Server Test Hosting Question

@kylebellamy​  Port forwarding on Xfinity gateways is a bit problematic in general.  You've got the Yugo of networking gear.  For it to work, people say you can't use a static assigned IP address for the target machine, you need to be in the DHCP pool.  Then if you can see the target machine in the app, you can forward a port, provided the port isn't in the blocked list:  https://www.xfinity.com/support/articles/list-of-blocked-ports  I don't know if it does port ranges or not.  I don't use their gear. 

It's also unclear when you change something in the phone app, how that gets communicated to your gateway, and when exactly that happens.  You've supposedly changed something in a remote database on their end.  But then, when does that get to you?  Unknown.  You might try pulling the power cord on the gateway after you make the change in the phone app, wait a minute to wipe out memory in the gateway, then plug it back in.  Perhaps the config on the gateway will contact the remote database and update when it reconnects and it will work.  If you search this forum, you'll see lots of port forwarding issues.  Maybe there is a better way, or someone else will chime in.

Cheap Advice?

Now in general, blowing holes in your firewall, and pointing the entire world directly to an application running on a box no matter what the OS is, without anything mitigating inbound connections, and exposing everything on your network on a single subnet?  Well that's just not a very good idea.  If that application is compromised, you've exposed your entire network.  I'd be careful with that kind of thing.  Better, would be to isolate such a thing on it's own subnet.  

If it's just you and some friends, perhaps better, would be to just open up a single port, and run and OpenVPN or Wireguard server (free).  So are the clients.  You control the accounts.  Then they can VPN and login to your box running the server, you can isolate access just to that box, and they can get to the application you are running.  The benefit there is that if anyone else in the world doesn't have an encrypted key and account, they can't even talk to the open port.  It will offer you some protection.  Both are well documented with tutorials.  

Thanks for the information. The server is extremely limited to just friends, so the firewall messing around was mostly to test where the issue might be. The reason for the port spread which is just 2302-2305 is that the server uses them for connection for users but also to connect to Steam to verify users as well as check file versions for updates. 

Will try the hard reboot to see if that helps as that is something I hadn't thought to try but makes sense in retrospect. I'd love to just replace the router with my own, but not financially comfortable at present, so not going to do that. 

@kylebellamy​  Wireguard is probably the more simple one to setup for that.  It's UDP protocol.  

A port check will fail for the wireguard server even if the port is open and the server is running because the port check doesn't have the encryption key :)

You can verify the server works by using wireguard client on a phone using cell service when you have it setup, then try your app that way.  You can also spin up a temporary web server on your box to if you have to just for a sanity check, to see if you can get to that with your phone when VPN connected or something like that.