There have been some resent requests to understand and set up port forwarding. This article will explain what port forwarding is and how to use it on your in-home network.
Similar to a wall in your home, your Wireless Gateway keeps out potentially harmful risks from the Internet, while opening doors or "ports" for safe Internet traffic.
Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this:
In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same.
Some applications require a designated port in order to work properly, and that's where port forwarding comes in handy. Port forwarding is also commonly used for:
Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.
WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. The user assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding.
The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine.
All incoming traffic will include a network port number to identify the type of traffic being sent. To find the port number of the traffic you're looking for, contact the service developer or search online. Common port numbers are Port 80 (web servers) and Port 443 for Secure Socket Layer traffic.
Every device connected to your home network is assigned an IP (Internet Protocol) address. Your wireless gateway communicates with your network devices by automatically assigning local addresses or IP address, such as 10.0.0.1.
**NOTE**: This option to set up port forwarding is only available to customers using non-xFi Gateways. If you have an xFi Gateway you will receive a message letting you know you must use the xFi app to set up port forward (see directions below).
To turn on the port forwarding function on your gateway, follow the steps below to create a rule.
We have had some customers that have experienced issues with port forwarding when using xFi. the team responsible is working diligently on getting this resolved as soon as possible. In the mean time, here are some FAQ's that could help to resolve your issue.
Is your device currently connected to your home network?
If the device is not currently connected to your home network, adding a port forward may not work. Try connecting your device to your home network and then setting up the desired port forward. Connecting to your network first will ensure the device has a valid DHCP address within the DHCP range for port forwarding.
Are port forwards you previously set up not appearing in xFi? When attempting to set up a port forward, are you receiving a message that we’re having some trouble, or that the port you are trying to set up already exists?
If you have previously set up a port forward but it is not appearing in xFi, or when attempting to set up a port forward, you are receiving a message that we’re having some trouble, or that the port already exists, editing your LAN settings may resolve the issue. This will clear any pre-existing port forwards that may not be appearing in xFi but are causing issues, and should allow you to successfully set up new port forwards. Any small adjustment made to your LAN settings should be enough to clear existing port forwards. Once the changes have been applied, you can immediately change the settings back to the previous if desired. Once completed, try setting up your port forwards as desired. .
Have your LAN settings recently changed?
If you changed your LAN settings, port forwards you previously set up will no longer work. You will need to set up your port forwards again.
Does the device you’re attempting to set up a port forward for have an IPv6 address?
xFi does not currently allow you to set up port forward for devices that have an IPv6 address since port forwarding should not be needed for these devices. If the device is dual stack (has both an IPv4 and IPv6 address) the IP recognized by xFi depends on which address your device defaults to. Port forwarding can only be configured in xFi if the device is using the IPv4 address.
To join the discussion about xFi and port forwarding, go here: https://forums.xfinity.com/t5/Xfinity-xFi/xFi-Port-Forwarding-Troubleshooting/td-p/3013253