I have added xFi Advantage to my subscription and it has created a lot trouble: I have been working with home servers remotely through SSH and RDP connections, and all of a sudden, I need to unlock each external IP to get my traffic through the ports. (By "external IP", I mean the IP addresses of off-site locations from which I will connect to home server.)
For xFi Advantage, the reporting system is intuitive, where each incidence of the SSH connection attempts to my Linux server has been logged properly. Yet, there are lags in how these incidences are reported, leaving the home server inaccessable for aroudn 10 minutes or so until the attempt is reported through the xFi App.
For RDP connections to another Windows server, all failed attempts are classified as "Threat", and I cannot permit any external IP to access through port 3389. When I use the WiFi from my library, my RDP conntions to the Windows server at home will fail. The error messages were complaining that the remote server does not exist.
Interestingly but not intuitively, once an external IP is "allowed" to access the Linux machine, RDP connections are allowed as well. For the library WiFi, after I tried to use the laptop with me to first fire SSH connection to the other Linux server at home and waited to allow the external IP's request to my SSH port, I can start using RDP connections again.
I wonder if there is a whitelisting tool that can:
Allow a list of external IPs to bypass the Gateway and reach the ports, thus the local machines? ==> Then, I don't have to wait for SSH exceptions to pop up, and then try the RDP connection.
Permit longer allawance to the known external IPs? Or, make it a variable?
More importantly, the tool should be able to take off allowed connections from the list.
One more bug: for now, nothing can be done to take away an allowed "Unauthorized Access Attempt". I also notice that my action to allow these attemps may have been reset within a day.
@ComcastBrittany (I read your posting about improvements for the port-forwarding tool.)
... View more
To host a pair of home servers (one Windows and one Linux), I upgraded my service plan with Xfinity and have got unlimited data under xFi Advantage program. For the first few days, I can have very smooth connection to my servers. Things suddenly changed this morning, when I first experience lagging connections, and then completely no connection at all.
Let me first show you two examples of the lagging events: for one, it is during an SSH session where I was remoting back to the Linux machine running at home. As explained in the text (also copied in full below), I keep typing and will press i when I see a lag. During the typing of such a short paragraph, there were 3 noticeable lag-events that happened.
# 2019-07-10 20:34:45
This is a test where I will be keying things continuously, and at a point, all
inputs will freeze. After that, I will keep pressing character `i` on my
# 2019-07-10 20:35:14
While, this is a longeriiiiiiiiiiiiiiiiiiiiiiiiiiiiii than I expected, but I
caught it. Those `i` are inputted after I can no longer see a reflection of my
current typing on the screen. Now, let's see if we can capture for another one.
This problem has started early iiiiiiiiiiiiiiiiiiiiiiiii today, in the morning.
And, every time when this lag shall occur, on SSH front, the connection can be
resumed rather quickly. Yet, it can produce a funny graphics on the RDP
connection (for Windows REmotesi iiiiiiiiiiiiiiiiii Windows remote
iiiiiiiiiiiiiiiiiiiiiiiii Windows remote desktop connection.) Have fun :)
Link to the demo of how things are lagging in SSH connection Lagging SSH connection
On more example goes funnier: during Remote Desktop Connection sessions, all pixels on the screen will freeze for an indefinite amount of time (2-15 seconds), where all keyboard inputs and mouse-clicks are staged but not displayed. Later, as shown in this funny recording of my clock in the system tray, all the pixels that were supposed to get projected will fast forward and show up quickly.
These are my current problem, leaving the upgrade pointless as neither SSH nor RDP connection yields a stable work environment.
I have contacted the customer support and have got the modem replaced. The same lagging problem still persists. In total, I have spent 5+ hours on the phone, again, to debug the following list of issues:
RDP connection cannot be established under proper settings on the Gateway and on both the server and the client machines
Solution: check if Advanced Security has been intercepting the connection in the first place. (This is an xFi feature.)
SSH connection cannot be established (again, under proper settings):
Solution: again, check if Advanced Security stood in your way
Cannot connect to VPS servers having public IPs:
Personal solution: ended up replacing the Gateway all together.
Symptom: simple ssh server_address command cannot establish the connection when using a computer hooked up to the Gateway at home. I can connect to the VPS under its server_address using WiFi in other locations (say, office, coffee shop).
Please follow up and report if you observe an identical problem with Technicolor CGM4140COM (my replacement Gateway) and please advise if you know how to solve the lagging problem.
... View more
Thank you for clarifying that I am not supposed to ping the home router from any other IP addresses.
My problem with the connection to a home server under port 3389 (default for RDP) may have to do with the "xFi Advanced Security" tool on xFi ==> while its logging tool is not 100% capturing all log-in attempts into the home servers, it is a viable spot to approve IP addresses from which remote accesses were initiated.
Once granting access from a certain source to a certain home server, it shall white-list the source IP for 30 days.
Only IPs that have been whitelisted can ping the home router.
... View more
Starting this morning, I am having trouble accessing the ports on the XB6 modem rented from the Xfinity store. This involved both SSH ports and another 3389 port for Windows RDP connection. The conncetions start to be intermetent, with lags in graphics over RDP and lags in keystrokes in SSH ocnnection. Then, an hour later, I completely lose the ability to remote into home computers through either RDP or SSH.
After debugging for a few hours up to now, I finally arrived at a surprising fact: that I cannot ping the public IP address of the Modem when I use devices that are out side of the home network. With my public IP as XX.XX.XXX.XX, I simply run ping XX.XX.XXX.XX command to check the connection. It won't show anything when I am in my office, using the work-WiFI or using my phone's celleluar network. The only two expections where pinging the public IP may work, is either I am directly hooked up to my WiFi network at home, or connected through the XFINITY wifi that is "publically available" (I guess the two wireless networks are actually behind the same gateway or so)
Please confirm if you are able to ping your home router's public IP address from anywhere other than your home. This is very helpful debugging info for me. (Mainly, I want to avoid misunderstanding about the routing at the ISP level.)
... View more