Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    TiVo Says Port 8080 Closed. Tools to Check?

    General pfSense Questions
    3
    12
    1398
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • beremonavabi
      beremonavabi last edited by

      For the last couple of months, I've been running my TiVo without problem through AirVPN on my SG-4860.  Yesterday, the TiVo started complaining it was running out of Guide data.  When I checked, it hadn't been able to connect successfully for a while.  It now thinks port 8080 is being blocked.  I pulled the TiVo out from using the VPN and it has no problem.  Putting it back through the VPN causes it to again complain about port 8080 is being blocked and it won't connect.  My pfSense box is set to not block any outgoing stuff.  Ditto for traffic on the local network.  According to:

      http://www.cox.com/residential/support/internet/article.cox?articleId={cacf82f0-6407-11df-ccef-000000000000}

      Cox (my ISP) doesn't block port 8080.  And, according to:

      https://support.tivo.com/articles/Troubleshooting/Which-Network-Ports-and-IP-Addresses-Need-to-be-Open-When-Using-my-TiVo-DVR

      the TiVo needs no open incoming ports.  Also, it doesn't complain about any of the other ports that need to be open for outgoing traffic (or within the local network) as being closed.

      Are there any tools (hopefully, those a newb can use) I can use to try to see if something is blocking port 8080 on my network?  I've attached a screenshot of my firewall rules for the interface the TiVo (and, basically, everything else) is on.
      ![20170621 -- pfSense Firewall Rules VPN_LAN.PNG](/public/imported_attachments/1/20170621 – pfSense Firewall Rules VPN_LAN.PNG)
      ![20170621 -- pfSense Firewall Rules VPN_LAN.PNG_thumb](/public/imported_attachments/1/20170621 -- pfSense Firewall Rules VPN_LAN.PNG_thumb)

      SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        If it is being routed out the VPN, Cox has nothing to do with it.

        Look at states on 8080 while you try to connect.

        Maybe packet capture on OpenVPN on port 8080 while you try to connect and see what is there.

        Maybe set something up on the outside to listen on 8080 and try to connect to it.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • beremonavabi
          beremonavabi last edited by

          Good idea to check the state table.  I'd checked the logs, but there's nothing.  Here's what shows up in the state table during a connection attempt:

          States
          Interface	Protocol	Source (Original Source) -> Destination (Original Destination)	State	Packets	Bytes	
          VPN_LAN	tcp	192.168.20.6:60422 -> 208.73.181.202:8080	TIME_WAIT:TIME_WAIT	1 / 1	60 B / 40 B	
          VPN2_WAN	tcp	10.8.0.214:55750 (192.168.20.6:60422) -> 208.73.181.202:8080	TIME_WAIT:TIME_WAIT	1 / 1	60 B / 40 B	
          

          192.168.20.6 is my TiVo
          208.73.181.202 is on the list of TiVo's servers
          10.8.0.214 is that VPN WAN interface's address

          So, it looks like the traffic is at least leaving my system.  I'll try to figure out something with a packet capture.

          SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

          1 Reply Last reply Reply Quote 0
          • beremonavabi
            beremonavabi last edited by

            Here's a packet capture for port 8080 on that OpenVPN client:

            17:35:15.115962 IP 10.8.0.214.30048 > 208.73.181.202.8080: tcp 0
            17:35:15.129437 IP 208.73.181.202.8080 > 10.8.0.214.30048: tcp 0
            
            

            And, here's one for the TiVo's IP address and port 8080 on the local VPN interface:

            17:40:51.048594 IP 192.168.20.6.60503 > 208.73.181.202.8080: tcp 0
            17:40:51.063299 IP 208.73.181.202.8080 > 192.168.20.6.60503: tcp 0
            
            

            And, just for grins, here's one for the TiVo's IP address and port 8080 on the local VPN interface while the TiVo's doing its port diagnostics and saying port 8080 is closed:

            18:06:24.626166 IP 192.168.20.6.60600 > 208.73.181.202.8080: tcp 0
            18:06:24.642865 IP 208.73.181.202.8080 > 192.168.20.6.60600: tcp 0
            
            

            I'm 99.99% clueless, but to me, that looks like during the diagnostics, port 8080 is working fine and during a download something went there and back again involving port 8080.  I guess that means this isn't related to pfSense at all.  Heck, it doesn't even look like it's related to the VPN.

            SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              That looks like good two-way traffic - at least from something.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • beremonavabi
                beremonavabi last edited by

                Anyone know what the time codes in those packet captures mean?  The first three parts are obviously hours, minutes, and seconds.  But, is the last part millionths of a second?

                SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  Yeah, 6 decimal places is milliseconds.

                  Chattanooga, Tennessee, USA
                  The pfSense Book is free of charge!
                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • beremonavabi
                    beremonavabi last edited by

                    Thanks.  I couldn't find anything saying that that final clump of numbers was some kind of fractional second or something else entirely.

                    BTW:  10^(-6) seconds is actually microseconds:

                    https://en.wikipedia.org/wiki/Microsecond

                    A millisecond is a thousandth of a second.

                    SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      right

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        If I had to guess, I'd say TiVo is blocking access from the VPN provider.

                        Especially if it works fine from your regular network.

                        Mine don't seem to do anything fancy with the traffic that leaves my network, nothing I'd expect to break that way at least. But they are a bit strict with region stuff so it would not surprise me to hear they block known VPN/Proxy providers.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • beremonavabi
                          beremonavabi last edited by

                          I, too, am guessing TiVo has somehow started blocking access via VPN.  I've reported this on the TiVoCommunity forum:

                          http://www.tivocommunity.com/community/index.php?threads/tivo-bolt-thinks-port-8080-closed.551422/#post-11242891

                          and to TiVo (corporation), itself.  But, so far, nothing.  It's just odd that the sole check that's (supposedly) failing is the one for port 8080 instead of something more general.

                          I've worked around it by simply adding a firewall rule to have all traffic coming from my TiVo go through the WAN instead of the VPN interface.  That's not really what I want to do, but it works.

                          SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

                          1 Reply Last reply Reply Quote 0
                          • Derelict
                            Derelict LAYER 8 Netgate last edited by

                            I was forcing a tivo through an OpenVPN that egresses from AWS Oregon until about a week ago and it worked fine for geo-shifting MLB.Tv. Probably just a matter of time. (Don't have the tivo any more.)

                            Didn't try any other streaming services and tivo updates seemed to be fine.

                            Hard for me to fathom why tivo would care where you get updates from. The streaming apps all have their own enforcement methods I would think.

                            You could tailor the rule to only put traffic sourced from the tivo and destined for port 8080 out WAN.

                            Chattanooga, Tennessee, USA
                            The pfSense Book is free of charge!
                            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post