Equipment (Modems,Gateways)
Back to Top

Forwarding port 80 to interal web server doesn't work

detropia
New Member

Forwarding port 80 to interal web server doesn't work

Hi,

 

I am a static IP customer using an SMC modem from Comcast. I want to forward port 80 to one of my devices conected to

the SMC router. Internal ip 10.1.10.150 has been set up as the server I want port 80 to forward to. This is a linux dvr for my security cameras.

 

I have set up port forwarding in the smc router. It seems that port 80 is already in use by the smc admin pages.

 

I tried changing the port of my dvr server to 8080 but I still can't get to that server from my static ip:8080.

 

What do I have to do to use port 80 as a dvr/web server on my local network? 

 

I have been searching around the community boards and haven't found an answer.

 

Thanks for your help.

Community Manager
Community Manager

Re: Forwarding port 80 to internal web server doesn't work

Welcome Detropia.  Ports 8080 & 8181 are reserved for admin use in the SMC.  When testing to the gateway with your existing port forwarding rule in place, we did receive the "connection refused" message from your server.  If you are connected to the SMC it is necessary to use the internal IP address for the server for access.  

 

Thank you

detropia
New Member

Re: Forwarding port 80 to internal web server doesn't work

Hi,

 

One of the reasons I pay for a static IP is so that I can run a web server if I need to. In this case I am trying to port forward to an internal dvr box that I am using for my security cameras. I need to access this server when I am away from home.

 

Is there another way I can do this, for example use a differen't port 8888 or 88?

Community Manager
Community Manager

Re: Forwarding port 80 to internal web server doesn't work

Hi Detropia.  The Static IP can be assigned directly to the server when it is directly connected to the gateway without the need for port forwarding rules.  If the server is behind your router it will be necessary to create rules in your router to handle the access. Any port can be used as long as it is mapped to the opened port on the end device. You can also set a 1 to 1 NAT rule the points the Static IP directly to LAN IP of the server that is directly connected to the gateway.    Pleas let us know if you need assistance SMC gateway configurations.  Thank You.

JMNEIMNEH
Visitor

Re: Forwarding port 80 to internal web server doesn't work

John,

 

Is there any way to manually disable / filter traffic to SSH port 22 / HTTP/HTTPS ports 8080/8181 on the Broadcom Corporation Embedded BFC IP Gateway provided by Comcast? The UI doesn't seem to support configuration of those ports. I have no idea what the root/cusadmin password is for SSH, which leads me to believe your support team uses an undisclosed password.  If I have problems and I need assistance I'd like to be able to approve the connection for troubleshooting, then disable it again, or set the password myself for support to use. 

 

Leaving SSH open for backdoor support access is kind of scary, even if it just for support to use. I understand this IP isn't part of my "block" but it's still a backdoor into my network.

 

Thanks,

 

Jamil

 

Community Manager
Community Manager

Re: Forwarding port 80 to internal web server doesn't work

Hi JMNEIMNEH.   thank you for you post.  See below for answers to your inquiries. Please let us know if you have additional questions or require furthe assistance.

 

Is there any way to manually disable / filter traffic to SSH port 22 / HTTP/HTTPS ports 8080/8181 on the Broadcom Corporation Embedded BFC IP Gateway provided by Comcast? Port 22 can be disabled on the gateway WAN interface by a Comcast technician.  Ports 8080 & 8181 are used by Comcast for gateway testing  & maintenance and should not be forwarded to LAN side CPE.  Additonal rules for traffic filtering are handled at the LAN side CPE device.

The UI doesn't seem to support configuration of those ports. I have no idea what the root/cusadmin password is for SSH, which leads me to believe your support team uses an undisclosed password. Access to the above mentioned ports is via the WAN interface, the password is restricted to Comcast Technicians only and is changed each night at midnite local time.   If I have problems and I need assistance I'd like to be able to approve the connection for troubleshooting, then disable it again, or set the password myself for support to use.  A Comcast Technician can enable/disable the port at any time. Contact the local 

 

Leaving SSH open for backdoor support access is kind of scary, even if it just for support to use. I understand this IP isn't part of my "block" but it's still a backdoor into my network. Port 22 can be disabled at the customer's request.

 

Thank You

 

Discussion stats
  • 5 replies
  • 5106 views
  • 0 kudos
  • 3 in conversation