Comcast blocking port 80 or me doing something wrong

M

Mabrito

Supreme [H]ardness
Joined
Dec 24, 2004
Messages
7,004
I have the basic Comcast package for $20 (its 12DL and 3UL) and just wondering if they block port 80 on it? I heard they do in some areas, so just wondering if anyone has anymore insight on this.

Or am I doing something wrong? I have a ESXi box setup and it using the Microsoft Internet Connection Sharing. Basically my desktop is hooked up wirelessly and then I set Internet Connection Sharing on the wireless adapter so I can share it to a Ethernet port on my desktop, then I connect my ESXi box to it. This part works great, I can connect to vSphere and everything. Basically my wireless router to my desktop uses the NAT network address of 192.168.0.0/24 and then Internet Connection Sharing does another NAT and uses the network address of 192.168.137.0/24.

On my wireless router, I told it forward port 80 and 443 to my desktop and then told Internet Connection Sharing to port forward those two ports as well. From my desktop, I can type in the webserver address of 192.168.137.100 and connect to my webpages hosted on it, but when I type in the Comcast address, no luck. I believe everything is setup right, just think Comcast is blocking port 80/443 unless your a business subscriber.

I know its alot of NAT's and that, but its mostly just for testing. I dont plan on doing anything critical or heavy on this webserver where a setup like this would be not good.
 
just forward 443, verizon(frontier) is the same way, so i just use HTTPS and manually specify that when i put in my public IP
 
Your setup started making my head hurt and i stopped reading half way through.

However I can tell you that in the three years I had Comcast before switching to FiOS there were NO ports blocked. Comcast even gave me a dynamic static IP. I say that because while on a regular consume account you are setup to get a dynamic IP. However in three years I always HAD the same exact IP address. It was awesome, no need for dyndns. That is... until i switched to FiOS
 
Here is the summary of what Verizon and Comcast block, at least here in Massachusetts. The following info is for the TCP protocol in the outbound (PC to internet) direction. This data includes testing all 64k (65535) TCP ports.

Verizon FiOS Residential (dynamic IP) - OUTBOUND direction - port 25 blocked. Not entirely sure of all inbound blocked ports, but I'm quite sure TCP 80 is blocked inbound.
Verizon FiOS Business (static IP) - no ports blocked outbound, no ports blocked inbound
Comcast - 135-139, 445, 1723 are all blocked outbound.

As an interesting comparison, here are the TCP ports that Verizon Wireless blocks in the outbound direction: 135, 139, 445, 1023, 1723, 2967, 4444, 5554, 9898

(those ports are blocked for users who have 3G cards like their 3G USB card, or even for users with WiFi 3G hotspots.)

- CruiserX
 
It must depend on your area. I've had Comcast for ages and never recall port:80 being blocked.
 
pwrusr said:
It must depend on your area. I've had Comcast for ages and never recall port:80 being blocked.
Click to expand...

I agree, for awhile a buddy of mine had Fios and swore up and down that port 80 was blocked. He had fios for quite awhile. I guess he never thought to check every so often if they open it. When I got it it was open. I told him about it and it was open for him. I guess keep checking to see if its open.
 
Is there any way besides setting up my own webserver to verify that is blocked on Comcast end in my area?
 
I'm pretty sure, but not positive if you goto canyouseeme.org that when you ask it to scan a port and it fails that there are two different error messages you can get. I think one is connection refused, and the other connection time out. I translate this to a block port being refused, and an open port with no service running on it as timing out.

If you really want to try i suppose you could install utorrent and its webgui and tell it to run on port 80 in the options. Do your port forwarding and try another test on canyouseeme.org

Its possible the problem may lay within your internal network, but I'm not about to try to trouble shoot that. It made me dizzy :D
 
jadams said:
I'm pretty sure, but not positive if you goto canyouseeme.org that when you ask it to scan a port and it fails that there are two different error messages you can get. I think one is connection refused, and the other connection time out. I translate this to a block port being refused, and an open port with no service running on it as timing out.

If you really want to try i suppose you could install utorrent and its webgui and tell it to run on port 80 in the options. Do your port forwarding and try another test on canyouseeme.org

Its possible the problem may lay within your internal network, but I'm not about to try to trouble shoot that. It made me dizzy :D
Click to expand...

Haha its not that bad, I might of described it badly.

Comcast address -> Gets NAT into 192.168.0.0/24 address space (desktop is connected in this space as well) -> The 192.168.0.0/24 gets NAT into 192.168.137.0/24 by Internet Connection Sharing and my ESXi box connects in this address space.

I get a connection timeout when I try port 80.
 
Oh so its a typical setup except you have an ESXi box doublt NAT'd behind some computer running ICS. Gotcha ;)

Try eliminating things. Don't double NAT ESXi. Connect it directly to the wireless router and give it a static IP address. Forward the port on your router to it. Then run the port scan again.
 
I don't doubt that some ISPs block port 80 but I really don't think Comcast is one of them.

I'm on Comcast business which obviously doesn't block any ports but I was on Comcast Residential as of 2 years ago and it wasn't blocked on that either.
 
Lazy_Moron said:
I have the basic Comcast package for $20 (its 12DL and 3UL) and just wondering if they block port 80 on it? I heard they do in some areas, so just wondering if anyone has anymore insight on this.

Or am I doing something wrong? I have a ESXi box setup and it using the Microsoft Internet Connection Sharing. Basically my desktop is hooked up wirelessly and then I set Internet Connection Sharing on the wireless adapter so I can share it to a Ethernet port on my desktop, then I connect my ESXi box to it. This part works great, I can connect to vSphere and everything. Basically my wireless router to my desktop uses the NAT network address of 192.168.0.0/24 and then Internet Connection Sharing does another NAT and uses the network address of 192.168.137.0/24.

On my wireless router, I told it forward port 80 and 443 to my desktop and then told Internet Connection Sharing to port forward those two ports as well. From my desktop, I can type in the webserver address of 192.168.137.100 and connect to my webpages hosted on it, but when I type in the Comcast address, no luck. I believe everything is setup right, just think Comcast is blocking port 80/443 unless your a business subscriber.

I know its alot of NAT's and that, but its mostly just for testing. I dont plan on doing anything critical or heavy on this webserver where a setup like this would be not good.
Click to expand...

See page 17 in the following document:
http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esx_vc_installation_guide.pdf

You would need more than ports 80/443 open/forwarded to use the vsphere client
remotely.

An option is to just open up a port for RDP (3389 by default) and remote to your
desktop and manage your ESXi host from there. Of course if you are using a "home" version OS, this may not work for you. Can look into VPN as well.

ps... I am on Comcast (residential) as well .... no blocked port 80 here
 
When I replied above I forgot to mention how I did the testing.

There is a site called firebind.com that allows you to put in any TCP port or list of TCP ports (you can do all 65535 if you want) and one-by-one your browser will attempt to create a TCP connection to the firebind server on the Internet for each port. Then it will tell you whether it succeeded, or whether the connection failed (either by TCP RESET or TCP TIMEOUT). So if, for example, your pc firewall, your home router, or your ISPs firewall is blocking any port, firebind will be able to tell you. If the port passes, then any other application you use should be able to communicate on that port as well.

You can test up to 100 ports as an anonymous user, or if you register and log in, you can test the whole 64k range. Remember, it's only for the OUTBOUND direction (PC to Internet).

I think their FAQ says they are working on adding UDP support soon.

Here is a sample of testing 100 ports:

http://www.firebind.com/100-199

- CruiserX
 
CruiserX said:
When I replied above I forgot to mention how I did the testing.

There is a site called firebind.com that allows you to put in any TCP port or list of TCP ports (you can do all 65535 if you want) and one-by-one your browser will attempt to create a TCP connection to the firebind server on the Internet for each port. Then it will tell you whether it succeeded, or whether the connection failed (either by TCP RESET or TCP TIMEOUT). So if, for example, your pc firewall, your home router, or your ISPs firewall is blocking any port, firebind will be able to tell you. If the port passes, then any other application you use should be able to communicate on that port as well.

You can test up to 100 ports as an anonymous user, or if you register and log in, you can test the whole 64k range. Remember, it's only for the OUTBOUND direction (PC to Internet).

I think their FAQ says they are working on adding UDP support soon.

Here is a sample of testing 100 ports:

http://www.firebind.com/100-199

- CruiserX
Click to expand...

That tests the outbound though. I want inbound into my webserver.
 
Is your windows firewall on by chance?

re-read your first post(confusing) but i know windows firewall has randomly popped up on me asking me to allow certain programs that I've had running for a month or so.

Can you connect from another computer in the 192.168.0.0/24 space to the ESXI machine?
 
Yeah tonight im going to move the ESXi box where the router is and get rid of the double NAT. Forget with ESXi, as long as the IP address is changed, I can access it with vSphere.
 
You must log in or register to reply here.
Back
Top