1

Here is my setup: Static IP assigned to a home UVerse router. I have a Windows 7 Professional based web server running which is accessible from outside. And so is a Remote Desktop port--accessible from outside. I can also access everything via TeamViewer from the outside.

What I need to figure out is how to allow a remote user to view a website hosted on my server. While the website itself is accessible there are some internal resources (on local VMs) which can't be seen unless I launch the browser from within the home computer.

I had looked into VPN but the router doesn't support that. So the next option would be to add a new user to the computer, and grant that user access to Remote Desktop group but I only want the user to launch the browser windows after RDP to the system. So, using Parental Controls, I disabled all programs for the user and only allowed access to Firefox. But, when I RPD as that user I was still able to launch Internet Explorer and, more importantly, was able to see home network drives--some of which are protected.

Is the higher access because I added the user to the RPD group? If so then how can I create a very restricted group which would allow RPD but only allow browser launches. Or maybe run some proxy server to the protected internal resources?

Thanks!

PS. Please note: Allow other remote access computer for browser only will has not worked for me.

Community
  • 1
IrfanClemson
  • 254
  • 3
  • 15

2 Answers2

1

Solution 1 :

You need to setup a VPN network, the server would be on your computer not your router Related link 1 Related link 2

Solution 2 :

Setup a remote RDP on a virtual machine hosted in your computer

Solution 3 :

Use sandboxie to limit RDP access (not easy to do)

intika
  • 1,303
  • 1
  • 10
  • 28
  • Hi, thanks. I will try that after exhausting a Reverse Proxy router per: http://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis ; but I am not sure if RP will even work: The internal server's is never accessible from the outside and so how could that "serve" any content even with RP? – IrfanClemson Jun 04 '15 at 19:52
  • 1
    There is also a vnc solution that use a technology called "seemless desktop" to control only applications remotely... any way you find a solution that great ;) – intika Jun 05 '15 at 01:16
  • Thanks. I will check that out. Do you think if the Reverse Proxy approach would even work for me? – IrfanClemson Jun 05 '15 at 12:07
  • Reverse Proxy VS Port Forwarding = Almost the same ... i don't really see the advantage of a reverse proxy in your case it's just a different setup to do the same thing PLUS you will need port forwarding for the proxy – intika Jun 05 '15 at 12:11
  • Thanks. But the biggest disadvantage with my current solution is that I have to use a non-preferred port 6080--port 80 would be better. Luckily, this particular server (ArcGIS Server) listens on both ports. Anyway, what do you mean by port forwarding for the proxy? – IrfanClemson Jun 05 '15 at 13:05
0

I was pressed for time and, as you can see from my Comments to @intika, I was working on a URL Write solution but was not making any progress. So I ended up using port forwarding on the router for port 6080 (where the internal server resides). I was trying to avoid that solution because in the 'live' application we use port 80 for the internal server.

But time was too short. I had to move on. But at least I learned some new things about URL Rewrite and Reverse Proxy.

Thank you.

IrfanClemson
  • 254
  • 3
  • 15