Community Forum

port forwarding is not reliable.

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

New Poster

port forwarding is not reliable.

I have a Linux computer connected by ethernet cable to the Router.  I have an SSH server running on the computer and I can access it from within the LAN (wireless or wired).

The computer uses a reserved IP address in the LAN.

I added a port forwarding rule by logging in at 

It worked sometimes.  Mostly it does not work.  I can scan the ports of the public IP address of the Router and can see port 22 sometimes available but not very often.  But it is always visible when scanning the ports of the Linux computer from within the LAN.


The router makes a determination of what is an "active" device on the LAN and which are "offline".  from my experience this determination is pretty flaky and unreliable.  It also seems to affect the behavior of the port forwarding.


Worse, in an effort to fix this i went to the Xfinity forums and saw a discussion of Port forwarding using the Xfi website.  I tried to use that and now i cannot set a port forwarding rule in Xfi or in the local Ui of the router.  In other words, by accessing the Xfi page i seem to have messed up the entire router behavior for port forwarding completely.



I simply want to forward port 22 for 1 computer connected via ethernet cable.  this is the most basic setup i can imagine but it does not work reliably in the best case scenario and now is not working at all.


Frequent Visitor

Re: port forwarding is not reliable.

Hopefully you find some bits helpful.

I experience port forward misery as well, Xfinity keeps pushing firmware out that redirects you to the web site to do this work. But the web site times out. To resolve, they state a hard reset to factory defaults (thus removing new firmwar eupdates from Xfinity and thus removing the redirect to port forward on web site). That reset works till they push updates to your device again.


It seems when they push updates to manage ports on web - they copy all port mapping to the web and (in my case) these work.

It fails if I go in to the web site to try to add/delete/adjust - it does not function.


Another bit of info - I decided to set Xfinity in Bridge mode and stand up a router inside to do DHCP/NAT and Port forwarding - removing (reducing) Xfinity updates from impacting my LAN.


Going Bridge has not produced any negative impacts and only delivered positive results. Might be worth a try on your setup. Good luck and I would be interested in your results.

New Poster

router determination of "active devices" is not done right and causes problems with port forwarding

This is somewhat related to a question about port forwarding i asked yesterday.


I have a Linux computer connected by ethernet cable to the router.

It is shown in the "offline devices" list despite the fact that i have been pinging it continually every 1 second for about 10 minutes AND i am logged into that machine over the LAN network from the computer i am using to type this message.  So, the device is on the network and has significant traffic then how can it be determined to be offline.


And at the same time, i have a wireless HP printer on the same LAN. It is in a sleep mode and has been for about 18 hours but somehow it is showing in the active devices list.


This does not make sense.  What is the determining factor for "active" vs "offline"?  Please make this better.




New Poster

Re: port forwarding is not reliable.



Thank you for the explanation of the use of bridge mode and an additional router. 

so, basically you bought your own wired/wireless router and just use one wired ethernet port of the Xfinity box to gain WAN access?

do you have an example of one such product?  either way, are there any specific things to look for in such a product?




Re: port forwarding is not reliable.



so, basically you bought your own wired/wireless router and just use one wired ethernet port of the Xfinity box to gain WAN access? 

Only ethernet / LAN port number 1 is active when the gateway device is in bridge mode.

I am not a Comcast Employee.
I am a fellow customer, volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark the post as best answer!
Frequent Visitor

Re: port forwarding is not reliable.

There are some write ups (sticky) above on Bridging. But basically it look like this.

And Yes to your question on using Port One from Xfinity to My WAN port of my router


--->Xfinity Modem (Bridge mode)-----> Your router----->Your device (WiFi or Hardwire)

Xfinity device acts like a Pipe (no smarts) and passes a public IP to your router

Your Rrouter WAN is set to DHCP and obtains a IP (public) from Xfinity device

Your Router LAN is set to hand out IP through DHCP/NAT

Your device gets a IP (private) from your router


In my case I use a everyday Apple Airport Express as "My Router" but any basic router will do these functions


2. NAT

3. Port mapping/forwarding


I good thread on this is "Gateways and Bridge Mode " by CCjesse


Re: router determination of "active devices" is not done right and causes problems with po

Maybe the printer is getting the IP address from the router but the Linux box has static IP?

It could be that.


I know... try to ping your Linux machine from another computer or from the router itself.  If

Linux's firewall blocking external pings, that could be why the router says its offline.


New Poster

Re: router determination of "active devices" is not done right and causes problems with po

It appears to me that only wireless connections are even seen on the myxfi page on the internet. Basically, xfinity and comcast have created a worthless web application to replace a reasonable firmware interface on the router.  I want to port forward a specific port in order to rdp across the internet with a reasonable level of security.  The whole web interface stinks.