I have added xFi Advantage to my subscription and it has created a lot trouble: I have been working with home servers remotely through SSH and RDP connections, and all of a sudden, I need to unlock each external IP to get my traffic through the ports. (By "external IP", I mean the IP addresses of off-site locations from which I will connect to home server.)
For xFi Advantage, the reporting system is intuitive, where each incidence of the SSH connection attempts to my Linux server has been logged properly. Yet, there are lags in how these incidences are reported, leaving the home server inaccessable for aroudn 10 minutes or so until the attempt is reported through the xFi App.
For RDP connections to another Windows server, all failed attempts are classified as "Threat", and I cannot permit any external IP to access through port 3389. When I use the WiFi from my library, my RDP conntions to the Windows server at home will fail. The error messages were complaining that the remote server does not exist.
Interestingly but not intuitively, once an external IP is "allowed" to access the Linux machine, RDP connections are allowed as well. For the library WiFi, after I tried to use the laptop with me to first fire SSH connection to the other Linux server at home and waited to allow the external IP's request to my SSH port, I can start using RDP connections again.
I wonder if there is a whitelisting tool that can:
Allow a list of external IPs to bypass the Gateway and reach the ports, thus the local machines? ==> Then, I don't have to wait for SSH exceptions to pop up, and then try the RDP connection.
Permit longer allawance to the known external IPs? Or, make it a variable?
More importantly, the tool should be able to take off allowed connections from the list.
One more bug: for now, nothing can be done to take away an allowed "Unauthorized Access Attempt". I also notice that my action to allow these attemps may have been reset within a day.
@ComcastBrittany (I read your posting about improvements for the port-forwarding tool.)
... View more
Thank you for clarifying that I am not supposed to ping the home router from any other IP addresses.
My problem with the connection to a home server under port 3389 (default for RDP) may have to do with the "xFi Advanced Security" tool on xFi ==> while its logging tool is not 100% capturing all log-in attempts into the home servers, it is a viable spot to approve IP addresses from which remote accesses were initiated.
Once granting access from a certain source to a certain home server, it shall white-list the source IP for 30 days.
Only IPs that have been whitelisted can ping the home router.
... View more
Starting this morning, I am having trouble accessing the ports on the XB6 modem rented from the Xfinity store. This involved both SSH ports and another 3389 port for Windows RDP connection. The conncetions start to be intermetent, with lags in graphics over RDP and lags in keystrokes in SSH ocnnection. Then, an hour later, I completely lose the ability to remote into home computers through either RDP or SSH.
After debugging for a few hours up to now, I finally arrived at a surprising fact: that I cannot ping the public IP address of the Modem when I use devices that are out side of the home network. With my public IP as XX.XX.XXX.XX, I simply run ping XX.XX.XXX.XX command to check the connection. It won't show anything when I am in my office, using the work-WiFI or using my phone's celleluar network. The only two expections where pinging the public IP may work, is either I am directly hooked up to my WiFi network at home, or connected through the XFINITY wifi that is "publically available" (I guess the two wireless networks are actually behind the same gateway or so)
Please confirm if you are able to ping your home router's public IP address from anywhere other than your home. This is very helpful debugging info for me. (Mainly, I want to avoid misunderstanding about the routing at the ISP level.)
... View more