port forwarding on newer routers does not work

Similarly, the reverse problem problem occurs without the ability to map incoming  to outgoing port.  Same issue, in reverse.

For example, using an obscure incoming port to some internal standard port, like this:

Finally, with only one external WAN IP,  it may be desirable to be able to map more than one instance of the *same service* to more than one internal server eg:

<WAN IP>:22  to        10.0.0.15:2000

<WAN IP>:22001  to  10.0.0.25:2000

<WAN IP>:22002  to  10.0.0.35:2000

<WAN IP>:22003  to  10.0.0.45:2003

<WAN IP>:22004  to  10.0.0.45:2004

<WAN IP>:22005  to  10.0.0.45:2005

Comcast technician came by today.  We tried two of the mid-line modems, one was totally flaky, the other less-so.  NEITHER can do port forwarding of any kind—error messages with the most rudimentary configuration.

Then we installed the high-end modem.  It actually 'took' on the configuration and worked properly. Then less than one hour later, it crapped out: port forwarding stopped working, and any attempt to edit or redo configuration was met with error message after error message.

This is NOT an "internal network issue" (the Comcast stock line).   It is BROKEN MODEM FIRMARE.

With 1 of 3 routers (the high-end gigabit one), we finally go configuration to work and port mapping to function.  That lasted less than one hour before it crapped out and would never work again.  This is what it looked like when it worked for that brief time.

Once it crapped out, everything was hopeless. Rebooting the router did no good.   

Deleting port mapping entries works, but adding them back in results in errors every time:

- edit always fails with an error

- adding fails with an error

- changes fail with an error.

Example:

The only modem that works properly is the Comcast Netgear one, which Comcast has *discontinued*, and is actively eliminating at customer sites (according to a Comcast technician).

I have 3 years of trying and retrying Comcast modems. All fail to work properly for port forwarding, usually starting with outright failures for the most basic configuration.  

The result is that the Comcast Technicolor modems are USELESS for port forwarding, making a secure server setup impossible.  

It has NOTHING to do with network configuration at the user end and EVERYTHING to do with modem firmware that does not work for port forwarding.

No one at Comcast has ever taken responsibility and even offered to look into the bugs, let alone fix them.

Our router received an upgrade last night and now the port forwarding is broken (after working for years) and I get the same "failed to edit" when trying to add some new test ports.

Yikes!  Which router is it?  This is the Netgear model I am using  I am using the Netgear CG3000DCR.

I think we too received an update on July 9 which broke port forwarding. On the advice of a Comcast tech, we changed the DHCP range to include the IP addresses of the servers we were mapping (even though they are static IPs) and that works. But, IMHO it's still broken/wrong. I should not have to do this.

I'm responding to 

https://forums.businesshelp.comcast.com/conversations/equipment-modemsgateways/port-forwarding-on-newer-routers-does-not-work/60db72853aae1c503595e710?commentId=60e8ee5688715379966d879b#:~:text=5%20days%20ago-,Permalink,-Our%20router%20received

@fred_ross_perry I figured out the DHCP fix on monday night and reported it yesterday morning.  It's great if they shared that with the techs and made it available to you.  (At least I think they shared my stuff with you, If they already knew the fix and didn't share it with me, that would be worse.)  But I fully agree that normally you port forward to internal LAN addresses that are fixed and outside the DHCP range and that that change to the software was either a bug or a very bad design decision.  I have not yet heard back on whether they will undo this change.

It was very difficult to convince Comcast that this was not my fault, and they basically refused to stand behind the port forwarding feature at all, "If it works it works, if not, then too bad, we made a business decision not to support this" is what I was told.

I'm glad you were able to get going!!

@photo145 I am using the Cisco DPC3941B.  But it looks like Comcast uses similar software on some of the different models, which would make sense for them in terms of making support easier.

@jdunham I am pretty sure we have the same one (Cisco DPC3941B).

I have the same issue on 2 Comcast business routers at 2 sites.  Since we do not use the router DHCP, and use fixed IP addresses, port forwarding stopped working on both routers some time in July 2021, within a day or two of each other. After spending 90 minutes with a level 1 tech yesterday, we together discovered the DHCP workaround by accident (meaning, that you can only add port forwarding to a local IP address which is a current or previous IP in your router address pool.) The system seems to not care whether DHCP is active or inactive on the router - the last defined address pool represents the only IPs you can use to port forward. 

Things started working again after adding an IP/port in the address pool, and changing the IP of the target machine in the LAN to match. (EDIT: I suppose the alternate strategy is to add every IP to the DHCP address pool, and then re-disable DHCP). 

A level 2 tech named John responded today to the escalated trouble ticket this afternoon by leaving me a VM stating "Oh, looks like you have it working, so call your local IT specialist if you have further problems". 

Yeah . . . thanks John.  Big help.

I'm seeing a pattern here. :)  I discovered on Friday that my port forwarding was no longer working.  Attempts to add new forwarding results in an error like others have reported here.  My gateway is the more complex unit that's got 8 1G PoE ethernet ports on it. (I don't recall the model #).  I've got an open ticket with support (opened on Friday), but as yet have had not received a response.  I'm hoping to hear something on Monday.

tnx.

g.

Had Tier 2 tell me "port forwarding is only for the internal network." On chat the other day actually referenced the RFC, might as well have been talking Greek or Russian. Completely unacceptable, & have been pursuing this issue for more than a year on & off.