Hello, and I hope someone can help me with this situation...  First some background..

Me: I have been working with computers for over 30 years, this is just to let you know that I do know the lingo and am very familiar with Windows OS....

Problem computers:

I have 2 PC's, let's say server (all data files are on this unit) and wrkst..  They both have WinXP pro SP3 with all patches and updates...  With no IS SW installed I have a mapped drive letter to server and run a batch file on wrkst  to start a pgm to do data entry, this works flawlessly....  On the wrkst I also use a pgm called no-ip, this program takes my current exterior ip address and associates a domain name - let's say wrkst@no-ip.biz, I also have to turn on the IP PASSTHROUGH on my DSL router, this is done so that the employee can use remote desktop utility to attach to the wrkst PC, works pc's ip address shows up as the internal address and not your normal 192.168.1.X number.

So I installed Norton on both PC's I click on settings then the "my network" tab, I click configure network security option, I edit network details and change the trust level to full trust I click OK... While on the server PC and In the same tab I click on wrkst and change the trust level to full trust, although it changes it back to "use network trust (full trust). When I look at the IP address of the wrkst PC it shows the external address... I do these steps for both PC's

What I was doing with other security SW is I would add my local network zone and can not seem to find this option in Norton...

The end result is I can access the files from server to wrkst PC, but I can not access the files from wrkst  to server where the data files are....

I tried to use the remote monitoring feature on both with no success....

Any Ideas here  ---   TIA

Hello, and I hope someone can help me with this situation...  First some background..

Me: I have been working with computers for over 30 years, this is just to let you know that I do know the lingo and am very familiar with Windows OS....

Problem computers:

I have 2 PC's, let's say server (all data files are on this unit) and wrkst..  They both have WinXP pro SP3 with all patches and updates...  With no IS SW installed I have a mapped drive letter to server and run a batch file on wrkst  to start a pgm to do data entry, this works flawlessly....  On the wrkst I also use a pgm called no-ip, this program takes my current exterior ip address and associates a domain name - let's say wrkst@no-ip.biz, I also have to turn on the IP PASSTHROUGH on my DSL router, this is done so that the employee can use remote desktop utility to attach to the wrkst PC, works pc's ip address shows up as the internal address and not your normal 192.168.1.X number.

So I installed Norton on both PC's I click on settings then the "my network" tab, I click configure network security option, I edit network details and change the trust level to full trust I click OK... While on the server PC and In the same tab I click on wrkst and change the trust level to full trust, although it changes it back to "use network trust (full trust). When I look at the IP address of the wrkst PC it shows the external address... I do these steps for both PC's

What I was doing with other security SW is I would add my local network zone and can not seem to find this option in Norton...

The end result is I can access the files from server to wrkst PC, but I can not access the files from wrkst  to server where the data files are....

I tried to use the remote monitoring feature on both with no success....

Any Ideas here  ---   TIA

Comcasts, sorry forgot to add

So I noticed this question was moved, any reason why? Are they not the same? Does any of the other SW's vary in configuration?

Besides being change from a Newbie to a Visitor, any other answers to my initial question?

Thanks again

Hello 308saiga

Your thread was moved to this area because that is where all the questions about Comcast Norton Security Suite are put for better exposure. I'm sorry though, I don't know the solution to your problem. Thanks.

I don't have comcast so I'm not familiar with that version.

But I'm curious why your using IP pass through.  Is the router not capable of port forwarding?

It seems like the product is working like it's designed.  Since the workstation has a "outside" address it's not being given the full trust of a local network.

On your old product when you gave the "local network trust" did you also have to make a rule to allow the workstation or add the internet IP address to the trusted zone?

Dave

Hello saiga

When you switched over to Comcast Norton Security Suite, did you thoroughly remove the previous security program with their removal tool before you installed CNSS?

DaveH,

The reason for this is so that the person doing a remote connection does not have to ask for the external IP address every time the person tries to login to the wrkst. NO-IP takes your current external IP address no matter what it is and associates it to a domain name to connect as explained above...Remember that your external ip address  changes once every 3 months or as many times as your ISP's set it to, it could be longer or a shorter time frame.....  If you have a Static IP address this would not be an issue......

To answer the other persons question, sorry forgot your screen name, no I do not have any version of Norton installed on my PC's, I had Bitdefender and since they turned it into garbage I am moving on to what I hope are better pgms. As explained on my initial post I am very proficient on PC's and server systems. I do not want to sound like an A$$, trying to brag about anything, just trying to get a little help from other professionals like myself with my dilemma.....

How do the other versions differ from this one? Do any of them have a place where I can actually manually define my network? All I need in this version or any other is to be able to define a zone for my network so that the PC's can communicate with each other...

Thanks again

Thanks, I understand how no-ip works, I been using it for years.  I also use Radmin to establish remote connections between my computers on an almost daily basis.

I was just wondering why your using IP passthrough rather than port forwarding.

One of the benifits of having a router is the extra layer of protection it provides by filtering the packets between the internet and the local area network.  Basically like a hardware firewall before the software firewall.

Remote control software doesn't require the remote computer to have an "outside" internet address, all thats required is that the traffic on the specific port(s) is directed to the correct compter.  The no-ip dns name gets the connection to the router, from there, the most common configuration would be to have the router direct the port traffic to the workstation.  Doing it that way allows all the local network computers to have private internal IP addresses and I'm sure most network experts would agree thats the "correct" and safest way to configure a network.

I believe that remote desktop uses port 3389 by default.

If it was me setting up such a network I would configure all the computers with fixed internal IP addresses.  XP boots faster with fixed rather than dynamic IP addresses and there are other advanteges as well.

Lets say the server is 192.168.1.1 and the workstation is 192.168.1.2

Then in the router I would forward port 3389 to 192.168.1.2 (the workstation)

Your employee would connect the same way, the no-ip address translates to the correct internet IP address, the router routes that traffic to the workstation and the connection is made.   Since all the computers on the network have local addresses they can have full trust.

If you ever needed to connect to the server, you could chage the default port on the server, forward that port to the server and be able to connect into either system.

Thats why I was asking why your using IP passthough, I see it as more of a "work-around" then setting it up in the standard way and if your stuck having to use it for some reason then what your looking for is another work-around, to get around the first work-around.

I guess you would have to create some rules to allow full traffic from an external IP address into your local network.

I thought the network map and network trust went by MAC addresses instead of IP addresses in the first place.

Dave

Yep you are absolutely correct, I'll have to try this on her system tomorrow, I really hope this works, she has a really quarkie system setup...   The app that is accessed and she uses is a 16 bit app (yes you read correctly) When I installed BT on the units and configured it I did a full system scan and it corrupted the data files and the indexes, it had to be rebuild (this is just an idea of what I am up against). I have already decided to set Norton not to scan that particular directory not even in real time protection, to be absolutely sure this does not happen again.....

To be honest I have not done much in port forwarding, I have read up on it, so I do appreciate the big tip.....  I'll post back with my results...

Thank you very much with everyone's patience and participation with my dilemma.....

Well I went into my modems home network, I clicked on NAT/gaming setup, I defined a custom service, I chose port forwarding, I defined a name (Remote), in the global port range I added 3389 - 3389 (2 separate fields), I entered 3389 for the base host port as well, I chose TCP as the protocol....   I disabled the IP Passthrough feature, now the IP address on the wrkst shows up as a internal address....

I went to the customs Service field, I scrolled and chose Remote and enabled it. I repeated this using UDP protocol (even though from what I have read it is not necessary)...

I started Norton, I went to the "my network" option made sure everything said Full trust, I could see all devices (3)...  I went to the firewall tab, I added "remote desktop connection" pgm to the rules list adding to allow using port 3389...

Nothing it will not work, any ideas? Thanks

PS: I left NAT disabled  -  Also the test I did, was trying to connect to the wrkst from the server using the NO-IP DNS name (name@no-ip.biz) not an ip address....  I can not remember if I said this but the person connecting to this wrkst is at her home and connecting via the web....

You need to test it from outside the network (from the internet).  Have her try connecting from home.

Inside the network your using a private network range, 192.168.1.1 and the no-ip name is using the external internet IP address.

From inside the network you can use either the computer name or the internal IP address.

From the server, try the connection using the workstation internal IP

From the other side of the router (the internet) use the no-ip address 

I realize that I should have tried from the outside, but I had no one to try for me...  When you use the DNS address from the inside it has to go out to the net then back in to the perspective PC which did not work with Norton... It does with BT....

I will have to wait until next weekend to try again....  I appreciate the help....

I'm not sure what BT is but I can't use my no-ip address for internal networks with Radmin either.

Actually, I wouldn't want it to work that way anyway.  The internal network runs at 100MB/s and is about 30 times faster than my internet speed.

Bitdefender sorry should have been BD

---

DaveH wrote:

You need to test it from outside the network (from the internet).  Have her try connecting from home.

Inside the network your using a private network range, 192.168.1.1 and the no-ip name is using the external internet IP address.

 

From inside the network you can use either the computer name or the internal IP address.

From the server, try the connection using the workstation internal IP

From the other side of the router (the internet) use the no-ip address 

---

I forgot to add that I did try from the server and it did work using the wrkst IP address, but not the no-ip..... 

I did some research on the net last night and apparently the issue may be the modem not forwarding the ports, it looks like I am not the only one having this issue, the posts where a little old and you would think that Comcast would have this fixed.

According to the posts the work around would be to purchase a configurable switch that can handle PPPoE login and bridge the modem.....

I'll keep you posted......  Thanks again for the help......

to open RDP open Norton, Manage Firewall, Traffic Rules, Add

then setup for port 3389.

I would setup so the external port would be some wierd number 45688, something off the wall.

Then in your routing table/router itself forward that external port to 3389.

If going direct without a router then change the port to something similar like the above,

Use registry editor. If you know how to use it then great. if not you will need to know how to. thus i will only give a portion of what you do here.

CurrentControlSet > Control > TerminalServer > WinStations > RDP-Tcp

Then locate the following registry subkey :

PortNumber

click to change the port, click decimal and change to whatever you want.

In the same area look for default block file sharing, modify it and you can choose to and from under connections