Wireless Router for RDT and multiple static IP's?

Kansas · Post by **Kansas** » Mon Feb 12, 2018 1:33 pm

After years my Motorola 7101-65 four port wireless router died. I am trying to replace it with little success so far. My criteria is a wireless router and currently using one PC for RDT (Microsoft Remote Desktop) port forwarding. I also have fire static ips from the ISP.

Does anyone know of a unit that will allow for the five static WAN (internet side) configuration and do a simple RDT port forward?

I have "chatted" with a couple vendors on the pre-sales side and they tell me the routers I inquired about only do one Static IP on the WAN.

Thanks,

Post by **Philip** » Mon Feb 12, 2018 7:30 pm

Are you really using more than one external IP? In other words, what would you need the two external IPs for that one wouldn't do? A simple RDT rule does not justify it, it is a simple port forward and can be configured on different ports for different clients too.

If you still want to map external IPs to internal ones, you probably need a router/firmware capable of 1-to-1 NAT, or multi-NAT mode.

Kansas · Post by **Kansas** » Tue Feb 13, 2018 12:40 pm

Philip wrote:Are you really using more than one external IP? In other words, what would you need the two external IPs for that one wouldn't do? A simple RDT rule does not justify it, it is a simple port forward and can be configured on different ports for different clients too.

If you still want to map external IPs to internal ones, you probably need a router/firmware capable of 1-to-1 NAT, or multi-NAT mode.

Philip,
When I set up the service they provided me with 5 statics to do the remote desktop. At the moment the greatest need is to access one PC, but would like to access others at some point. I agree the router needs 1-1, but I haven't found a model that has that. Interestingly, I have tried others and even the Port Forwarding does not work on the routers one static IP.

Kansas · Post by **Kansas** » Tue Feb 13, 2018 3:26 pm

Kansas wrote:After years my Motorola 7101-65 four port wireless router died. I am trying to replace it with little success so far. My criteria is a wireless router and currently using one PC for RDT (Microsoft Remote Desktop) port forwarding. I also have fire static ips from the ISP.

Does anyone know of a unit that will allow for the five static WAN (internet side) configuration and do a simple RDT port forward?

I have "chatted" with a couple vendors on the pre-sales side and they tell me the routers I inquired about only do one Static IP on the WAN.

Thanks,

UPDATE. I have ordered a Cisco RV130W and will update the forum in a few days once I receive it and get it programmed.

Post by **Philip** » Tue Feb 13, 2018 5:49 pm

Sounds good, let us know how it works out.

Port forwarding for RDT should be straight-forward with most modern routers though.

Post by **YeOldeStonecat** » Wed Feb 14, 2018 12:02 pm

FYI, you can port forward to multiple internal workstations from a single public IP address...by doing "port redirection".
Example. For PC 1, have external port 3389 redirected to 192.168.10.100:3389
For PC 2, have external port 3390 redirected to 192.168.10.101:3389
For PC 3, have external port 3391 redirected to 192.168.10.102:3389

etc etc.

This can save you quite a bit of money in the long run...if your ISP charges a good amount of money for extra statics.

However....let me strongly caution you against exposing remote desktop. Hacking tools are out there now, they will find your computers...and bust into them...often shoving on ransomware. Doesn't matter if you run on obscure ports...these hacking tools will sniff them out via fingerprinting. Doesn't matter how complex your passwords are...these tools will grind through them.

If this is a business, I strongly encourage you to consider a full "UTM" at the edge, not just a plain NAT router. By "UTM"..I mean a full fledged Unified Threat Management appliance like Untangle, Sonicwall, Fortinet, Sophos UTM, etc. Apply geo blocking rules to cut down on >75% of the hacking attempts. For our clients, I no longer have any remote desktop/terminal servers exposed via traditional RDP, I only allow that through a more secure method...TSGateway...done only on port 443.

I highly recommend considering other web based remote desktop access so you can close the ports on the firewall, such as Splashtop or LogMeIn or one of the many similar remote tools. Or if you're a business, moving to either VPN to gain access, or...upgrading to TSGateway with 2FA on it.

Kansas · Post by **Kansas** » Thu Feb 15, 2018 1:34 pm

Kansas wrote:UPDATE. I have ordered a Cisco RV130W and will update the forum in a few days once I receive it and get it programmed.

I thank everyone for their input and suggestions. The Cisco RV130W DID work and I am up and running like before. It was the One to One NAT option on this unit that allowed for the simple programming/setup to work. The others I tried did not have that setup section or apparent ability.

I take note of the security precautions suggested by others here and also suggest readers implement security/firewall devices or settings where they can. Changing to an obscure port (not 3389 the default) is a simple step in the right direction.

Post by **YeOldeStonecat** » Thu Feb 15, 2018 4:06 pm

Kansas wrote:. Changing to an obscure port (not 3389 the default) is a simple step in the right direction.

No longer the case, as I mentioned above, their tools will find the RDP listen port by fingerprinting. No more feeling safe behind alternate ports. Good luck!