Port Forwarding with Comcast Internet
-
Hi all,
so I installed pfsense last weekend, got my wifi and internet working great, love the many features. Then I hit a snag, I have a DVR setup running security cameras which I port forward for external network access. This works great with my ASUS RT-AC68U router which uses their DNS forwarding service and allows me to forward the port that way.
With pfsense I setup the port forwarding and checked canyouseeme.org and it errors out. I also tried my app on my phone using the ip address I have from Comcast, still no joy.
What could the issue be? I have applied settings once the NAT rule is setup and it shows in the Firewall rules page. Could Comcast be blocking direct ip port forwarding? I would think it would be no different than what ASUS DNS service does?
Thoughts? I have searched online but I am not seeing anyone else with this issue, I have looked at a dozen Youtube videos and they all show I am doing everything standard. Is there some undocumented step?
Help!!
Patrick -
Depends on the port being forwarded. If you're on a residential connection Comcast will filter certain ports.
First, check the IP of your DVR. Next make sure your port forward is targeting the correct IP. After that, verify your firewall rule says its allowing access to the IP of the DVR.
If possible, provide some screenshots of your relevant rules to help with assisting you.
Personally I'd recommend against a wide open DVR, as anyone performing scans could find it. (Scans are constantly happening.) If it were me I'd only allow access to that through a VPN. Sorry for the soapbox but I just wanted to make sure you're aware of the risks involved.
-
^^^^
Given that it works with the Asus router, I doubt the problem is caused by Comcast. I agree, however, that a VPN or other secure connection be used. -
"I have a DVR setup running security cameras which I port forward for external network access."
This is a bad idea to be honest. Have you not seen all the news about camera's with backdoors, etc. If you want to view your video stream while away you really should vpn in verses opening up such stuff to the public internet.
I would hope you have it locked down to specific source IPs.
I would verify the traffic is actually hitting your pfsense. It has your public IP on its wan right, your not behind a comcast gateway device that does not. And your only using a modem? I have comcast and have zero issues with port forwarding.
Go to canyouseeme.org and send some test traffic to your tcp ports you have forwarded.. Do you see the traffic on pfsense wan? Simple enough to check with packet capture under diagnostics.
Follow the troubleshooting guide to find out where you went wrong.
https://doc.pfsense.org/index.php/Port_Forward_TroubleshootingPort forwarding with pfsense is really just click click.. Easier and more robust any off the shelf soho router that is for damn sure..
-
So the reason I wanted to use pfsense was exactly that, I want to put my vpn connection on the router. With the ASUS router when I put the VPN on the router my speeds drop to 10mbps vs the 180mbps I normally get with the same software vpn (Nordvpn) .
I will go test again, and see if I can find the issue. I have never had an issue before with port forwarding and I also read the troubleshooting doc which confirms everything I have done. -
"router my speeds drop to 10mbps vs the 180mbps I normally get with the same software vpn (Nordvpn) ."
Huh?? nordvpn is a vpn service which would be for your connection to the internet, not for vpn into your system..
What is your internet speeds down/up? And what is the speeds your connecting to your vpn running on your router from.. Your going to be limited to your update speed, etc. How are you measuring speed?
-
I have Comcast 150/10 , when I use the NordVPN client on a local node I get pretty close to the speeds I get connecting direct. When I setup open vpn on the ASUS router so that everyone on the network can connect online via the vpn, the speed drop to about 10% of the provider speeds.
I have read that regular routers cannot process the vpn fast enough and this causes the slow speeds. So I decided to the pfsense on an i3 2.9ghz machine I had lying around.
I presume from your comments, I don't need a service provider like Nordvpn to vpn directly to a machine? -
no some vpn service out on the internet is not how you would vpn into your network to access stuff while your remote.
-
While it IS possible to set up port forwarding through a VPN and do dynamic DNS to resolve a domain that you know to target, it would be cheaper and easier if you just setup openvpn on your pfsense box as a server instead of as a client. If you're using nordvpn for other reasons such as privacy, that's a different setup entirely.
