Skip to main content

    Support

    Offers

N
Nemuzko
1st Topic
1st Like

Visitor

 • 

3 Messages

Tuesday, December 26th, 2023 6:00 AM

Closed

Xfinity blocking Port Forwarding

As far as I can tell Xfinity is blocking port forwarding. 

Carrier Grade NAT is blocking my remote access to my device, is there any work around for this?

I have my own equipment.

Port forwarding is set up properly on my router.

My firewall is configured properly on the device and in my router. 

Question

 • 

Updated 

1 year ago

992

2

flatlander3

Problem Solver

 • 

1.5K Messages

1 year ago

The ports Xfinity blocks is here:  https://www.xfinity.com/support/articles/list-of-blocked-ports 

How you test port forwarding is important.  If you are trying to verify an open port with a website doing a port scan, many canned firewalls have built in DoS and portscan detection.  Hit too many ports rapidly, the offending source is blocked.  Sites that do this are frequently blocked by RBL lists if you are using one of those, or some other net nanny.  Only scan one port at a time, using the protocol the service is running.

For testing, use a utility like nmap.  If your phone has hotspot capability, try connecting to that and test using your phone's cellular connection, or test from somewhere off site.   VPN/anti-virus and other net nannies can be problematic.  You're are trying to test from a proxy that may or may not allow your traffic on the port you are testing.   See the command line flags on nmap.org.  Typical command will look something like:

# nmap -Pn -p 80 [destination IP]    (There are also protocol flags for UDP "-sU"  and other flags "-sS -sF and -sT), as well as a TCP traceroute type of scan.  A response of filtered means no response.  Closed could mean the port is open but the service is down.

You also have to verify the service is actually up and running/listening on the device's IP address and not a local only port (127.0.0.1).  Double Natd can also be problematic if you have it setup that way.  It can work, but it's easy to mess that up.

What do your firewall logs say?  

*I'd also add IPV6 isn't going to do you any favors if you are "tracking" the external IPV6 address.  It's going to change after a reboot and may change every few hours.  If you've got a firewall, do your port forwards to an isolated subnet using IPV4 to get it working first.  The debug the IPV6 part if you really need it for some reason.

(edited)

1

Nemuzko

Visitor

 • 

3 Messages

Upon attempting your solution I found that there is an extra step I needed to take to properly configure my router. 

I added the IP address provided by Xfinity to my router settings. 

Thanks for your help. 

1 year ago

0

XfinityChristy

Official Employee

 • 

2K Messages

1 year ago

@Nemuzko Thank you for reaching out via our Xfinity Forums. Have you had a chance to check out the link and information that was provided above? After reviewing please let us know if you have any questions. 

0

0

forum icon

New to the Community?

Start Here