Remote Desktop vs. Internet Remote Desktop (Internet and LAN)

Remote Desktop works in exactly the same way over the Internet as over an internal network. However, when working over the Internet, you must take some extra steps in order to establish a connection:

• The client must know the host's external IP address.
• You must create a tunnel for port 3389 on the host's router.
• The host must have a fixed internal IP address.
• The host's router must direct port 3389 packets to the host's internal IP address.
• The hosts's firewall must allow port 3389 packets.

BTW, "Host" is the machine that is being taken over, often a PC at the work place.

"Client" is your own machine, often the PC at your home.

What I didn't know was "packet" (as opposed to "signal").  

With a radio or an old-fashioned phone line you get a signal which consists of a continuous mixture of sine waves of different amplitude and frequency.

The Internet works differently. The signals you get are digital and are highly structured. They consist of packets composed of a header and data. The header contains a lot of information about the packet itself, e.g. data source, destination, port numbers, packet length etc. This is why several PCs in the one household can browse the Internet at the same time, without interfering with each other. With an old-fashioned this was clearly impossible.

When examining a packet's header block, your router "knows" what to do with the packet itself: Accept it, reject it, modify it, pass it on to one or all internal PCs etc. When a port 3389 packet arrives, the router will reject it unless you create a forwarding rule for this port.

I can see these reasons why you might not know about port forwarding:

• You made the connection by means of a VPN (Virtual Private Network)
• Someone else created the tunnel for you
• Instead of using a router you use public IP addresses for your PCs (very, very risky!)
• You might not remember

Think of it like so: When an RDP packet reaches the host's router, how does it know where to send it to? Any of your internal PCs would be a potential recipient but only one must be allowed to respond! It's done by creating a tunnel, or in other words, you tell the router to forward all port 3389 packets to the RDP host's internal IP address. Here is what a typical router port forwarding table might look like:

Amazing how easy it is for me to be humbled.  I found the error--incorrect private address for port forwarding.  Sorry to have troubled you and thanks again for your help.

Thank you.  What really puzzles me is that I have successfully set up other machines by simply forwarding 3389 and allowing Remote Access, well, access so the two additional steps (if they are additional) puzzle me since I've never (deliberately done them before)

I did not (and have no idea how to) create "a tunnel port 389 on the host's router."  Also, I don't know how I would  allow "the host's firewall" to "allow port 3389 packets."  As I wrote above, I've never been aware of doing this, but have successfully set up internet connections so I'm really confused.

I have, of course, implemented the other steps:

So I'm really at a loss.  Any other suggestions.

Sorry to sound so clueless.