ANSWERED: How to set up Port Forwarding on your Comcast modem

 There have been some resent requests to understand and set up port forwarding. This article will explain what port forwarding is and how to use it on your in-home network. 

What is Port Forwarding?

Similar to a wall in your home, your Wireless Gateway keeps out potentially harmful risks from the Internet, while opening doors or "ports" for safe Internet traffic.

Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this:

In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same.

When to use Port Forwarding?

Some applications require a designated port in order to work properly, and that's where port forwarding comes in handy. Port forwarding is also commonly used for:

• Video games
• Some email applications like POP3
• Instant messaging
• Video conferencing
• Peer-to-peer file sharing
• Remote computer access
• Phone service that leverages voice over IP technology

Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.

WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. The user assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding.

What else can I do with Port Forwarding?

The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine.

What is a Port Number?

All incoming traffic will include a network port number to identify the type of traffic being sent. To find the port number of the traffic you're looking for, contact the service developer or search online. Common port numbers are Port 80 (web servers) and Port 443 for Secure Socket Layer traffic.

What is an IP address?

Every device connected to your home network is assigned an IP (Internet Protocol) address. Your wireless gateway communicates with your network devices by automatically assigning local addresses or IP address, such as 10.0.0.1.

Setting Up Port Forwarding in the Wireless Gateway Admin Tool

**NOTE**: This option to set up port forwarding is only available to customers using non-xFi Gateways. If you have an xFi Gateway you will receive a message letting you know you must use the xFi app to set up port forward (see directions below).

To turn on the port forwarding function on your gateway, follow the steps below to create a rule.

1. Go to http://10.0.0.1 using a device that is connected to your network.
2. Log in to the Admin Tool:
   • Username: admin
   • Password: password (unless you changed it)
3. Select the Advanced menu in the left pane, then click Port Forwarding.
4. Select Enable. The button will turn green.
5. Click +ADD SERVICE in the Port Forwarding box. The Add Service page will appear.
   
    
6. Select the appropriate option (FTP, AIM, HTTP, PPTP), from the Common Service drop-down menu.
   • Selecting one of these options will automatically populate the start and end ports below the Common Service field. For a service not listed, select Other and type Service Name in the field.
7. Select the Service Type. The Service Type is the protocol used for sending data over the Internet. The default is TCP/UDP.
   
    
8. Click CONNECTED DEVICE to select the device on your network and populate these fields for the IPv4 Address or IPv6 Address fields. If the CONNECTED DEVICE button doesn't appear on the page:
   • Open a new browser window, follow Steps 1 and 2 from above, and go to Connected Devices > Devices, as shown below.
   • Click the name of your device for which you want to add the port forwarding rule, under Online Devices' Host Name.
   • Highlight and copy the IP address.
   • Return to the previous browser window and paste the IP address. The start and end ports will populate only if you selected one of the four Common Services. If not, enter the port numbers that are required for the game or service for which you want to add the port forwarding rule.
     
      
9. Click Save. You have created a port forwarding rule on your home network, but before you log out of the Admin Tool, take note of your WAN IP address (as seen below). You'll need this information to begin using the game or service.
   

Setting Up Port Forwarding with XFINITY xFi

1. Visit xfinity.com/myxFi or open the xFi app and sign in with your XFINITY username and password.
2. Select More. (If you are using the xFi app, select More from the bottom navigation bar and then select Advanced Settings.)
3. Select Port Forwarding from the menu.
4. Select Add Port Forward.
   
   **Note**: If you've previously set up a port forward from your Gateway's Admin Tool (http://10.0.0.1), you should see it listed in the xFi Port Forwarding settings. Once you access port forwarding, Bedtime Mode or pause/unpause a device through xFi, you will no longer be able to access similar features (port forwarding, block or scheduled block) through the Gateway's Admin Tool (http://10.0.0.1).
5. Choose the household device for the port forward you are setting up from the drop-down list of connected devices. Note: If you don't see the device listed, it may not be connected to your home network.
6. Choose from the list of common applications to use a recommended, preset configuration (e.g., Xbox or PlayStation) or select Manual Setup to enter specific port numbers, ranges and/or protocols.
7. Select Apply Changes to complete the setup of the port forward.
8. The device you set up for this port forward can now use these settings.
   
   **Note**: If you are unsure what port settings to choose, reference the device manual or the application you are trying to use. Opening unnecessary ports is not recommended, as it poses a security risk.

We have had some customers that have experienced issues with port forwarding when using xFi. the team responsible is working diligently on getting this resolved as soon as possible. In the mean time, here are some FAQ's that could help to resolve your issue.

Is your device currently connected to your home network?

If the device is not currently connected to your home network, adding a port forward may not work. Try connecting your device to your home network and then setting up the desired port forward. Connecting to your network first will ensure the device has a valid DHCP address within the DHCP range for port forwarding.

Are port forwards you previously set up not appearing in xFi? When attempting to set up a port forward, are you receiving a message that we’re having some trouble, or that the port you are trying to set up already exists?  

If you have previously set up a port forward but it is not appearing in xFi, or when attempting to set up a port forward, you are receiving a message that we’re having some trouble, or that the port already exists, editing your LAN settings may resolve the issue. This will clear any pre-existing port forwards that may not be appearing in xFi but are causing issues, and should allow you to successfully set up new port forwards. Any small adjustment made to your LAN settings should be enough to clear existing port forwards. Once the changes have been applied, you can immediately change the settings back to the previous if desired.  Once completed, try setting up your port forwards as desired. .  

Have your LAN settings recently changed?

If you changed your LAN settings, port forwards you previously set up will no longer work. You will need to set up your port forwards again.

Does the device you’re attempting to set up a port forward for have an IPv6 address?

xFi does not currently allow you to set up port forward for devices that have an IPv6 address since port forwarding should not be needed for these devices.  If the device is dual stack (has both an IPv4 and IPv6 address) the IP recognized by xFi depends on which address your device defaults to. Port forwarding can only be configured in xFi if the device is using the IPv4 address.

To join the discussion about xFi and port forwarding, go here: https://forums.xfinity.com/t5/Xfinity-xFi/xFi-Port-Forwarding-Troubleshooting/td-p/3013253