dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5745
share rss forum feed

NinjaAction

join:2007-09-26
Calgary, AB

Shaw Blocking ports now?

Just noticed my FTP server P21 was no longer responding.....changed to another port and it works. Are they blocking ports now? If so I Wonder which other ports?

Doonz

join:2010-11-27
Beaumont, AB
said by NinjaAction:

Just noticed my FTP server P21 was no longer responding.....changed to another port and it works. Are they blocking ports now? If so I Wonder which other ports?

I wonder why you break the TOS/AUP so willingly?

The residential Shaw Services are designed for personal Internet use. You may not use the residential Shaw Services for commercial purposes. You may not run a server in connection with the Shaw Services nor may you provide network services to others via the Shaw Services. Examples of prohibited servers and services include but are not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive forums. Some business services may be exempt from these limitations.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to NinjaAction
When I get home I'll do some testing.

-Posted from my phone.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
Shaw has been blocking ports on residential services for years. There's a list of current ports blocked somewhere. I suggest you look around this forum, they are here somewhere.

Like other stated, get a business connection if you want to run your own services. Kevin and myself both have biz internet and love it. The price is very reasonable as well, plus who doesn't love static IP's?

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
The only port that has been blocked (up until now if this is true) has been TCP 25 outgoing.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
I thought there was a couple of the major ones. Port 80 should be, as well as 25 if you ask me. If someone wants to do hosting, get a biz plan, they are very similar price as a residential. It's extremely easy to make it legal

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
No, just 25, which was done, to cut down on the SPAM sent from the Shaw network, at one point, Shaw was the worst offender in Canada.

I remember when it started to be blocked too, business accounts were not notified of the changes.

This could be why in the last couple years, most SBM plans started to include the static IP in the plan, rather than even the first static costing more, most business accounts should now have at least one.

I'm still installing a test box, can run a few web servers on to test from the DHCP addresses.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
Virtual machines work good for this

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
That was my thought too

My XP iso only has sp2, so installing SP3 now,

Was thinking MailEnable with IIS (tests 25 and 80) and FTP
Any others you suggest confirming?
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
I used to use Mailenable until I switched to an AD/Exchange, and it didn't work on residential for sure 100%. There's ways to make it work, but in my mind it isn't worth the hassle. You need a NAS my friend, with all the standard iso's handy.....

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

2 edits
I do have them all handy, just not all with the latest service packs My XP 9-in-1 disk works very well, but its only SP2,

Anyways

s010600155db36009.cg.shawcable.net

3389 works incoming, 21 22 25 53 80 443 do not.

Any others I should test? 22 surprised me.

But this very much changes things for us as well, up until now, I was 'allowed' to run servers on all my IP addresses, because servers are allowed on business accounts, but now I can only run servers on static IPs, because the incoming ports are blocked.

EDIT:: All the ports work, I forgot to disable the Windows Firewall, none are blocked, except the standard outgoing 25

--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
I thought it had been like that for a while now? It's the main reason I switched to biz internet. I wish I had switched sooner had I known how easy it was, and financially feasible it was.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Sorry rusty, I forgot about the Windows Firewall,

telnet is the easiest way to test, I added all ports to either the HTTP service or the FTP service, they call connect
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
Regardless, the OP should look at a biz plan if he wants to run any sort of service without issues. There really is no negatives to the switch.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Agreed, if you have Residental TV and internet, it is likely cheaper,

If you just have Internet, it is a little bit more, but in my opinion and experience, well worth it.

@NinjaAction I'll leave this 'server' going until sometime tomorrow so you can verify the ports are open as well.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.

NinjaAction

join:2007-09-26
Calgary, AB

1 edit
reply to Doonz
said by Doonz:

I wonder why you break the TOS/AUP so willingly?

The residential Shaw Services are designed for personal Internet use. You may not use the residential Shaw Services for commercial purposes. You may not run a server in connection with the Shaw Services nor may you provide network services to others via the Shaw Services. Examples of prohibited servers and services include but are not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive forums. Some business services may be exempt from these limitations.

Holy smokes i wasn't looking for a refresher on the terms of service thanks. I know all about them, was just making a simple observation and figured i check to see if everyone has noticed this yet.

I'm on BB250 and i'm the only one using the connection, i transfer about 3-500 gigs a month. I dont foresee any calls from the Shaw folks regarding TOS anytime soon, FTP server or not.

Thanks kevinds for your observations, yeah i still have 3389 incoming working as well, which is nice. I really dont care that p21 is blocked now, i just map a different port in my nat settings and its all good.

I only use ftp for myself and my own personal use as a conveniance. Surly i can remember one port for ftp when i need to.

My Slingboxes are also unaffected so no i wont be switching to a business plan anytime soon. I'll keep my 15mb upload for $110 and continue to get my full HD on slingboxes rather than pay $349 on the business 250.

But thx for the suggestions, i have Business 50 connection in the office and it is fantastic i agree. Just recently put in 2 qnap nas's one at the office one at home. Backups just fly in both directions. got tired of paying for a pricey unlimeted online backup service so i went this route and havent looked back


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
Netapp SAN's rsync between two locations. NAS's are too slow anymore, unless it's strictly for tons of storage only.

Doonz

join:2010-11-27
Beaumont, AB
reply to NinjaAction
said by NinjaAction:

said by Doonz:

I wonder why you break the TOS/AUP so willingly?

The residential Shaw Services are designed for personal Internet use. You may not use the residential Shaw Services for commercial purposes. You may not run a server in connection with the Shaw Services nor may you provide network services to others via the Shaw Services. Examples of prohibited servers and services include but are not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive forums. Some business services may be exempt from these limitations.

Holy smokes i wasn't looking for a refresher on the terms of service thanks.

Sorry that wasn't my intention. I was just highlighting the fact that if shaw di go to the blocking of those ports they're well within their rights to do so.

NinjaAction

join:2007-09-26
Calgary, AB
reply to rustydusty
Yeah i'm also using rsync on my qnap nas's, works great using block level backup.
I run 4 vms in the office and they backup each night using rsync while they are online. Only takes about 4 hours too, most of that time is spent calculating differences in the vmdk files rather than actually transfering data.

Not sure why you say nas's are slow, i find the qnap more than fast enough for my small setup....using 802.11ad port trunking i got almost 200mb transfer across the network, although i disabled that and decided to use one port directly connected to my vmware box and the other port for everything else.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to NinjaAction
But from my testing, TCP Port 21 is not blocked by Shaw.

NinjaAction

join:2007-09-26
Calgary, AB
said by kevinds:

But from my testing, TCP Port 21 is not blocked by Shaw.

Missed your edit, sorry. Silly question but did you say you were on business 50? I assume were you testing from a 2nd residendial connection huh?


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
SAN's use either SSD's or 15K SAS and 10K SATA rarely, unless budget is getting tight, not 7200-10k SATA like every NAS on the planet. A NAS is designed for large amounts of storage, not speed or IO's. You will figure this out when you get into a full VDI enviroment.

www.whiptail.com




rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
Slowing moving the entire user base of 120 from a standard workstation enviroment to a full VDI. Having issues with thinapp of some programs, but making progress. Here's a teaser of our main VDI machine. About 25 other virtual machines across 2 other boxes. You got 4 VM's? That's childs play


NinjaAction

join:2007-09-26
Calgary, AB
said by rustydusty:

That's childs play

LOL exactly, and thats why i have a 2000$ qnap and not a true 30k+ SAN.

The qnap is doing a great job so far for my needs in the office. I don't work in the IT world for any large corperations so i dont forsee me moving into anything crazy like you have there.

I work in the Automation and critical control in the oil and gas sector. Rarely will we deploy anything on that scale, we do however have some critical servers out there albeit small which run Citrix Zenserver with Marathon Lock Step technology. We have 2 small sans on that girl. I like the vmware stuff better tho.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
250,000 IO's is a bit much for even a VDI, but we even have a MySQL database on it now, and it doesn't even show up on graphs. The whiptail is extreme high end data center quality hardware, but we didn't want any issues. It is now loaded with SSD's, where as it was only half full in the picture. Anyways, I love my job!

NinjaAction

join:2007-09-26
Calgary, AB
I'll bet, I Lol'd at the amount of ram on that system you got:)

Back on topic, P21 is still not working for me, all i've done is rebooted everything and made sure no firewalls are running, also recreated the port forward entry in my router. Still no worky worky.

Probably something on my end tho, i'll troubleshoot more later......its the weekend and family duty calls.


rustydusty

join:2009-09-29
Red Deer, AB
reply to NinjaAction
Yeah, it's full of memory now. The other 3 esxi boxes have around 60-80GB memory. Almost a full rack of equipment now. What router are you using? Just the Shaw Cisco/SMC? I've heard nothing but problems with port forwarding on Shaw's latest devices. Maybe a firmware update has messed up port forward on the devices.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to NinjaAction
Actually DHCP address instead of static.

The DHCP addresses have the restrictions, the statics don't. Currently outgoing port 25 works from my static, but not from this test machine's DHCP address.

Disabling the shaping is done at the modem, everything else is done with ACL's at the router, so it depends on your IP address - the DHCP address pool has the outgoing 25 block, the static addresses do not.

1. Try bypassing your router completely
2. Try 'telnet 127.0.0.1 21' from the FTP server

--
Yes, I am not employed and looking for IT work. Have passport, will travel.

stolen

join:2004-04-12
Calgary, AB
kudos:2
reply to NinjaAction
They are blocking some ports, but not 21/22. They are also not blocking *incoming* 25, only outgoing 25.

here's a scan of my open ports remotely:

PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
554/tcp filtered rtsp
5050/tcp open mmcc
6112/tcp filtered dtspc
8080/tcp filtered http-proxy
8081/tcp open blackice-icecap
9090/tcp open zeus-admin
16959/tcp filtered subseven


and a comparison of local scan of the same machine:

PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
5050/tcp open mmcc
8080/tcp open http-proxy
8081/tcp open blackice-icecap
9090/tcp open zeus-admin

Which suggests that they are blocking incoming 554, 6112, 8080 and 16959. (these could also be from the firewall/network on the side that I don't have control over)

outgoing, I only see port 25 blocked.

This is on a residential BB50 package.

NinjaAction

join:2007-09-26
Calgary, AB
Anyways sorry guys.....my ports are not blocked. The nat table in my router was corrupt or something.....POS Netgear running dd-wrt.....had to reflash dd-wrt to get it to work, not even a 30-30-30 reset would do it.