Port Forwarding with router behind comcast supplied gateway

In general, yes you'll want to have your COmcast gateway in "true bridge mode", which makes it act like a standard cable modem. To check whether it's properly bridged, look on your Netgear router at the "WAN address". If the numbers look something like "10.1.10.10", (or 10.1.10.x, where x is 2-254) then the Comcast gateway is NOT in bridge mode.

As well, are you trying to forward port 500 to an internal machine on your LAN? If so, make sure that on the port forwarding page, the port number is 500 (you may see 2 options for an "external" and "internal" port, if you do then set them both to 500), and make sure the IP address listed in the port forwarding rule truly does match whatever machine's IP address on your LAN that your trying to forward traffic to.

BTW, port 500 (at least with the UDP protocol) happens to be normally used for IPsec VPNs; is this what you're trying to do? If so, you'll need to make sure that "IPsec Pass-Through)" is enabled on the Netgear as well.

---

@tmittelstaedt wrote:

It is also kind of pointless to do any port forwarding when you don't have a static IP address, as your router IP is going to be changing periodically and whatever on the Internet is supposed to be accessing whatever it is you want to have accessed won't know what the new IP is.

---

Nah, i run numerous IPsec VPN endpoints on dynamic addresses. Most modern IPsec clients support contacting the other endpoints via DNS, and this combined with a dynamic DNS-capable registrar solves this quite well. In my experience Comcast  changes customer dynamic v4 addys very infrequently (ive kept the same addresses for years at a time)

Hi-

Thanks guys for the replies. Much apprciated as this is really killing me. Let me go into a little more depth to make this easier. 

I'm running a Mac server and want to be able to use the VPN functionality. I used to have an apple airport and all port forwarding rules, etc were turned on with one click. Anyway here's my setup: 

Mac server at ip address: 192.168.1.5 (static ip)

Netgear R6300 on same ip range 192.168.1.1

Comcast Gateway in full bridge mode (I made sure that netgear is getting a public routable ip address)

Question on this though: The comcast gateway shows a different wan ip then the netgear not sure if that means anything? 

Anyway i need to forward a bunch of ports but none of them seem to be open when i check on different sites (i.e. canyouseeme.org it says connection refused).

I googled more about ip sec pass through and most people said with the r6300 if you click respond to ping on internet port that should take care of that. 

Not sure what else I'm doing wrong here? Any ideas guys? 

Well, as tmittlestaedt said implementing an IPsec VPN behind a firewall can be tricky, particularly on such a consumer-level device as your Netgear R6300.  As stated, an SSL-based VPN would be more worth checking out. I will go ahead and recommend OpenVPN http://openvpn.net . It runs on practically every platform, can use pre-shared keys or an X509 PKI, and works perfectly behind firewalls; it uses one port, UDP 1194. It's also a bit more "standardized" than IPsec-based VPNs, as the server and client are both the same program, and behave nearly identically on every platform, something that CANNOT be said for IPsec servers/clients. In my experience, OpenVPN is MUCH easier to setup/manage than the various implementations of IPsec.

BTW the Comcast gateway having a different WAN address is normal; your router gets a WAN routeable address for your traffic, and the Comcast gateway gets an address so that Comcast reps can remotely login & manage the device.

Thanks so much I'll check out open VPN I'm trying to learn a few things so was trying to learn how to set up an apple server and all of its services but haven't had much luck. Thanks for all of your help and answering all of my questions. 

I was able to get port 1723 to open but port 500 will not open? Weird. 

Thanks again!

Joe