Skip to main content

    Support

    Offers

M
mynab
1st Topic

4 Messages

Friday, August 4th, 2023 2:48 AM

Closed

Port forwarding not working from inside network

Hi,

I have successfully opened some ports pointing to my server. I have a custom DNS entry to point to my IP, let's say server.home.com.

When I access https://server.home.com from outside my home, everything works fine. When I access https://server.home.com from inside my home, request fails. I have some apps that use that URL that I want to be able to use inside our outside.

This configuration was not working and then some months ago (can't remember when) after a reboot it suddenly worked without me changing anything. And then some weeks ago, following a new reboot, things are broken again...

Anyone facing the same issue? Any known workaround?

Thanks

Question

 • 

Updated 

2 years ago

202

2

0

XfinityKatie

Official Employee

 • 

744 Messages

2 years ago

Hello @mynab! Our team here does have very limited access to be able to troubleshoot and assist with port forwarding issues, but we will try our best, and our community will be here to help as well! Can you please go into further detail on what exactly happens when the request fails? Are you getting any error messages? Have you tried to remove and set up the port forward again using the steps in our portal forwarding guide to see if there is any difference?

2

0

mynab

4 Messages

@XfinityKatie​ Hi. Port forwarding was setup

  • Declare a DNS A record on WAN IP
  • Setup a webserver on one machine
  • Access web server using A record from outside => works
  • Access web server using A record from inside => does not work

Thanks for your help!

2 years ago

0

XfinityBenjaminM

Official Employee

 • 

2K Messages

Not a problem! We'll need you to send us a Direct Message with your full name and address to assist you further. Here are instructions on how to send us a DM in case you need them:

 

Click "Sign In" if necessary
 • Click the "Direct Message" icon (upper right corner of this page)
 • Click the "New message" (pencil and paper) icon
 • Type "Xfinity Support" in the to line and select "Xfinity Support" from the drop-down list
 • Type your message in the text area near the bottom of the window
 • Press Enter to send your message

 

We look forward to hearing from you.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick
I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

2 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

2 years ago

It's not port a forwarding problem, it's a local resolving issue.  I don't think Xfinity equipment will do that DNS loopback to the internal machine for you.

Some netgear gateways will.  If you want it to work reliably, you can do that with a firewall if you are handing the internal dhcp server and using a local resolver, or if you run your own internal DNS server and pass that as the first DNS server to your internal clients.  If you are opening ports to the world, you are going to want a means to protect them anyway.

5

0

mynab

4 Messages

@flatlander3​ Not sure it is a DNS resolution problem. If I run 'sudo tcpdump -v port 443' on the server machine, it sees traffic arriving. But then conversation stops without seeing valid HTTP packets coming in.

Plus it was literally working fine then I had to reboot the XFi Gateway because of slow speeds following an outage and then did not work anymore. So I am presuming something is happening in the modem... Plus XFi Gateway does not let you override DNS servers on DHCP server 😒 

(edited)

2 years ago

0

XfinityBenjaminM

Official Employee

 • 

2K Messages

Thank you for your reply. If you do require any additional assistance, please let us know.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick
I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

2 years ago

0

mynab

4 Messages

I require further assistance. Problem is not resolved.

2 years ago

0

EG

Expert

 • 

110K Messages

@mynab​ wrote;

​ Plus it was literally working fine then I had to reboot the XFi Gateway because of slow speeds following an outage and then did not work anymore. So I am presuming something is happening in the modem...

FWIW here. Perhaps that reboot operation forced a pull of a new firmware load that is now coded to disable NAT / DNS loopback (hairpinning) ? YMMV. It's strange because AFAIK, NAT loopback was disabled on Comcast rented devices many years ago for security reasons. Good luck with it ! 

(edited)

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick

2 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

@mynab​ Perhaps more useful, would be to add debugging to your app to tell you what is going on and where the failure is, or perhaps use the server's internal IP address instead for a test, and take a look at the server's https-error and access log rather than tcpdump.  Can you get to your web server by IP with a browser to verify it's working?  

And you are correct.  You can't change DNS with Xfinity equipment.  You'd have to do that by other means.  Nor is it a security solution. I'd also  recommend protecting open ports with something else, plus segregating exposed equipment on an isolated subnet.

2 years ago

0

forum icon

New to the Community?

Start Here