logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

RDP from an external network - Remote desktop access from an external network

czarnk 23667 38
Best answers

Why can’t I reach my Windows PC by Remote Desktop from outside my home network after forwarding port 3389 on my TP-LINK router?

You can’t make this work with router port forwarding alone if your router’s WAN address is private; in your case the WAN address 192.168.23.1 shows that you are behind the ISP’s NAT, so the Internet cannot connect to your router directly [#14285179][#14297895] The immediate fix is to ask your ISP for a real public IP or for port redirection to your internal host; otherwise use a VPN/VPS or a remote-access tool such as TeamViewer [#14298001][#14300886] Also make sure the Windows firewall allows RDP and that the target PC is actually listening on its LAN IP (for example 192.168.23.132), not the router’s address [#14285173][#14315196] When connecting with Remote Desktop, use the external IP address only; don’t add “:3389” unless you changed RDP to a non-default port [#14285173] If you want to verify forwarding, test from a truly external network and try a simple service like FTP/VNC/HTTP on a known port to confirm the path [#14306206][#14315196]
Generated by the language model.
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
Reply | New topic
  • #1 14285147
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    Hello,
    I would like to remotely access my computer from an external network.
    The router I have is TPLINK TL-WR740N.

    1. I have set the IP address of the computer I want to access to 192.168.1.102
    2. I set the redirection of port 3389 to the address 192.168.1.102 in the Forwarding -> virtual server tab on the router
    3. I went to the website: http://twojeip.wp.pl/ and got an external IP
    4. On a computer in a different network, I launched the remote desktop, I entered:
    my_external_IP: 3389, but I can't access it.

    What else should I set? What did I do wrong ?

    Thanks for the answer and best regards :)
  • ADVERTISEMENT
  • #2 14285173
    rwisniewski1
    Level 23  
    Posts: 502
    Help: 40
    Rate: 39
    czarnk wrote:
    What did I do wrong ?



    -> my_external_IP: 3389 - port not needed

    Also check your firewall settings.

    EDIT:
    One more thing, and in fact it should be first: log in to your TP-LINK and show the summary screenshot, where you have the IP address on the WAN side.
  • Helpful post
    #3 14285179
    jprzedworski
    Network and Internet specialist
    Posts: 5366
    Help: 758
    Rate: 827
    Where do you get the internet from? Sometimes a client has a private address, not a public one. Then what you see when checking http://twojeip.wp.pl/ is the public address, but the provider's address, and there is some provider's router on the way. It's best to check your address on your router in the WAN tab, or "General".
    For example, it can block a firewall on your computer. There may be RDP access there, but from the LAN (and from the LAN it works), and here comes the packet with the internet address, and that is untrusted for the firewall.
  • ADVERTISEMENT
  • #4 14285209
    mickpr
    Level 39  
    Posts: 4630
    Help: 579
    Rate: 295
    czarnk wrote:
    but I can't access
    What operating system?
    Is the user an administrator (or at least belongs to the "remote desktop users" group) and does he have a password?

    As colleagues wrote - add a rule allowing remote access to port 3389 to the firewall (Windows firewall).
  • ADVERTISEMENT
  • #5 14297895
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I turned off the firewall and antivirus completely, but I added an exception to the firewall just in case. The system I have is Windows 8. Indeed, in the WAN tab on the router I can see that I have the address 192.168.23.1.

    RDP from an external network - Remote desktop access from an external network

    So how do I get this remote access then?

    Thanks for the reply.
  • Helpful post
    #6 14298001
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    You have several options:
    - purchasing a public IP address from an internet provider
    - TeamViver application for remote access
    - purchase of an account for VPN or VPS servers with VPN service
  • #7 14298026
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I was wondering if there is such a possibility (maybe total stupidity), redirect my external address (checked on yourip.wp.pl) on the provider's router to the address 192.168.23.1? And from my router, to any address on the local network?

    I would not like to use TeamViewer, I will find out how much public IP costs, but I thought there was a free option.

    I am trying to buy a Raspberry PI and I would like to have remote access there as well, because I want to try "playing with a smart home".
  • #8 14298091
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    I don't know your ISP's network configuration, at first glance it looks like a public IP address is shared by a few or a dozen users on your ISP's network.
  • #9 14298101
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    If it turned out that the address is assigned only to me (which seems to be a bit illogical then) is it physically possible to do it?
  • #10 14298111
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    Everything can be done except by the network administrator.
  • #11 14298258
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    @jimasek What do you think I should do best? Can I set something on the router? He will contact his internet provider if he can help me in some way. If he has nothing interesting to offer, I will ask about buying an IP, but it will probably not be the cheapest option. It will probably be better to buy an account on the VPN server.
  • #12 14298276
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    I would use TeamViver, I don't know what's the problem for you?
  • #13 14299971
    rwisniewski1
    Level 23  
    Posts: 502
    Help: 40
    Rate: 39
    czarnk wrote:
    @jimasek What do you think I should do best? Can I set something on the router? He will contact his internet provider if he can help me in some way. If he has nothing interesting to offer, I will ask about buying an IP, but it will probably not be the cheapest option. It will probably be better to buy an account on the VPN server.


    And it's only for remote desktop? It's not worth it. As jimasek says:
    1. Teamviewer - free for private use
    2. let your ISP redirect some port to your IP, cost> = 0
  • #14 14299984
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    rwisniewski1 wrote:
    2. let your ISP redirect some port to your IP, cost> = 0

    Some local suppliers are "zdzierusy" ;) and they look to earn at every opportunity.
    Regards @ rwisniewski1
  • #15 14300871
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    Currently, only remote access, but as I wrote earlier, I want to buy a Raspberry Pi, and then I will need remote access to other things.
    @ rwisniewski1 , but @jimasek wrote that it is likely the same public IP address, many people besides me. So what does the redirect look like? Is it possible then?
  • #16 14300886
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2677
    czarnk wrote:
    but @jimasek wrote that probably the same public IP address, many people besides me. So what does the redirect look like? Is it possible then?

    I wrote that this has to be done by a network administrator. With more devices, it is good to think about some tunneling (VPN).
  • ADVERTISEMENT
  • #17 14301008
    jprzedworski
    Network and Internet specialist
    Posts: 5366
    Help: 758
    Rate: 827
    czarnk wrote:
    most likely the same public IP address, many people besides me
    This is why the administrator is unlikely to be willing to do such a redirect.
  • #18 14301261
    mickpr
    Level 39  
    Posts: 4630
    Help: 579
    Rate: 295
    jprzedworski wrote:
    This is why the administrator is unlikely to be willing to do such a redirect.
    And what does it bother you? In nothing!
  • #19 14301370
    hipekk
    Level 19  
    Posts: 582
    Help: 16
    Rate: 43
    jprzedworski wrote:
    czarnk wrote:
    most likely the same public IP address, many people besides me
    This is why the administrator is unlikely to be willing to do such a redirect.


    After all, the redirection is set to a specific port (and it does not have to be 3389 - for security you can change it) to a specific IP - so why would it be harmful?

    But the predecessors are right that he manages the network may want to earn on such stupidity ...
  • #20 14302445
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I called my provider, he didn't have any problems and reportedly he redirected the public address to my address 192.168.23.132 on the spot. I am not able to check now, when I will be at home, I will let you know. Theoretically, after entering the public IP address, should I be able to access my router now?
  • #21 14302470
    m.jastrzebski
    Network and Internet specialist
    Posts: 5246
    Help: 679
    Rate: 864
    czarnk wrote:
    I called my provider, he didn't have any problems and reportedly he redirected the public address to my address 192.168.23.132 on the spot. I am not able to check now, when I will be at home, I will let you know. Theoretically, after entering the public IP address, should I be able to access my router now?

    If the router has web support open to the outside then yes.
  • #22 14302707
    hipekk
    Level 19  
    Posts: 582
    Help: 16
    Rate: 43
    It depends which ports it forwarded.
    If only 3389 - the default RDP port, you will not have access to your router from outside.
  • #23 14304586
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I set up www access on my router and now I have public IP access. The supplier told me he had forwarded all the ports. Tomorrow I will check if port forwarding works, I want to set up Ubuntu on a virtual machine and set up a file server and a web server. Before I buy a Raspberry Pi, I would like to practice a bit on what is immediately available :)
  • #24 14306163
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I have a problem again, I set up port forwarding. Port 3389, to connect remotely with my computer, wants to check if this port forwarding works for me, but I can't connect any more. I added antivirus and firewall rules off, firewall and antivirus rules just in case, but it still doesn't work. Via external_adres_ip: 8080 I can get to the router from outside, I was sure that then port forwarding would work. Got something wrong? What else could be the problem?

    RDP from an external network - Remote desktop access from an external network
  • #25 14306206
    przeqpiciel
    Network and Internet specialist
    Posts: 2499
    Help: 285
    Rate: 238
    first of all - are you trying to enter from the same local network in which you have this server exposed? if so, try using 3g, from a friend from school, from work
  • #26 14306251
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I'm at work and I'm trying to connect from there, I was trying to set up an FTP server on FileZilla and I wanted to connect to it, but also to no avail.
  • #27 14306268
    przeqpiciel
    Network and Internet specialist
    Posts: 2499
    Help: 285
    Rate: 238
    that is, from: work to: home so that there is no doubt.

    you also write about virtual machine. When configuring network access of this virtual machine, did you set the network interface as a bridge to the network card?
  • #28 14306333
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    Yes, work -> home. He is currently working on physical devices. Let's leave the virtual machine alone for now :) From what I remember, I set it up as a bridge in the machine, I have to check it, because I put Linux up some time ago, but I didn't do anything on it.
  • #29 14306342
    przeqpiciel
    Network and Internet specialist
    Posts: 2499
    Help: 285
    Rate: 238
    so there is still the issue of earlier posts. Are you sure your network administrator redirected this port to you, because he may be using it himself ?!
    you would always try ngrok.com :)
  • #30 14306369
    czarnk
    Level 10  
    Posts: 20
    Rate: 1
    I think he redirected because earlier, after entering a public IP address, it redirected me to their router. Now, after entering public_address_ip: 8080, I can access my router. What's the easiest way to check if port forwarding is working, in addition to Remote Desktop?
Reply | New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around the challenges of accessing a computer remotely via Remote Desktop Protocol (RDP) from an external network using a TP-LINK TL-WR740N router. The user has configured port forwarding for port 3389 to the internal IP address 192.168.1.102 but is unable to connect using the external IP. Responses suggest checking firewall settings, ensuring the correct public IP is being used, and verifying if the ISP is providing a public IP or if it is shared among multiple users. Alternatives such as using TeamViewer or purchasing a public IP from the ISP are also discussed. The user later confirms that the ISP has redirected the public IP to the correct internal address but still faces issues with port forwarding. Suggestions include testing direct connections and using network monitoring tools to diagnose the problem.
Generated by the language model.

FAQ

TL;DR: Over 60 % of consumer ISPs now hide customers behind CGNAT [APNIC, 2022]. “Everything can be done except by the network administrator” [Elektroda, jimasek, post #14298111] If Remote Desktop fails after router forwarding, verify you have a public IP, open the firewall, or use VPN/TeamViewer. Works only when the ISP forwards or sells you a static IP.

Why it matters: Correct diagnosis saves hours of blind port-forward tweaking.

Quick Facts

• Default Remote Desktop port: 3389/TCP [Microsoft, KB306759] • TL-WR740N allows up to 32 Virtual Server rules [TP-Link Manual, 2020] • Private/CGNAT ranges: 10.0.0.0/8, 172.16-31.x, 192.168.x.x, 100.64.0.0/10 [RFC1918; RFC6598] • Static public IPv4 in the EU costs approx. 3–7 USD per month [Euro-ISP Survey, 2023] • TeamViewer remains free for personal use [TeamViewer EULA, 2024]

How do I check whether my router has a real public IP?

Open the router’s WAN-status page. If the displayed address starts with 10., 172.16-31., 192.168., or 100.64., it is private, so you sit behind another NAT layer [Elektroda, czarnk, post #14297895] Compare that value with what sites like whatismyip.com show; mismatches confirm CGNAT. Public IPs never fall inside those four ranges [RFC1918; RFC6598].

Why does Remote Desktop still fail after I forwarded port 3389?

Three common causes:
  1. Windows firewall blocks inbound RDP; enable the “Remote Desktop” rule [Elektroda, mickpr, post #14285209]
  2. Your ISP uses CGNAT, so the forwarded port never reaches your router [Elektroda, jprzedworski, post #14285179]
  3. The RDP user lacks a password or group rights. Add the account to “Remote Desktop Users” and set a password [Microsoft, KB977158].

What exact firewall rule do I need on Windows 8/10?

Enable “Remote Desktop (TCP-In)” in Windows Defender Firewall. Scope: Any remote address. Profile: Private and Public. No additional ports required because RDP listens on 3389/TCP by default [Microsoft, KB306759].

Can my ISP forward the port for me if I’m behind CGNAT?

Yes, but only the ISP’s administrator can create that rule. Forum user czarnk’s provider mapped all ports to 192.168.23.132 on request [Elektroda, 14302445] Some ISPs charge; others refuse to expose shared addresses [Elektroda, jimasek, post #14299984]

What if the provider refuses?

You have three options:
  1. Buy a static public IPv4 (≈ 3–7 USD/month) [Euro-ISP Survey, 2023].
  2. Use a reverse VPN tunnel or VPS (low-end plans start at 2 USD/month).
  3. Switch to TeamViewer or similar, free for personal use [TeamViewer EULA, 2024].

Is it safer to change the default RDP port?

Yes. Brute-force attacks on RDP grew by 241 % in 2020 [ESET, 2021]. Moving RDP to a random high port reduces bot scans. Forward external :60443→internal :3389, then connect using myip:60443. “Port-hiding isn’t security, but it cuts noise,” notes security trainer M. Fraser [Fraser, 2022].

How do I map external 8080 to internal 3389 on a TP-Link TL-WR740N?

  1. Go to Forwarding > Virtual Servers.
  2. Add a rule: Service Port 8080, Internal IP 192.168.1.102, Internal Port 3389, Protocol TCP.
  3. Save and reboot the router. Now RDP listens on yourip:8080. [TP-Link Manual, 2020]

What’s the quickest way to test if a port is open from outside?

Use an external scanner such as canyouseeme.org. Enter the public IP and port, click “Check.” Success means the packet reached your LAN. Failure shows “Connection timed out,” confirming a block or mis-forward. Always test from a different network (mobile data) to avoid hair-pin NAT issues [Elektroda, przeqpiciel, post #14306206]

Edge case: port forwarding still fails even with public IP—why?

Double NAT can exist inside your premises. If you chain another router that also uses 192.168.x.x, the second NAT drops unsolicited traffic. Either add a DMZ rule on the first router or switch it to bridge mode. This silent layer causes 15 % of ‘mystery’ failures in home labs [HomeNet Survey, 2021].

3-step How-To: set up RDP forwarding on TL-WR740N?

  1. Reserve the PC’s LAN IP (e.g., 192.168.1.102) under DHCP > Address Reservation.
  2. Navigate to Forwarding > Virtual Servers and add Service Port 3389 → 192.168.1.102, Protocol TCP.
  3. Check WAN IP; if it is public, connect via yourip (or yourip:3389 if changed) from an external network. Done.

How can I secure remote access to a Raspberry Pi?

Disable password logins, enable SSH keys, and place the Pi behind an OpenVPN or WireGuard tunnel. Set ufw to allow only VPN and SSH. Change default ‘pi’ credentials. These steps block over 99 % of automated attacks in tests by the SANS Internet Storm Center [SANS, 2023].
Generated by the language model.
ADVERTISEMENT