WindowsServer上RDP使用非标准端口3389的几种方式

2021-10-30 2684点热度 0人点赞 0条评论

Windows服务器一般是使用RDP(RemoteDesktop)来进行远程控制,默认的端口号是3389,不过有时候因为安全的原因,我们希望关闭3389换用其他端口。

总结下,有以下几种方式,以默认端口3389修改成8933为例:

[推荐]注册表修改RDP的标准端口

打开注册表编辑器:开始-运行-输入regedit

依次找到如下Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

找到PortNumber,双击或者右键点击修改

修改你想要修改的端口号(十进制),就可以了(注意需要重启服务器生效)

使用WindowsServer自带的端口转发功能

利用端口转发,将来自3389的请求转发给本机的127.0.0.1的8933端口

以管理员身份打开命令提示符,输入如下命令:

netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1

利用nginx端口转发

nginx下,可以将来自新端口(8933)的RPP协议的TCP流量转发给本机的3389,配置文件示例如下:

nginx.conf

#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events
{
worker_connections 1024;
}
stream
{
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 8933;
proxy_pass mstsc;
}
}
http
{
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /
{
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root html;
}
}
}
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } stream { upstream mstsc { server 127.0.0.1:3389; } server { listen 8933; proxy_pass mstsc; } } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream mstsc { server 127.0.0.1:3389; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
#user  nobody;
worker_processes 1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
events
{
    worker_connections 1024;
}

stream
{
    upstream mstsc
    {
        server 127.0.0.1:3389;
    }

    server
    {
        listen 8933;
        proxy_pass mstsc;
    }
}


http
{
    include mime.types;
    default_type application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    sendfile on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout 65;

    #gzip  on;

    upstream mstsc
    {
        server 127.0.0.1:3389;
    }

    server
    {
        listen 80;
        server_name localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        location /
        {
            root html;
            index index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
        location = /50x.html
        {
            root html;
        }

    }

}

注意事项

  • 使用端口转发和nginx转发的方式,原来3389还是再用的,所以防火墙的规则还是要考虑的。例如允许内网白名单访问3389等等;
  • 另外还要考虑开机启动的问题,要在开机的时候自动执行端口转发脚本,或者自动启动nginx

admin

这个人很懒,什么都没留下

文章评论

您需要 登录 之后才可以评论