Visitor
•
9 Messages
Unable to connect to web server inside my network with port forwarding.
I have a web server inside my network. I've set up port forwards to access it from outside. I have no problem accessing the server on ports 80 or 443 (http or https) from outside my LAN by my domain name. I can no longer access the web server from inside my LAN by domain name. I have other port forward mappings and those work fine. This is only affects ports 80 and 443. This is only affecting trying to forward 80 and 443 on the xFinity gateway and only since I got a new Comcast Modem.
XfinityAmandaB
Official Employee
•
1.5K Messages
2 years ago
Hello @user_01d45b thank you so much for your post for help with not being able to access your home network when away. There are a few great steps you can try first to see if they help! You can check out these articles for advanced security and router options. https://comca.st/3oORwxY and https://comca.st/34KcBmh
Let me know if you have tried these steps.
(edited)
0
user_01d45b
Visitor
•
9 Messages
2 years ago
I've turned off advanced security and that did not help. The NAT Loopback information was not helpful as it does not appear to pertain the the Xfinity modem.
4
0
flatlander3
Problem Solver
•
1.5K Messages
2 years ago
Your comcast modem/gateway is locked to their DNS servers. There is no local "resolver" in their firmware, it can't act as a proxy, and you can't change DNS settings, so there is no way to resolve a local address on your internal LAN.
You'll have to connect by it's internal LAN IP address. Or:
You can setup your own DNS server, and manually point your devices to that for a primary DNS server in the network connection settings. You can also do that with a 'hosts' file on windows and linux, but that's problematic when you switch to other networks, or you could buy a gateway that does have DHCP and a local resolver like "unbound" that will use the hostname of a dhcp or static connected client, and append whatever domain you want.
0
0
user_01d45b
Visitor
•
9 Messages
2 years ago
I'm not trying to go to a local UNC name I'm going to HTTPS://example.com. This URL is pointed to a server on my internal network. If I am on an external network (public library), I can get to it without any issues. If I go the URL from withing my internal network, it times out. I am utilizing other ports via port forwarding without any issues. Only Port 80 Port 443 exibit this problem.
1
0
flatlander3
Problem Solver
•
1.5K Messages
2 years ago
From the outside, your DNS records point to your External IP address. From there, the port forward redirects it to an address and port on your internal LAN.
From the INSIDE, you are asking an external DNS server. The web browser goes to the WAN address (your DNS record). Then it dies. The server isn't at your external IP. It doesn't know where to go after that. There's no loopback feature.
That is the expected behavior with your crippled comcast firmware and a web browser.
Other gateways can do it. They can forward/cache/proxy DNS and even loop back. If you are going to run a web server though, get a firewall. Then you can resolve both internal and external traffic, and run some attack mitigation for you. Your web server will get hammered if you expose one to the world directly with a port forward and don't run one on windows.
Once you are hijacked, you can end up with a lot of legal problems.
(edited)
0
0
user_01d45b
Visitor
•
9 Messages
2 years ago
Does anyone have a good make and model of a cable modem that will perform this function that is not Xfinity or Netgear. I had a netgear nighthawk that died after 5 months and I was able to access port 80 & 443 from within my network. Xfinity is totally incompetent and is unable to understand the problem. I have been talking to support several times a day and within several departments. I have been called a liar, I have been hung up on, I have been told someone will call me back and they never do. If Xfinity was not the only provider in my area I would drop them like a hot potato.
0
0
user_01d45b
Visitor
•
9 Messages
2 years ago
[Edited: “Inflammatory”].
Xfinity tech support could not understand what I was doing. No matter how many times I explaned it over a 2 week period, they kept thinking I didn't have internet access. On one communications they sent me 20 text messages with how to do port forwarding and how to set up WiFi. They even went as far as sending a technician to my house to check my cable signal ([Edited: “Language”]). I talked to 3 different tier 2 escalations. Nobody could fathom what [Edited: “Inflammatory”] me was trying to do.
I bought a Motorola MG8725 WiFi 6 Router + Multi-Gig Cable Modem. After only about 1/2 an hour of setup time, I am now able to access port 80 and port 443 from both an external network and my internal network.
Not only am I able to now access my data, but now my internet speeds are VASTLY improved.
If you are having this same problem DO NOT contact Xfinity they are clueless. Buy the Motorola MG8725 modem. I did my research and this is the modem people are raving about. It is NOT cheap, but 2 weeks without access to my data and the HOURS of fustration per day over 2 weeks caused by Xfinity's [Edited: “Inflammatory”] customer support is well worth the money.
(edited)
0
user_92d135
Visitor
•
1 Message
2 years ago
I have exact same issue......would really appreciate if someone can point me to the right direction here!!!! Something changed with Xfinity and now for about 6-7 months I can't access my external IP from inside of my network for ports 80 and 443.
4
0
yross
Visitor
•
1 Message
2 years ago
Hi everyone,
forget the port-forwarding for ports 80 and 443, it is not possible. The firmware installed in the router does not grant permission o open these ports.
I contacted Xfinity support many times until one day a supervisor said it is not possible.
To do it, you must have your own router and configure it as a bridge.
0
0
DeeArrBee
Visitor
•
1 Message
2 years ago
I have the exact same issue described here. I have an internal Archer 4k router and a web server. I set the DMZ and ports 80 and 443 on both routers to point to my Linux computer. It's accessible by domain name from a VPN and the ACME server (letsencrypt) was able to issue certificates. I can also see the hello world page at 10.0.0.2, but virtual server rules on apache do not kick in.
This was working fine with the old comcast Arris router (horizontal, looked like a set top box), but stopped working when I got the new box (vertical with fewer lights). I thought it was something on my end and spent hours troubleshooting before suspecting the modem and finding this thread.
Can I get money off my monthly bill if I buy my own modem and return the rental?
1
0