Use this tool to find the codes of your devices and to get specific instructions on programming the codes into your Comcast remote.
I have the new Arris gateway model # TG852G/CT that Comcast is testing. It's for a residential account. I am trying to set up port forwarding but not having any luck. I have given my computer a static IP address, and it is on a wired connection, not that it matters. I access the gateway config through http://10.0.0.1 and I am able to enter information for port forwarding, but the programs I run which need these ports forwarded are still unable to connect. If I set my computer as the DMZ host, then the programs connect without any problems, so I'm assuming the gateway is just not forwarding ports.
I called the special service number I was given, but was transferred to standard tech support who are not able to help with complex issues like this. The gateway's user guide seems like it may have been written based on a different firmware version or something. The screenshots are different from my interface. Here is the user guide from Comcast:
However, note that I got to that page by clicking a link to http://customer.comcast.com/userguides from the gateway config and the Comcast site magically redirected me to the above page for the TG852G/CT user guide. Your mileage may vary.
Arris doesn't appear to have any support options for me since I obtained the gateway from Comcast. They have a different user guide for the TG852G which does not even mention port forwarding or triggering. Googling "TG852G/CT" doesn't get any more useful information...I'm not sure what significance the "/CT" has. I don't know where else to look.
Solved Go to solution
06-12-2011 10:52 AM
It's always in the last place you look. There's a Firewall Security Level setting for for gateway, and I was using the Maximum Security, which blocks all ports. So now I'm a little less secure, I guess, but a little safer than being in the DMZ.
06-12-2011 11:09 AM
Thanks for posting back with your resolution. Always Kinda cool when you're able to fix it yourself.
06-12-2011 03:12 PM
Seems the Comcast firmware loads in their branded gateways are doing this oddly. In most routers from leading manufacturers, the presence of a ACTIVE port forwarding definition automatically pokes a hole in the firewall without the need for changing any firewall security level settings. But there is a similar setting in the Comcast branded SMCD3GNV gateway, or so it looks from reading the manual (I don't have one to try).
06-12-2011 04:38 PM
Here is the Link to the complete users guide for the Arris TG852:
06-15-2011 02:42 PM
How did you get it to work through the firewall?
I just got one of these modems/routers and am trying to setup port forwarding. I have enabled port forwarding and set it up to forward to a device with a static internal IP address. I have the firewall completely turned off from the settings, but the packets still do not get routed through.
Has anyone been able to get this to work?
I am going to try switching back to a standard cable modem without a built in router if Comcast still has them. Otherwise I'm going to have to switch services as I need port forwarding enabled.
Thanks in advance.
10-19-2011 08:05 PM
Did you remember to open the software firewall on the target system? many people forget this step and wonder why their port forwarding setup doesn't work.
That said, it should work fine. But if all else fails, get your own wireless router and simply have Comcast place the gateway in bridge mode which effectively turns it into a cable modem with telephony support (ie. an EMTA). Just call them at 800-363-2416 to have that done.
10-20-2011 02:52 AM
I am at the gateway config but I can't even get through the username and password screen...I have been using the comcast username and pass word but nothing! I know this is kind of a silly problem and question but what am I doing wrong?
04-03-2012 02:47 AM
The default user is "admin" and the default password is "password". If they don't work, then they have been changed and you have to reset the device to factory defaults or call the support folks at 800-363-2416 and have them reset it for you.
04-03-2012 10:39 PM
06-05-2012 02:21 PM
The Comcast gateways are notorious for having firmware loads that are problematic and are crippled of user adjustable features. Perhaps it would be best to have it put in to bridge mode so that it is just a straight cable modem and then you would use your own high quality router that has all the available consumer desired features with it.
If you decide to go this route, use this number to reach the gateway support team; 1-800-363-2416.
06-05-2012 02:35 PM
How did you change the firewall settings on the Arris TG852G/CT? I am having the same (or similar) issue. I have a remote, wireless camera I'm trying to set up. My wireless router has port 81 open (I pinged it to be certain), but my external IP address (from Comcast) shows the port as being closed? How do I open the port on my external IP?
06-10-2012 01:30 PM
Reading this thread has EVERYTHING you need to get it done. That said, many folks have trouble with these Xfinity Wireless Gateways, so take the advice given, get it bridged and get your own router and port forward there.
06-10-2012 03:30 PM
I've read through the thread and I'm not quite following. For starters, I have an Arris TG852G/CT as my modem (I'm not a technical expert, but I believe that's what it is), which is connected to my Airport Extreme wireless router. The AE has port 81 open - I performed a port check in the Apple Network Utility - but the external IP address (Comcast) has the port as being closed. I was hoping that someone may be able to help me open the port on the Arris, but if not, then I'll continue looking at other options. I will contact them again regarding the idea of making my modem a "bridge" and hope that solves the problem.
06-10-2012 05:37 PM
The TG852 is NOT a modem, it's a wireless gateway, a combination modem, EMTA, router, and wireless access point all rolled into one.
Your problem is that you have two routers connected in series, so you have a double NAT layer, one in the gateway, one in the AE. Double NAT is not a good idea, although is works in some setups. As has been pointed out already, I highly recommend you call the gateway support team at 800-363-2416, tell them to place the gateway in bridge mode (ie. only the modem and EMTA will function) and use your AE as the primary router. THEN your port forwarding setup in the AE will work as expected.
If you keep using the gateway as is, you have to port forward in the gateway to the AE, then forward in the AE to the target system. As you can see, not an ideal setup, and will absolutely not work with some protocols.
06-10-2012 06:29 PM
First, my mistake, I typed in the wrong model. I have an Arris TM722G. Second, the issue remains the same. My Arris modem is connected to an Airport Express wireless router and I have configured everything so that the wireless camera works within the wi-fi enviornment. Here are the steps I have followed:
1. I have configured the camera with a static IP address using HTTP port 81.
2. I have configured the Airport Express with the same static IP address, port 81 and have created a DHCP Reservation using the same static IP address and the MAC address.
3. On my Airport Express I have Enabled NAT Port Mapping Protocol.
Once again, the camera works perfectly within my wi-fi environment, so I know it's (camera) going through the static IP at port 81. However, the problem is I can't access it from my external IP. Whenever I do a port check on my IP, the report says it's closed.
Not sure what I can do....I've brought the device to the Apple store and they have confirmed I've set everything up on my computer and device properly.
06-11-2012 01:00 PM
TG852G/TM722G, Airport Extreme or Airport Express... which is it? I hope you were more careful with your port setup than you were in describing it. Without the exact specfic setup (ie. screen shots, exact values, etc) it's hard to help here. As long as the Airport (whichever) is working normally and it's configured properly it should work. Did you try changing the port to something higher like 8080? Make very sure you have properly power cycled both the Airport AND the cable modem/ETMA (press and hold the Reset button until the modem reboots).
How are you doing the port check? Some of these online checks are pretty bad and should not be trusted. While I don't like the verbose nature of http://www.grc.com, that site does a decent job of checking individual ports. It correctly identifies the ports I have open for various purposes.
06-11-2012 11:25 PM
06-12-2012 07:54 AM
So, we have to "break apart" (bridge) the router because it is 3in1? Is that why the ports were unable to change? Thnx
No, you bridge it because the router and wireless components are real junk and do not work well. Bridging disables them so you can use your own router. There's nothing that says such a combo device can't work well, but the fact is that most gateways are compromised in one fashion or other to save cost, etc. By their very nature they are bottom of the pile performers and when you add the really ugly firmware that Comcast has loaded in their gateways, you get a recipe for disaster.
06-15-2012 11:23 PM
Try: cusadmin as the ID, and : highspeed as the password.
06-18-2012 02:47 PM
They gave: cusadmin as the ID, and: highspeed as the password.
06-18-2012 02:50 PM
Those are the userid and password on the Comcast Business class routers, ie the SMCD3G and the older SMC 8014. The userid on the Comcast residential gateways (like the Arris TG852, TG862, and SMCD3GNV) is "admin" and can't be changed (at least not by the firmware Comcast has loaded).
06-18-2012 11:09 PM
Hello. SOrry that I didnt give you the correc information, Im just not that great at technology, Heres what I know:
- Im using a Mac Desktop (Mac Os x Lion)
- My Ip adress is 10.0.0.7
- Im not sure what a softwire firewall is, but I think it is the problem
- My router ip is 10.0.0.1
If you could help me with my Software Firewall, that would be great.
06-30-2012 09:23 PM
I am also running security cameras via an IP DVR system with an Arris TM722 gateway to a NetGear WNDR3700 router.
I'm able to access IP cameras fine within LAN, and externally WAN via iPhone apps, however issues external via Safari and or IE.
For any external you need to confirm your external IP via IP Chicken or similar and insure using that external IP address and not the internal one assigned by your LAN router as this is internal IP only.
I think I got access using the default port 80, rather than port 87 or any other user selected port, but will need to retest.
Either way, it's very frustrating using these Arris gateways if you want to do anything besides vanilla use.
07-13-2012 07:19 PM
Would putting this wireless gateway in bridge mode help with the DNS issues (can't use a third party DNS) that it has? Sorry, sort of off topic, but it'll also help with the difficult port fowarding.
07-16-2012 12:27 AM
07-26-2012 09:47 PM
I have also run into the port forwarding issues. I called support and found out that this is not going to work with the residential gateways. The residential gateways use dynamic addresses for the the WAN port. The tech at support said the dynamic address will not pass Port forwarding from the public address to the private addresses. Port forwarding will only work within your LAN, once set up. There is no way to do port forwarding from the public dynamic ip address to a private LAN address on these new residential gateways. The tech said it is because they don't want residential users running a business server. The tech said if I wanted to run a server I would have to go to business class service and get the business gateway and a static ip address. He had the business rep send me a quote to change over to business. Well, doing this voids my discounts from the triple play package since residential and business are billed separately. The internet speed would be about half of what I get with triple play premium and would cost more than the triple play package. I decided to keep my triple play and use a host provider, Network Solutions. For about $13 a month they will host my site and that includes ftp access, and their hosting allows unlimited data transfer. The site can be dynamic with databases and application servers all included. So I don't need to have port forwarding any longer since my web site sits on Network Solutions Host server. Since I don't need to have my server PC on all the time now I turn it off when not in use here and save about $10 or so a month on my power bill.
So, bottom line is if you want a home server to be accessed from the internet you will need to go to Business class service, static ip's are not available from Comcast for Residential Gateways, any more, and the dynamic addresses are all that's available for the Residential gateways. .
09-20-2012 12:04 PM
I suggest that you have been lied to by a clueless tech. While the Xfinity Wireless Gateways are downright junk, they do in fact support port forwarding, just like any other consumer grade router on the market.
09-22-2012 12:02 PM
09-22-2012 05:49 PM
09-22-2012 05:56 PM
Because you're using port 80 and many consumer routers have problems with that and/or explicitly disallow it so that their admin interfaces continue to work. Try another port.
Other than that since you do not provide the details of your config, it's hard to say. Another issue is many routers have trouble routing from behind the firewall out to the public interface and back in again, so if you are hitting your public IP from a system on the local LAN that can cause trouble. I don't know if the Xfinity gateways suffer from this defect, but many routers do.
All in all, I go agree you should stop using the gateway, or have it bridged and use your own decent router, the gateways are know to have many, many problems, but I do know the port forwarding works (mostly), it's been confirmed many times. There many, however, be situations where it doesn't work but a blanket state that port forwarding does not work is completely false.
09-22-2012 09:46 PM
I went through this port forwarding problem when I switched to Comcast Internet a few months ago. Seems the new residential gateways will not allow port forwarding, period. I spent hours on the phone untill I finally got a tech who told me the news. If you want port forwarding from Comcast you need to switch to business class.
Instead I with with using an outside web host for $11 a month. They supply app and data servers as well and are up 24/7.
I would like to have port forwarding back but I'd probrably would have to buy my own gateway. Just too much hassle.
11-29-2012 05:46 AM
I have forwarded port 8080 on my Comcast-supplied Arris TG852G/CT. It works for me, but only if I browse to http://<my-ip-addr>:8080 from outside my firewall. For example, if I turn wifi off on my cell phone and browse to that IPort, it works. But if my browser is operating inside the firewall, it does not work. I get connection timed out.
Is there a way around this?
01-01-2013 01:22 PM
The Firewall Security Level on my account was blocking a program all of a sudden. Couldn't figure out what happened, but then after reading you email I realized that I had just recently modified my security setting to max. resetting it back to low lets the program run again. thanks for the heads up, it was driving me crazy and I couldn't get ANY help.
03-11-2013 02:17 PM
DMZ forwards all ports to the public IP. is it possible that the applacation you are using needs more than on port forwarded?
What app are you trying to forward the ports to? What port(s) are you trying to forward?
03-13-2013 10:15 AM
Use this tool to find the codes of your devices and to get specific instructions on programming the codes into your Comcast remote.
Alerts are an easy, quick way to manage your account and get information - like payment confirmations and your current balance.
©2011 Comcast | Investor Relations | Press Room | Corporate Blog | Privacy Statement | Visitor Agreement | Xfinity.com Feedback | Site Map