According to the docs port 80 is not blocked on Xfinity.
But I just asked the Xfinity Assistant (AI help) and it said that port 80 IS blocked on Xfinity!
Why didn't port forwarding work when I changed the port to 31011 rather 80?. I've also tried replacing port 31011 with 8080 with the same results.
Computer outside the network URL entered:
73.192.XXX.XX:31011 (73.192.XXX.XX is the public IP)
73.192.XXX.XX:8080
Result
"The connection has timed out" page shown on the outside the network computer.
I also came up with the idea that maybe the Linux Apache server was the problem so I played around a little with adding to the iptables... No joy
iptables -A FORWARD -i wlan0 -j ACCEPT # set forward to WiFi card wlan0
iptables -A FORWARD -o wlan0 -j ACCEPT # set forward to WiFi card wlan0
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
So another interesting thing I just noticed. I am not longer able to get to the router login Admin Page from the outside computer using the public IP (which hasn't changed).
I guess the scary message from the Open Ports on Router page is the information box. Which made me think you needed entries here as well.
"For security reasons, the services that you install on the device are only opened to its LAN network. If you want them to be accessible from the WAN network, you need to open ports for these services on the WAN."
I'm not using an Xfinity modem just my own personal cable modem (Arris SurfBoard Model: S33). It is a cable modem only so no firewall or port forwarding settings in it. Simply a pass through device.
Port forwarding does not need open Ports on the router, however if you want to make your login page available from WAN (which is highly not recommend!) you need to enable it using Enable remote controlSecurity - GL.iNet Router Docs 4
I'm not sure there is no CGNAT. I just followed bruce's link and found another one to double check. Both of these tests show no CGNAT. Do you have a 3rd way I might be able to triple check?
Thank you for the post! Both of the GL.iNet routers (MT6000/Flint2 & AXT18000/Slate AX) I tested are running the 4.6.8 release 1 firmware. I was just thinking I need to run a test with another router brand!
Ive been switching back and forth between two firmwares for over a week and keep finding various discrepancies. And in my case, I have to chose between what I want and what I need. If I want options A B C, I have to use older firmware, if I want to use options X Y Z I have to use newer firmware, even though newer firmware should also have A B C options working or other way around.
Sadly no, port forward is still not working with my old router either. Same issue. All connections from the outside computer (WAN) are getting blocked.
Denisimo: Where are you located? I'm in Jacksonville, FL. It is possible Xfinity/Comcast has different setups in different areas? Someone on the Xfinity Community Forum just posted they have CG-NAT with Xfinity. I haven't found out where they are located yet.
admon: If Xfinity/Comcast is NOT using CGNAT in my area is it possible that there might be some-kind of double NAT situation? Where Xfinity has another router somewhere upstream of my connection that is blocking port forwarding to my public IP?
I wasn't willing to downgrade my MT6000/Flint2 and lose all my settings, so I turned it off. I did connect and downgrade my GL-AXT1800/Slate AX to version 4.6.4. There was not a version 4.6.6 for the AXT1800 that I saw. https://dl.gl-inet.com/router/axt1800/stable
My port forwarding behavior remains the same. Again I was able to connect to my Apache server from inside my network using my public-ip, so port forwarding on the router(s) is working. But, no connections from outside the network (WAN) using the public-ip or public-ip:8080 ports (socket address) work.
All ports remain closed from the LAN & WAN. I used the below link on to test computers both inside my network and a computer outside my network.
