Visitor
•
1 Message
Port Forwarding Cache
The Xfinity's decision to handle its Xfi port forwarding in a "new way" is one of the dumbest decisions ever made in networking field.
Essentially every time you set a port-forward, this information is stored somewhere on ISP side and then updated to your router's cache from ISP alongside some other WAN settings. That's why you cannot set port forwarding settings when you directly access router through its ip address.
Now the biggest problem (and the one I'm currently dealing with) is that even after you update these settings it takes a while (or a specific event) to trigger an update from ISP to your router. Here is exactly what's happening to me now:
I used to have a port forward for all my port 80 (HTTP requests) to go to one of my devices at 10.0.0.x address. After removing that device from my network, removing the port forward settings, rebooting the device and deleting device settings from Xfinity app I set the new port forwards so that HTTP requests go to 10.0.0.y. Although this is what I can confirm by looking at app settings too my device doesn't receive these requests. After much research I figured these requests are still going to the old 10.0.0.x ip even though it's not assigned to any device on the network!!! I confirmed this by assigning 10.0.0.x address to another machine and guess what, the HTTP requests are still being routed to this device!
Although there's no way I can see this assignments anywhere in the app, the router has stored the previous assignments although the app shows the current assignments stored on ISP side. ISP still hasn't updated the assignment on my router or maybe ISP's way of storing these on their side is problematic that creates conflicting records. All I can do is to either fully reset my modem (althouh other posts on this forum suggest it might not work) or just sit around for a few days hoping this gets resolved. I had a similar issue with port 22 (for SSH) that was resolved only after the mac address used for the previous assignmet was offline for more than 12 hours and after a few resets and config removals.
flatlander3
Problem Solver
•
1.5K Messages
2 years ago
General rule of thumb? If you have to control it with a phone app (the least secure device you own) and have no local admin control, you don't want it.
From a security perspective, you don't want things on your network, initiating contact with a remote server for a configuration, or uploading data on their own anyway. Operating systems do it too -- windows telemetry/any voice enabled anything device, chromebook is pretty awful, cameras are notorious now, do you really want your cam feeds public?? Isolate them on an untrusted subnet and block the traffic with firewall rules.
You got to check manuals before you buy stuff now. If they don't publish one, you don't want it either. You don't have to "Be The Product", all the time.
0
Domsaleo
Visitor
•
4 Messages
2 years ago
Have had two techs come out and even changed my modem/router combo to no avail. The app has "confirmed" my ports are forwarded yet they are all still closed no matter what I do. Nobody has any clear answers. Would really hate to leave Xfinity, but this is insane.
1
0