Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Get superfast AT&T Fiber internet
bimmerite's profile

Tutor

 • 

4 Messages

Thursday, April 26th, 2018 11:04 PM

bimmerite

BGW210-700 running firmware 1.5.12.

 

All port forwarding works except for 80 & 443.  I have a certain application that only likes to operate on 80/443.  I could change it but I have people that need to access it and I don't want them to have to put in the URL with a port added to it.  I had this port forward setup on my Pace 3600 and it worked fine.  Just got the BGW210 today.

 

Anyway, as a test I created a port forward for 8443 to internal 443 and that worked just fine.

But, if I set just 443 and 80 to port forward then it just fails.

 

So, am I missing something like a firewall rule that needs changing (I haven't added any).  Or, is this a bug?

 

Thanks for any help.

Associated Member

 • 

248 Messages

6 years ago

Forwarding ports 80/443 is, well, not a good idea.

If any other devices on that IP are used to browse the internet, they're no longer going to be able to, I'm fairly sure it intentionally stops you from forwarding those ports to prevent it from breaking browsing, instead, why not set up something like a reverse proxy and have a URL direct to those ports, instead of just the IP alone. There's plenty of free SW to do that, I just don't have it with me as I haven't done that in ages.

Actually, that might be why the BGW210 really doesn't like forwarding port 22, for security.

Tutor

 • 

4 Messages

6 years ago

That actually doesn't make any sense.

 

The modem includes firewall services.  This, to me, says that it's a stateful inspection device.  This means that it should maintain a NAT table which it does; I've looked at it and it tracks session originate outbound (Source NAT) and session originate inbound (Destination NAT).

 

So, a device internally going to the Internet will be NAT'ed outbound so the return traffic will be sent back to the originating device during that session.  The NAT I created wouldn't affect that.  Session origination inside.

 

Traffic originating from the outside coming in, would hit the NAT entry I created and be directed to the device that I setup.  Session origination outside. 

 

What you're describing is how a router responds to a NAT rule.  Routers are stateless devices so it doesn't track sessions.

 

The fact is that nothing should be originating a port 80/443 connection to anything inside my network unless I want it to.  In my case, I have only a single device currently that I want to be open to the Internet (session origination outside) on 80/443.

 

This worked just fine on my old Pace 3600HGV and it didn't affect any traffic outbound.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.