Windows remote desktop port forwarding 3390 to 3389 doesn't work

I can't get Remote Desktop to connect via any port other than 3389. I have two machines behind a router. The router supports NAT / port fowarding. Both machines have RDP listening on 3389.

Remote desktop works in either of the two below setups...

WANIP:3389 -> LANIP1:3389

And...

WANIP:3389 -> LANIP2:3389

However I want to be able to access both. When I change one external port to 3388...

WANIP:3389 -> LANIP1:3389
WANIP:3388 -> LANIP2:3389 <-- "Internal Error"

I can't connect to LANIP2. LANIP1 works fine. When I attempt to, RDP gives me an "Internal Error", which is different than the timeout that would occur if the port was not open. For some reason RDP will not work if the external port is different than the internal port, and I can't figure out why. Is this a windows feature?

The Shoe Shiner

Posted 2020-02-27T16:55:53.750

Reputation: 21

Does this answer your question? Can You Port Forward the Same Port # to 2 Different Internal IP Addresses?

– Tim_Stewart – 2020-02-27T19:23:21.863

@Tim_Stewart I didn't quite understand your first comment. No, I'm not trying to forward the same port to 2 different machines. I'm trying to forward two separate external ports (3389 and 3388) to two separate LAN IPs, each on port 3389. But the 3388-3389 connection doesn't work. – The Shoe Shiner – 2020-02-27T23:27:46.113

Add your router make/model to the question, as this is most likely the limiting factor for that not working. Sorry if the first comment confused you. It was written from my phone. – Tim_Stewart – 2020-02-27T23:31:25.017

Answers

You are attempting to access a port on an internal IP by a port assigned on the WAN IP. This will of course not work.

When you are inside the network, you always have to access the IP Address by its internal IP address and port.

If you are outside the network, then you use the WAN Ip address with the public (alternate) port.

If you are inside the network, and you use the WAN IP address, unless your router actually understands hairpinning correctly, the router will search for the WAN IP address outside of its own network, won't find it.

The problem here is that you connect succesfully TOWARDS the LAN machine, but when the connection is made back in reverse, it ends up using port 3389 causing the traffic to be redirected to LAN IP1 instead of LAN IP2.

Because your Router does not support NAT Hairpinning correctly, the way to solve this is by changing the RDP port in the registry for LAN IP2 to 3388, and make the NAT rule: 3388 -> 3388

LPChip

Posted 2020-02-27T16:55:53.750

Reputation: 42 190

1Lol Is that how you interpreted this question? – Tim_Stewart – 2020-02-27T23:03:47.130

Port forwarding does exactly that. I.e. You can hit the WANIP:PORT and it redirects the traffic to the LANIP:PORT. This works perfectly fine under the first scenario I described. – The Shoe Shiner – 2020-02-27T23:24:40.890

@TheShoeShiner That is called hairpin NAT, something most routers DO NOT allow. So whenever someone posts this question, it is almost always the problem of hairpin nat that the router does not support. – LPChip – 2020-02-28T07:32:11.250

@Tim_Stewart it seems the question has been edited. It is more clear now, but it wasn't before, yet it still seems a hairpinning NAT problem to me, so my initial answer still is correct although probably weirdly formulated given the edit. – LPChip – 2020-02-28T07:32:50.593

I've edited the answer to reflect what is happening with a proper solution. – LPChip – 2020-02-28T07:38:56.850