General discussion

Locked

TSWEB

By amandae ·
I have very limited knowledge and am attempting to Set up our Windows 2003 server to allow users to TSWEB onto it.

I have added 3389 to the firewall's Port Forwarding section and stated the IP of the terminal server to route to. I also added the port to the default.htm page on the terminal server.

On attempting to connect to the terminal server via a web browser, I was surprised to find that I only needed to enter http:// the terminal server's IP/tsweb. I then entered the terminal server IP into the 'connect to server' field on the tsweb page and I was at the desktop of our terminal server.

What have I done incorrectly that has made it so easy to reach the terminal server? I thought I would need to enter our public IP/tsweb rather than the terminal server IP directly.

In the interim, I have stopped forwarding port 3389 to stop potential security breaches. Any explanations or guidance would be gratefully received.

MAny thanks

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by rindi1 In reply to TSWEB

I find the best way to get something like your system setup is to have a firewall with vpn connected to the internet. The lan interface of the firewall is then connected to the same lan as your terminal server is, with a private address range. Now if you connect via the internet to your VPN and the if you are using a VPN that is secure, you will then be able to safely connect to the internal terminal server by using the private ip address of the Terminal Server. You don't need any port forwarding for that.

I have built something like that the following way:
First I got an old PC to act as the firewall and VPN. I used a 300 MHz Celeron with 128MB Ram, 10GB Disc, 3 NICs (one to connect to the Internet, another for the DMZ and the third for the LAN). I then installed a Linux Distro on that PC and setup shorewall for the firewall and gateway functions. Then I installed OpenSSl and OpenVPN to build a secure VPN on that PC. I'm using a 2048 encription key, which is very secure for todays standards to build the VPN certificates. With openVPN you get client software for many Operating systems, but not for win9x, but that doesn't matter, as those OSes don't fit to today's standards.

This system works like a charm.

Collapse -

by amandae In reply to TSWEB

Thanks for your response. Sorry, one thing I should have mentioned is that the server will be accessed by potential customers who will access the terminal sever to trial a software package.

We are a very small company. I have managed to set up a VPN for the two people who will need remote access to our network, but was unsure as to whether I should allow potential customers in to trial software in the same way.

In light of this information, is VPN still the best way forward.

Thanks again.

Collapse -

by Choppit In reply to TSWEB

TSWEB allows the terminal server to distribute the ActiveX required for the RDP connection (via TCP port 3389). This avoids the need to install the TS client manually on the users machines.

Your post suggests that TSWEB is listening on port 80 (the default HTTP port) therefore making it easy to locate.

I'd make TSWEB listen on another port (i.e. not port 80). Then forward this port as well as 3389 to the server. Both ports need to be forwarded for TSWEB to work but only 3389 if you're using the TS RDP client.

Next thing to do is to restrict users that can access the TS to those that really need access and change the password frequently.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums