dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5245

VegasMan
Living the Vegas life.
Premium Member
join:2002-11-17
Las Vegas, NV

VegasMan

Premium Member

Port 443 block?

Is port 443 blocked or not by ATT on Uverse? I have Googled it and found both yes and no.
I know on regular DSL it wasn't.

Milwaukee PT

Anon

Port 443 is used by the Uverse WAP to provide signal to wireless receivers.
So in essence if have wireless receivers for Uverse IPTV then port is not accessible to other devices.
If have internet only or all hardwired receivers then port 443 should be available to my knowledge.

VegasMan
Living the Vegas life.
Premium Member
join:2002-11-17
Las Vegas, NV
·CenturyLink

VegasMan

Premium Member

Internet and Phone only is what I have. But for some reason I am unable to get to my server even though I can still get to my security system which obviously uses a different port but is forwarded just the same.
I have a 5031 modem.
I just upgraded my server software today and it allows me to change default ports so I guess I'll do that.

Thanks

mojorhino
join:2007-09-24
Bartlesville, OK

4 edits

mojorhino

Member

We have problems with remotely accessing devices via port 443 behind U-Verse modems on accounts that use TV service also. We do not have issues accessing these same devices when there is no U-Verse TV servcie in use. I don't think that port 443 is actually blocked more likely traffic to port 443 is being used by or rather redirected by the modem to the U-Verse Set top boxes.

I found a link on the AT&T forums that kinda says this in a roundabout way but cant find it at the moment. If I do I will post it here.

Edit: This was it
»forums.att.com/t5/Featur ··· /3365983
You have to read pretty far into the replies to get real info if I remember correctly.

We have found that ordering static IP's eliminates the problem (or at least our problems)
benk016
join:2011-06-05
Owasso, OK

benk016 to VegasMan

Member

to VegasMan
As soon as you connect their WAP for the wireless gateways it seems to make a automatic rule in the firewall to forward all 443 traffic to that device. So you might check in your firewall to make sure that the modem didn't enable that rule on its own for some reason.

Other than that A set of static IP's would solve your issue like Mojorhino said.

VegasMan
Living the Vegas life.
Premium Member
join:2002-11-17
Las Vegas, NV

VegasMan

Premium Member

How does a set of IP's fix my problem? wouldn't port 443 still be blocked on the modem?
How much does a block cost?

ILpt4U
Premium Member
join:2006-11-12
Saint Louis, MO
ARRIS TM822
Asus RT-N66

ILpt4U

Premium Member

You get 8 more public IPs/5 of which you can use, all with their own sets of ports, in addition to the modem's current one dynamic public IP address

If port 443 is being blocked/redirected going to/from (fictional and not possible) IP address 321.32.45.215, then its not getting to the NAT'd device you want it to get to

One solution to this problem: Have more than one Public IP address, and then that first IP is getting the port 443 traffic for that IP, but now you have 5 more public IPs: 321.32.45.217-221, and each one of those has a full slate of open ports. So port 443 on ip ending in .218 is different than port 443 on ip ending in .215

I believe a block of 8 additional Static Public IPs is an additional $15/month more. Blocks up to 256 addresses are available, at increasing prices. In a block of 8, 5 of the Public addresses are publicly useable for your devices

VegasMan
Living the Vegas life.
Premium Member
join:2002-11-17
Las Vegas, NV

VegasMan

Premium Member

OK got it. Makes sense now.

Now explain why I get 8 and can only use 5.
dave006
join:1999-12-26
Boca Raton, FL

dave006

Member

Three ports in each block are assigned roles for the subnet:

Network block start
Network router gateway
Network broadcast address for the subnet

Leaving 5 available for you to assign to your devices

Dave

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer to VegasMan

Premium Member

to VegasMan
said by VegasMan:

OK got it. Makes sense now.

Now explain why I get 8 and can only use 5.

The 8/5 IP block is a /29 CIDR block. Here is a sample breakdown of how the 8 IP addresses are typically used:

XX.YY.ZZ.A0 = Network address (not directly useable by the customer)
XX.YY.ZZ.A1 = Host address 1 (useable by the customer)
XX.YY.ZZ.A2 = Host address 2 (useable by the customer)
XX.YY.ZZ.A3 = Host address 3 (useable by the customer)
XX.YY.ZZ.A4 = Host address 4 (useable by the customer)
XX.YY.ZZ.A5 = Host address 5 (useable by the customer)
XX.YY.ZZ.A6 = Gateway address (used by the ISP's router)
XX.YY.ZZ.A7 = Broadcast address (not directly useable by the customer)

The devices using the available "Host n" static IP addresses would typically have that IP address statically assigned, use a subnet mask of 255.255.255.248, and use the XX.YY.ZZ.A6 address as the default gateway.

And technically you can actually use six of the eight IP addresses if you also use private IP addresses and NAT behind the ISP's router.

VegasMan
Living the Vegas life.
Premium Member
join:2002-11-17
Las Vegas, NV

VegasMan

Premium Member

OK. I'll end it at that can of worms.
Thanks guys
VegasMan

VegasMan

Premium Member

Well I found a very easy fix for my problem.
I am running Server 2012 r2 behind a Pace 5031 and a TP-Link archer C9.

I was trying to open port 443 using my own rule on the Pace and then have the C9 route that to my server but it kept failing saying 443 was blocked when I ran Anywhere Access on 2012.

If I had just paid attention I would have noticed on the Pace there was an option for HTTPS Server. After I selected that and added it to the forwards and pinholes now 2012 sets up just fine and works. The server set up my router and everything using upnp.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer

Premium Member

said by VegasMan:

Well I found a very easy fix for my problem.
I am running Server 2012 r2 behind a Pace 5031 and a TP-Link archer C9.

I was trying to open port 443 using my own rule on the Pace and then have the C9 route that to my server but it kept failing saying 443 was blocked when I ran Anywhere Access on 2012.

If I had just paid attention I would have noticed on the Pace there was an option for HTTPS Server. After I selected that and added it to the forwards and pinholes now 2012 sets up just fine and works. The server set up my router and everything using upnp.

I can remember running into a similar problem with an FTP server when doing cascaded NAT through a Motorola/Netopia 2210 DSL router and a Cisco RV082 router. I was manually forwarding the needed ports in the 2210 modem/router to the RV082 (and I also tried putting the RV082's WAN into the 2210's DMZ), but it didn't work properly until I selected the FTP server from the applications menu instead of doing the manual forwarding/DMZ. Had I known that you were doing cascaded NAT, I might have remembered that. Glad you figured it out before you wasted the money on an otherwise unneeded static IP block.