Skip to content
propellertech's profile

New Member

 • 

1 Message

Tuesday, September 22nd, 2015 9:00 AM

Port forwarding will not work.

I've setup routers/modems before so this is not my first rodeo.

 

I've configured the router properly on the 192.168.1.0/24 network and all of our internal clients can access resources outside the private network.

 

My DynDNS address will successfully ping resulting with the internet IP address assigned to the router.

 

So, we can access the Internet but external traffic can get reach the router.

 

Port forwarding has been set up in the router with port 3389 forwarding to the IP address of the server where we want the users to access.

 

We can successfully internally ping the IP address of the server which accepts port 3389.

 

The problem is, that the router will not fulfill the forwarding of the external traffic to the internal server.

 

The router is a Cisco device type BWG Model# DPC3941B

 

Calling tech support has so far resulting in no success.

Accepted Solution

New Member

 • 

1 Message

9 years ago

For anyone who comes across this :

 

If you have this modem through comcast business , there are settings that only they can see by logging into your modem via phone support.  It is how it is programmed in the firmware.

 

For example :

 

Even with all settings for ports and firewalls turned off on your modem in the web setup page - you can still lose connecitons in it.

 

So don't waste your time - if you need it to do somwthing special you might as well call them.

Accepted Solution

New Member

 • 

3 Messages

8 years ago

After contacting FOSCAM Camera, they gave me a solution that works.  The DWG DPC39416B modem router does not Port Forward as previous Comcast models did.  

For every defined Port Forward entry you make, the firmware or software of the DWG DPC39416B modem router is SUPPOSED to generate 7 other Port Forward definitions with the SAME local IP, but with ports#s 53  80  88  500  3074  3544  4500 under the covers automatically.... Since this little detail is MISSING in the default installation of the CISCO DWG DPC3941B, it has to be done MANUALLY .. UGH...  But it does work..   refer to this URL distributed by FOSCAM:   https://portforward.com/cisco/dpc3941b/? 

Advocate

 • 

1.4K Messages

9 years ago

propellertech and welcome,

 

Please see my comments, questions, and replies below so we can further assist. Thanks

 

I've setup routers/modems before so this is not my first rodeo.

 

I've configured the router properly on the 192.168.1.0/24 network and all of our internal clients can access resources outside the private network.

 

Please let us know exactly which above router you are refering to 1.) the DPC3941B LAN DHCP Server, 2.) your External Router connected via ethernet cable and  does it use a Static IP adress? If your answer is 1.), why do you need to reprogram the DPC LAN DHCP Server from 10.1.10.1 to 192.168.1.0 and could you post your LAN configuration segent?

 

My DynDNS address will successfully ping resulting with the internet IP address assigned to the router.

 

Are you not using the Comcast standard Primary 75.75.75.75 and Secondary 75.75.76.76 DNS at all?

 

So, we can access the Internet but external traffic can get reach the router.

 

Port forwarding has been set up in the router with port 3389 forwarding to the IP address of the server where we want the users to access.

 

Please post your Port Forward command sequence used for port 3389.

 

We can successfully internally ping the IP address of the server which accepts port 3389.

 

Are you able to ping from inside the DPC3841B Advanced.Diagnostics.Test Connection area, if not from where?

 

The problem is, that the router will not fulfill the forwarding of the external traffic to the internal server.

 

Is the internal server connected directly via ethernet cable to a DPC3941 LAN Port or to your External router?

What is the IP Address of your internal server?

 

The router is a Cisco device type BWG Model# DPC3941B

New problem solver

 • 

49 Messages

9 years ago

???

New Member

 • 

3 Messages

8 years ago

..also... you only need one set of the 7 port#s per router, not for EACH port forwarded as implied..  

New Member

 • 

3 Messages

8 years ago

...also... be sure you test on a PC or mobile that is NOT on the router's network!!!!  You will get loopback issues... 

Once I addded the Port Forwarding for the 7 port#s  53  80  88  500  3074  3544  4500  at local 10.1.10.xxx  (anything will work for xxx),  I was able to access my FOSCAM camera's:   xxxxxx.myfoscam.org:xxxx


@gdermody wrote:

..also... you only need one set of the 7 port#s per router, not for EACH port forwarded as implied..  


 

New Member

 • 

3 Messages

5 years ago

As IT/admin for my company, I've had to deal with this router many times. I have tried to open ports on many occasions - ALL FAILED - whether it's a web server, mail server or security cameras, etc. Now I'm trying to open a Jamulus port on my "business" modem in my home.

 

I should mention here that I had an interesting conversation with a Comcas business support rep who bragged about having worked there for a number years. When I began discussing with him the port forwarding issue, he swore up down that in all his years he had never seen the problem I was having (NO PORTS WOULD OPEN). I finally convinced him (via his solutions) that the POS modem was so crippled that it would NOT open the ports.

 

Now at home on the same modem model, I'm trying to open ports 22124 for Jamulus and, of course, Comcast refuses (I guess I should have know better). Every Google solution says the same thing but never that it will not work. The Jamulus forums are full of folks trying the same thing and ALL HAVE FAILED or simply not come back to say what did work (they probably just gave up as I have).

 

So I chalked all the work issues I had up to "Oh, well" and then came face to face with the problem again here at home. Only this time, I'm here on the Comcast business forum to tell you straight up THIS MODEM IS CRIPPLED AND WILL NOT ALLOW YOU TO CONTROL YOUR PORT FORWARDING....IN SPITE OF WHAT THEIR TECH SUPPORT SAYS!!

 

So Comcast (if you're listening) quit bull****ing your users, especially those that know what they're doing) and just tell people frankly "You can't do port forwarding on the 3941B!!".

Problem solver

 • 

348 Messages

5 years ago

Hi there, thanks so much for taking the time to reach out to the Digital Care team here through the forums and we are so sorry to see that you are having an issue with your modem as this is not what we strive for. You have reached the right team to help make sure we get this taken care of. Can you please send us a private message with your name, the full address, and the account number? 

New Member

 • 

1 Message

5 years ago

I have the exactly the same problem. 

 

Basically what described on your website, https://business.comcast.com/help-and-support/internet/comcast-business-ip-gateway-static-firewall/, does not work. 


@tcross99 wrote:

As IT/admin for my company, I've had to deal with this router many times. I have tried to open ports on many occasions - ALL FAILED - whether it's a web server, mail server or security cameras, etc. Now I'm trying to open a Jamulus port on my "business" modem in my home.

 

I should mention here that I had an interesting conversation with a Comcas business support rep who bragged about having worked there for a number years. When I began discussing with him the port forwarding issue, he swore up down that in all his years he had never seen the problem I was having (NO PORTS WOULD OPEN). I finally convinced him (via his solutions) that the POS modem was so crippled that it would NOT open the ports.

 

Now at home on the same modem model, I'm trying to open ports 22124 for Jamulus and, of course, Comcast refuses (I guess I should have know better). Every Google solution says the same thing but never that it will not work. The Jamulus forums are full of folks trying the same thing and ALL HAVE FAILED or simply not come back to say what did work (they probably just gave up as I have).

 

So I chalked all the work issues I had up to "Oh, well" and then came face to face with the problem again here at home. Only this time, I'm here on the Comcast business forum to tell you straight up THIS MODEM IS CRIPPLED AND WILL NOT ALLOW YOU TO CONTROL YOUR PORT FORWARDING....IN SPITE OF WHAT THEIR TECH SUPPORT SAYS!!

 

So Comcast (if you're listening) quit bull****ing your users, especially those that know what they're doing) and just tell people frankly "You can't do port forwarding on the 3941B!!".


===

Port configuration

Port configuration rules are used to block or redirect specific traffic passing through from one side of the Comcast Gateway to the other. The traffic is managed by blocking or redirecting certain traffic, based on the port numbers that the traffic is using. Port numbers are assigned to specific network or Internet services:

  • HTTP, or Web, traffic uses port 80 or 8080
  • HTTPS, or secure, traffic uses port 443
  • SMTP and POP, or e-mail, traffic use ports 25 and 110

Inbound rules (from the Internet to your LAN) manage access for outsiders to private resources, selectively allowing outside users to access specific resources on your private LAN (for example: mail, Web, or FTP server). 

Outbound rules (from computers or users on your LAN to the Internet) determine what outside resources local users can have access to and are covered in the port blocking section.

The three firewall rules that can be configured to parse inbound traffic are:

  • Port Forwarding (inbound)
  • ​Port Triggering (inbound)
  • True Static IP Port Management (inbound)

The following firewall rule can be configured to parse outbound traffic:

  • Port Blocking (outbound): Enables you to restrict specific local hosts from accessing particular Internet applications.

Port forwarding

By defining an inbound rule, port forwarding can open a window so that incoming traffic can be directed to your computer. The rule tells the gateway to direct inbound traffic for a particular service to one local device, based on the destination port number.

This feature is used primarily for devices on your local network that can be accessed from the Internet. The Enable box must be checked in order to enforce a specific port forwarding rule.

Before implementing port forwarding, consider the following:

  • If the IP address of the local server PC is assigned by DHCP, it may change when the PC is rebooted. To avoid this, you can assign a static, private IP address to your server by manually configuring the server’s IP settings.
    • Be sure that the assigned IP is outside the range of DHCP addresses set on the Comcast Gateway but in the same subnet as the rest of your LAN.
       
  • Local computers (devices on the same subnet) must access the local server using the computers’ local LAN address (10.1.10.x, by default) instead of the public IP used to access it from external connections. Attempts by local computers to access the server using the external WAN IP address will fail.
    • ​Remember that allowing inbound services opens holes in your firewall. Only enable those ports that are necessary for your network.

To add a new port forwarding rule:

  1. Select Add new. The Port Forwarding add/edit screen will display.

  2. In the Application Name field, enter an application name to identify this rule.

  3. Enter the port number range in the Public port field. The assignable ports are between 1 and 65535. The numbers should match whatever is required for the applicable service being forwarded (for example, http traffic will use port 80 by default). Users on the Internet will use the public port to connect to the LAN device for which you are creating this forwarding rule.

  4. Enter the first port of the port range in the Private port field. The assignable ports are between 1 and 65535. The private port is the port on the LAN PC, where this rule will forward traffic. Typically this will match the public range, but may differ in some cases.

    • For example, SMTP traffic for email typically uses ports 25 and 110, but the mail server on the LAN can be configured to listen for requests on alternative ports. In these cases, the public ports will be set to the ports that the traffic type uses by default while the private port range will be set to match the needs of the server. The size of the private port range must match the size of the public port range and is automatically calculated for you.
  • Select the appropriate protocol from the Protocol drop-down menu (TCP, UDP, or both).

  • Enter the IP address of the device you want the traffic to be forwarded to in the IP Address field. If the destination device is connected to a router which connects to the Gateway, forward to the router IP, then create another forwarding rule in the router to the destination device. Select Connected Computers to locate the IP addresses of the devices connected to the Gateway.

  • Select Apply. The new port forwarding rule will display in the port forwarding table.

To edit an existing rule:

  1. Select the rule from the port forwarding rule table, and select edit. The Port Forwarding add/edit screen will display.

  2. Edit the rule as needed.

  3. Select Apply

Official Employee

 • 

276 Messages

5 years ago

Hello, thanks for sharing all this information about port forwarding on your modem. I know if you have been dealing with this issue for a long time this must be exhausting. I will do all I can to help. If I can get a private message I can locate your account and get more details. To start working on your account may I please capture your first and last name, your account number (or phone number), and your full-service address?

New Member

 • 

1 Message

5 years ago

I have been having the same issue. Called Comcast and they said if it's not working, they can only open a ticket and have someone look into this.

Official Employee

 • 

298 Messages

5 years ago

Hi, there! Thank you so much for your patience and for reaching out for help with the Port Forwarding concern. You have reached the right place for help. In order to further assist, would you mind clicking on my handle Comcast_Gabe and sending me a private message with your name, address, and your account number or a phone number linked to the account so we can help?

New Member

 • 

1 Message

4 years ago

I was able to get this working but not for long.

So I need to forward a port for HTTPS (TCP443).  I abbreviated my DHCP scope to make room for static IPs and then tried to forward a port.  No dice.  Called Comcast and after several calls they replaced my gateway telling me that it failed in an update and was "bricked".  I kept getting an error like "Check you information" when I tried to forward the port and then it would just go back to the port forwarding screen without forwarding the port.

Called them again and FINALLY conviced the moron I spoke with (that didn't even know what HTTPS is) to escalate to level 2 support or escalation.  The catch?  It will take 24 hours for them to get back to me.

A WEEK LATER they finally get back to me and tried to tell me the modem was bricked again.  I hung up on them.

I thought about this for a while and tried a different approach: I re-expanded the DHCP scope and added a DHCP reservation for my server, as opposed to using a static IP.  It worked!  So it will forward to IPs in its DHCP scope.

Then, I had it for a few hours and it suddenly stopped working.  I rebooted the gateway and still not working.  I deleted it and re-added it and.....it worked again for a short time.  Then it stopped working.

I am going to replace this piece of shi7 gateway with one I am going to buy myself that has real customer service, unlike ANYTHING at Comcast.