Remote Wizard

I have a client with a uber strict firewall policy. They only allow FTP connections from specific IP addresses. This is great for security, but not so great for travel. If I am not at one of the approved IP locations, I cannot upload urgent changes. To get around this, I had to call in the help of a friend. They introduced me to Remote Desktop Connections and port forwarding.

Step one, we needed to enable remote access to the specific computer (located at an approved location). This was as easy an one click, until I installed Microsoft OneCare. In addition to allowing a remote connection from the operating system, we also had to allow the specific port access from OneCare.

Step two, we tested the remote connection via the internal network. This was amazingly easym instantly successful and lightning fast.

Step three, we testing remote access from an outside network via the internet. To accomplish this, we need to set the internal IP address for the specific computer to a approved non-DHCP IP address. Next, we used port forwarding in the router to catch all Remote Desktop Connections (RDC, port 3389) and redirect them to the specific machine. Initial tests were successful with a noticable speed decrease.

Step four, we needed to make the connection more secure. The standard port for remote connections is prone to hacker attempts. After a lot of search around the operating system, we were unable to find a way to change the RDC port number. It turns out that you must make the change via the registry (see article) — messing with the registry is always scary. Once we changed the port number, we updated the port fowarding in the router to match. Rebooting the specific machine was required.

Step five, we needed to add an additional machine at the same location as a backup. To accomplish this, we just needed a unique port number for each machine on the local network. We went through the same process as step four with a unique IP address and a unique port number. Testing was successful the first time around.

We can now successfully access a machine at an approved location from an unapproved location; thus, bypassing the hampering firewall policies. We can now upload from anywhere anytime with only a minor speed loss.