Community Forum

Whitelisting external IPs to bypass xFi Advanced Security to reach home servers?

New Poster

Whitelisting external IPs to bypass xFi Advanced Security to reach home servers?

 I have added xFi Advantage to my subscription and it has created a lot trouble: I have been working with home servers remotely through SSH and RDP connections, and all of a sudden, I need to unlock each external IP to get my traffic through the ports. (By "external IP", I mean the IP addresses of off-site locations from which I will connect to home server.)

 

For xFi Advantage, the reporting system is intuitive, where each incidence of the SSH connection attempts to my Linux server has been logged properly. Yet, there are lags in how these incidences are reported, leaving the home server inaccessable for aroudn 10 minutes or so until the attempt is reported through the xFi App.

 

For RDP connections to another Windows server, all failed attempts are classified as "Threat", and I cannot permit any external IP to access through port 3389. When I use the WiFi from my library, my RDP conntions to the Windows server at home will fail. The error messages were complaining that the remote server does not exist.

 

Interestingly but not intuitively, once an external IP is "allowed" to access the Linux machine, RDP connections are allowed as well. For the library WiFi, after I tried to use the laptop with me to first fire SSH connection to the other Linux server at home and waited to allow the external IP's request to my SSH port, I can start using RDP connections again.

 

I wonder if there is a whitelisting tool that can:

  1. Allow a list of external IPs to bypass the Gateway and reach the ports, thus the local machines? ==> Then, I don't have to wait for SSH exceptions to pop up, and then try the RDP connection.
  2. Permit longer allawance to the known external IPs? Or, make it a variable?
  3. More importantly, the tool should be able to take off allowed connections from the list.

One more bug: for now, nothing can be done to take away an allowed "Unauthorized Access Attempt". I also notice that my action to allow these attemps may have been reset within a day.

 

@ComcastBrittany (I read your posting about improvements for the port-forwarding tool.)

New Poster

Re: Whitelisting external IPs to bypass xFi Advanced Security to reach home servers?

Would someone frim Xfinity PLEASE look at this question.

 

I can find NO list anywhere on Xfi to set up a white list.  There are a couple sites that I rely on for updates (e.g. http://cdns.distrib.naviextras.com/content/. . .)  for navigation updates and <Edited> xFi continues to block it

 

Hello . . . anyone from Comcast there??