Skip to main content

    Support

    Offers

V
VarzilTheGood
1st Topic
1st Reply

Visitor

 • 

4 Messages

Friday, April 15th, 2022 2:03 PM

Closed

Configuring DMZ has no effect

I regularly put one computer in the DMZ in order to test whether a firewall program has the ability to stealth all ports (no use running that test behind NAT!). I haven't done it since my last router upgrade, the one for 1.2GB. Using the Xfi app, I can put the PC's IP address in the DMZ. But even after I reboot it (and IPCONFIG /RENEW just for good luck) the ports all still show up as stealthed (using GRC.com Shields Up). I captured the output of IPCONFIG /ALL with and without DMZ and did a File Compare. Only differences are in the Temporary IPv6 Address and various "Lease Obtained" date/time stamps. As far as I can tell, putting the device in DMZ has no effect. OH one more thing--I disabled Advanced Security on the router because it interferes with other tests. QUESTION: HOW to get the test computer into a state where its ports are *not* stealthed by the router?

Question

 • 

Updated 

3 years ago

888

2

0

Was this helpful?

VarzilTheGood

Visitor

 • 

4 Messages

3 years ago

Followup: I tried disabling DMZ and using port forwarding. I figured maybe I could forward a collection of ports and see if *they* would come through as not stealthed. However, in every case when I tried to set up a port forward, I got "We're having some trouble". This happened with individual ports, port ranges, and presets (e.g. XBox One). 

0

0

VarzilTheGood

Visitor

 • 

4 Messages

3 years ago

Followup: I logged into the Gateway directly and found "IPv4 Firewall" and "IPv6 Firewall". I set each to Custom, checked Disable entire firewall, and saved settings. I went back to my Xfi app (can't use the gateway for DMZ) and put the test PC in DMZ again. Rebooted. No change in results--ports are still stealthed. Any ideas? Anybody? Bueller?

4

0

CCKimberly1

Official Employee

 • 

842 Messages

I do have a couple of questions for you. Are you using a VPN? Are you attempting to use port triggering? Is this your own modem or is this one of our leased ones? Have you enabled bridge mode? 

I no longer work for Comcast.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

3 years ago

0

VarzilTheGood

Visitor

 • 

4 Messages

@XfinityKimberlyB​ no vpn. no port triggering, just dmz. its the xfinity router, the 1.2GB one. no bridge mode.

3 years ago

0

CCAshley1

Official Employee

 • 

746 Messages

Is there a particular reason you want to stealth your ports? It won't make your computer invisible (as your open ports will still respond to a port scan), makes extra work for you, and breaks the rules of RFC 791 (TCP)

I no longer work for Comcast.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

3 years ago

0

user_d7b022

Visitor

 • 

4 Messages

I have an Xfinity supplied ARRIS Group, Inc. TG1682G modem/router.

Around the second week of May 2022, my DMZ stopped working and it had been working since 2018.  And up until May 2022, I was able to set everything up via the 10.0.0.1 address after logging in. 

But now everything is required to configure via the website: https://internet.xfinity.com/network/advanced-settings/dmz

And like the OP, I turned off Advanced Security (as others have noted to do) and it still does not work even though the DMZ shows as enabled and set to my LAN side router's WAN IP address (10.0.0.2).

Also odd, is the very next day when I log back into the website and check the DMZ, I see it is back to disable.

And even stranger, when I call Xfinity tech support (and got pushed back to the more experienced tech person) she said she can no longer access my modem from her end and it tells her to go to myxfi???!!!!  So, tech support can't log into my modem anymore.

I have a feeling the website is not passing the settings to the modem/router.

Yes, I can probably go to bridge mode but was avoiding that because of various reasons that don't need to be discussed here and I like the double NAT with both modems and the DMZ set for my modem.

Anyone figure this out yet?

This reply has been converted into a post

3 years ago

0

forum icon

New to the Community?

Start Here