dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14722
share rss forum feed

Gary13579

join:2008-11-20
Minneapolis, MN

Comcast blocking incoming ports?

I've heard that Comcast will block incoming connections on port 80 on non-business connections. And from multiple others who use Comcasts themselves...

Is this true? Am I somehow blessed by the fact that they're not blocking me? I can access my web server on port 80 from anywhere... is this something that could change?


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
The Comcast "Terms of Use" prohibit running servers accessible from the Internet. Which means that they could block specific inbound ports, if they deem it necessary to protect their network from abuse. And end users would have no recourse via tech support, WRT getting ports unblocked.

If it works, I'd say go ahead and use it. But if it stops working, don't expect Comcast support to help you.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Chuckles0
Premium
join:2006-03-04
Saint Paul, MN
reply to Gary13579
I'd say it's not blocked I get hits on my firewall event log for port 80 all the time.


Anon_One_Two

@comcast.net
reply to Gary13579
said by Gary13579:

I've heard that Comcast will block incoming connections on port 80 on non-business connections. And from multiple others who use Comcasts themselves...

Is this true? Am I somehow blessed by the fact that they're not blocking me? I can access my web server on port 80 from anywhere... is this something that could change?
They should have done this years ago when other ISP's did it. If they catch you running that server your account will be closed.


Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink
reply to Gary13579
»Comcast High Speed Internet FAQ »What ports does Comcast block?

Mostly just DHCP, MS RPC, and SOCKS. I've been running domains on Comcast for 7+ years without issues (mail, DNS, web, ssh, etc).
--
Interested in open source engine management for your Subaru?

Gary13579

join:2008-11-20
Minneapolis, MN
This actually brings up a very good point. If Comcast blocks access to my local SSH server, I will close my account in a second.

I can understand blocking SOCKS, FTP, and even HTTP... but blocking stuff like SSH, VNC, RDP... I will happily leave them if this is the case. These are for personal use when outside of my network to access my computers. They should have no reason to stop stuff like that.


dillenger69

@comcast.net
reply to Gary13579
Some time in the last month Comcast began blocking everything for me. As recently as last month I was able to connect to my home machine for remote access or just check windows home server to see if things were up. Not so as of the last few days. I tried everything too. I verified teh IP address, I made sure upnp was working and that everything configured ok, I put the WHS in the DMZ of my router. I even took the WHS out of the picture and popped a normal box with no firewall in the DMZ with apache on it. Nothing worked from port 80 to port 65123. I can connect to said box from any machine on my lan but not from anything using the external IP. This stuff was working a month ago. feh.
Unfortunately, I can't get DSL so Comcast is my only broadband choice. I'd call them but their "tech support" is worthless. I know we are't supposed to "run servers" but I was hoping that wouldn't count RDP connections and the like.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL
Comcast is probably not block your services, you might want to open up a thread explaining which services you are trying to use and the make/model of the router and how it is set up.


dillenger69

@comcast.net
The thing is, it was working and I didn't change anything, now it's not working. I suppose the only thing I haven't done is take the router out of the mix. No harm in doing that to see. I can always remote in to work from here and hit another box and try a wget or curl to my home IP to see if it made a difference.


dillenger69

@comcast.net
Feh, even without a router in place nothing works except locally. I can get out but not back in. It's like they are blocking everything. There's got to be a way around it, heck if I can think of it though.

It would be interesting to see if anyone else out there in Snohomish County in western Washington is having similar issues.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

1 edit
I would definitely open up a thread listing the services, the make/model of the router and your area. There are a few ports that they block, but unless its changed recently, its a short list.


delusion ftl

@algx.net

2 recommendations

reply to Gary13579
It's important for everyone to understand that on the comcasts network ports are blocked by your very own cable modem. The config file clearly states which ports your cable modem is to block and it does so. Comcast only has pretty much one config type and it only blocks a handful of ports that does not include 80 or 21. They also have a config file they will send to your modem that blocks 25 if they feel you've abused the mail.

This means that 99% of the time when someone claims a port is being blocked (that is not in the generic config file) it is not comcast.


dillenger69

@infospace.com
well ... isn't this special. It wasn't working for about a week and I actually got frustrated enough to contact the comcast chat-bot. I sit at work to try the exact same operation that failed last night and boom ... it works fine. Nothing changed on my end. They must have glanced at my chat log and changed something.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

1 edit
Considering the amount of chat logs that must be generated everyday, somehow I doubt that. Glad it is now working for you.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
reply to dillenger69
"Post hoc, ergo propter hoc." Name of a logical fallacy.


Yikes

@comcast.net
reply to Gary13579
said by Gary13579:

This actually brings up a very good point. If Comcast blocks access to my local SSH server, I will close my account in a second.

I can understand blocking SOCKS, FTP, and even HTTP... but blocking stuff like SSH, VNC, RDP... I will happily leave them if this is the case. These are for personal use when outside of my network to access my computers. They should have no reason to stop stuff like that.
If they would block everything on port 80 you only would need to chnage the port your server is on.

Gary13579

join:2008-11-20
Minneapolis, MN
reply to delusion ftl
said by delusion ftl :

It's important for everyone to understand that on the comcasts network ports are blocked by your very own cable modem. The config file clearly states which ports your cable modem is to block and it does so. Comcast only has pretty much one config type and it only blocks a handful of ports that does not include 80 or 21. They also have a config file they will send to your modem that blocks 25 if they feel you've abused the mail.

This means that 99% of the time when someone claims a port is being blocked (that is not in the generic config file) it is not comcast.
This is very good to know. Would you happen to have the list of ports that they do block, however? I'm just interested in why they would block some, but not hit the bigs ones like 80, 21, etc.
I can only assume that they block the ports for customer security, then?


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to Gary13579
said by Gary13579:

Would you happen to have the list of ports that they do block, however? I'm just interested in why they would block some, but not hit the bigs ones like 80, 21, etc.
I can only assume that they block the ports for customer security, then?
»Comcast High Speed Internet FAQ »What ports does Comcast block?
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
»portscan.dcs-net.net
»nature-pics.com