[Gern]

I have had vnc and other tcp ports working thru my netgear router for a couple of years now. The other day they stopped working. I cannot access my computer via vnc remotely, but I can locally via the 192.168.*.* address. My sling box port forwarding seems to still be working. I am wondering if maybe comcast has blocked some ports? Or is my router starting to fail? I need a tool that can be used to test if tcp port forwarding is working.

help?

ps - I have set up the port forwarding in my netgear, and it had been working for years.

[Simon]

Have you tried telnet to a specific port? For example to see if ssh (port 22) is being forwarded you do
telnet my.remote.mac.com 22

[imitchellg5]

You can use a site similar to this one to check if it's working successfully.

[Snow-i]

The only port Comcast blocks is 25, and thats if they detect inordinate amounts of emails coming from your modem over that port. If they need to block more than port 25 (such as backup SMTP ports), they effectively take your modem offline for all traffic until whatever abuse/usage situation is rectified by putting a bootfile on your modem that doesn't allow any connection. You would also get emails notifying you of this, and in severe cases calls from the abuse team.

I find both of these scenarios unlikely given what you've described. Its going to be router or end-user configuration related.

[besson3c]

Originally Posted by Snow-i 

The only port Comcast blocks is 25, and thats if they detect inordinate amounts of emails coming from your modem over that port. If they need to block more than port 25 (such as backup SMTP ports), they effectively take your modem offline for all traffic until whatever abuse/usage situation is rectified by putting a bootfile on your modem that doesn't allow any connection. You would also get emails notifying you of this, and in severe cases calls from the abuse team.

I find both of these scenarios unlikely given what you've described. Its going to be router or end-user configuration related.

If they did block 25 it's probably outbound, not inbound.

Simon's telnet test is exactly what you need to ascertain whether your ports are being forwarded. He smart.

[Simon]

Originally Posted by besson3c 

He smart.

</blushes>

[Snow-i]

They would block both in and outbound, however 25 is mainly used as outbound for smtp.

[besson3c]

I don't know why ISPs just assume that any malicious viruses/spyware type stuff would run on port 25, it is trivial to run a SMTP server on another port, and these scripts are setup to be spam cannons that don't really care about responding to requests that would be requested on the traditional port 25.

[Snow-i]

Originally Posted by besson3c 

I don't know why ISPs just assume that any malicious viruses/spyware type stuff would run on port 25, it is trivial to run a SMTP server on another port, and these scripts are setup to be spam cannons that don't really care about responding to requests that would be requested on the traditional port 25.

Comcast encourages you to switch to backup ports when they block your port 25 and to call if you have issues doing so. They aren't trying to keep you from sending messages, but instead the malicious software which you picked up. The vast majority of these malwares use the default port of 25 to propogate their spam. Of course, this solution doesn't cover all spam but as an automated process works pretty well. If they find that within a certain time period (usually 2 weeks) large amounts of spam is still coming from your modem on other ports, they shut you down altogether and get a live abuse agent involved to solve the problem so that your downtime is, if you are responsive, a matter of hours. Again, in this case they aren't trying to deny you service but instead help you fix the problem that affects millions of their users, and, if it were not in place at all, you.

I have severe contempt for Comcast in many regards, but to be fair in these cases Comcast is more than reasonable.