




    Finally, you bring up an interesting point.
    The fact that the Remote Desktop Protocol (RDP) is not encrypted, can the information transmitted over this session be compromised?
    Could someone use this information to spoof the source and therefore compromise my system?
    Should I be using a VPN to remotely connect to my home desktop and then use RDP?

  4. #4
    zaswing Guest

    Default Re: I am trying to access my desktop computer on my home netw...

    The rules, for ZA, not the router, I described a bit, would be expert rules. But I still don't think you need them.

    Your router needs to allow VPN. But your logs indicate that part works since ZA got involved and appears to be dropping packets. Did you look at another file in the logs, fwpktlog.txt - it tells more about dropped packets which looks to me like ZA is doing to you. This is not an incrementing log (mine gets overwritten each day), so catch it soon after it happens and post.

    I may be wrong, but I don't understand the very high local port range, but as I said, I used VPN, so things were a bit different. Perhaps those high ports are used just for establishing the connection.
    When reproduced within the work environment, the laptop never needed such high port numbers. I think 1024-5000 should be sufficient.

    If that xx.xx... IP of your laptop is static as assigned by No-IP, can't you just put it into the Trusted zone as a trusted IP? Or am I now making you go in circles? But then in your last post it looks like it's not static. Hmmm...

    I think you should be using VPN to secure the communication, but I don't know for sure. There might be other ways.

    Edited:
    Would something here be of help?
    http://forums.zonealarm.com/zonelabs...ssage.id=52713

    and finally, tech support - have your licence key handy, and they do answer promptly
    http://www.zonealarm.com/store/conte...ch_support.jsp

    Message Edited by zasuiteuser on 07-08-2008 05:47 PM

  5. #5
    parryjm Guest

    Default Re: I am trying to access my desktop computer on my home netw...



    Below is the content of my fwpktlog.txt file.
    This log file had a modify date of 7/5/2008 and contained 10 entries.
    Not sure of the date/time stamp for these 10 entries, but since my RDP testing didn t start until 7/6, I would think none of these entries are related to my testing.
    With the exception of the first entry, I don t recognize the destination IP of 10.180.40.4, so I don t think these are associated with my blocking issue.

    34187 LogFileCreated

    188468 Packet DROPPED: Proto: IP_UDP Flags: 0x00000002 Src: 192.168. 0.102 Dest: 192.168. 0.255 SrcPort: 138 DstPort: 138

    217953 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.40.4 SrcPort: 137 DstPort: 137

    217953 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.40.4 SrcPort: 137 DstPort: 137

    222453 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.48.4 SrcPort: 137 DstPort: 137

    222453 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.48.4 SrcPort: 137 DstPort: 137

    265828 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.40.4 SrcPort: 137 DstPort: 137

    385828 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.40.4 SrcPort: 137 DstPort: 137

    394203 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.48.4 SrcPort: 137 DstPort: 137

    962437 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.40.4 SrcPort: 137 DstPort: 137

    1465828 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: 192.168. 0.105 Dest: 10.180.48. 4 SrcPort: 137 DstPort: 137

    A new ZAlog file gets created every day, so I went back and looked at the log files for 7/5, 7/6, 7/7 and 7/8.
    There were no FWIN entries in the 7/5 log file; 10 FWIN entries in the 7/6 log file; 1 FWIN entry in the 7/7 log file; 1 FWIN entry in the 7/8 log file.
    Among the total of 12 blocking entries, 10 are associated with the RDP testing I was doing.
    The other 2 appear to be someone else attempting a port scan through port 3389.

    I m pretty sure ZoneAlarm is blocking the access, so I would think a specific firewall rule is required in order to allow access to occur, but I m not sure what the specific firewall rule would be to only allow my laptop access regardless of what Dynamic IP address gets assigned to it.

    I also do not understand these very high local port ranges being used by my laptop.
    They seem to get incremented each time I try.

    The purpose of using No-IP is to allow me to access my server by domain name rather than IP address since my ISP using Dynamic IP addressing.
    Their client software on my server constantly checks the IP address and if it changes, then it updates my server.no-ip.org domain with the new IP address.

    I ll also reach out to the ZoneAlarm technical support team as you suggest.
    Thanks.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •