Pre-order the New Samsung Galaxy Z Flip4 & Galaxy Z Fold4 and, for a limited time, get twice the storage and a free case!
Need help with your equipment?
cocksy's profile
cocksy
#1 Star!
25,000 views
50,000 views

Teacher

 • 

25 Messages

Tue, Nov 27, 2012 4:03 AM

Forwarding port 443 for WHS - conflict with connectToCiscoAP

I previously had my WHS set up and working fine for remote web acces for use with my AT&T Uverse internet. However, I think the RG has recently had a software update or something, as it has lost all my settings. Now, when I try and set it up to open ports 433, 4125 and 80 for WHS, it comes up with the following error:

 

WHS Ports conflicts with connectToCiscoAP which is currently in use on Cisco_AP_ATT.

WHS Ports and connectToCiscoAP use the same resources and cannot both be hosted at the same time. To use WHS Ports, you must first remove connectToCiscoAP from the application list of Cisco_AP_ATT. Alternatively, you can install the applications on one computer and add both application profiles to the application list for that computer.

 

Any idea whether its safe to remove the "connectToCiscoAP" rule and allow my rule so that I can connet to my WHS from the web? Will it mess up my TV or wireless TV receiver or something? I don't recall having this issue last time I set it up, but may have forgotten!! Many thanks.

Accepted Solution

Official Solution

SomeJoe7777

Expert

 • 

9.4K Messages

10年前

The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.

Accepted Solution

Official Solution

SomeJoe7777

Expert

 • 

9.4K Messages

10年前

You might want to verify that your firewall is properly configured and the proper ports are allowed for inbound traffic. You can do this by going to http://www.canyouseeme.org/ and using their port checking tool. Be aware that this website can only test TCP ports, not UDP.

If the ports are open, then you've configured everything correctly. If not, check the WHS by browsing to it using a computer on your local LAN. If that works, then the WHS is configured correctly and the 2Wire is not. If it doesn't, then the WHS isn't configured correctly to work with the alternate ports.

Accepted Solution

Official Solution

SomeJoe7777

Expert

 • 

9.4K Messages

10年前

No, the switch should not interfere with anything. The switch doesn't know about IP addresses or ports, it operates at a lower layer.

If on the LAN, port 4433 didn't work, then the WHS wasn't configured correctly to switch the connection from 443 to 4433.

Now you say you've switch the WHS port to 433. (You typed 433, when the original port was 443. I don't know if you made a typo, or if you actually changed it to 433 instead of 443). Please verify what port you switched the WHS to.

OK, now remember that all of these ports are used for different things. I was looking up some WHS tech documents, and I can only find that WHS needs 3 ports open for remote access. 80, 443, and 4125.

80 is used for the main web page interface to the server.
443 is used for the secure version of that main web page interface to the server.
4125 is used for RDP (Remote Desktop Protocol).

So here's what I recommend:

1. Using the web link I posted previously:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/

Follow their steps to make sure that your WHS ports are set to 80, 4433, and 4125 for those 3 functions.

2. Verify that they all work from another computer on your LAN:

http://
https://:4433
RDP to :4125

3. Configure the 2Wire gateway like we discussed earlier (remove all your previous entries first). Open only ports 80, 4433, and 4125.

4. Find out your outside IP address by looking at the 2Wire page:

http://192.168.161.254/xslt?PAGE=C_1_0

It will have your external IP address listed under "IP Address".

5. From some other computer on the Internet (friend's house, work computer, etc.) try to access your WHS:

http://
https://:4433
RDP to :4125


There is another article that may be of interest. I found this on Microsoft Technet. This has step-by-step instructions for configuring routers to support external access to WHS. (Although the 2Wire is not listed). Also, this is for an older version of WHS that used port 3389 for RDP vice 4125. However, the article has a lot of information that can be used to verify your setup:

https://social.technet.microsoft.com/wiki/contents/articles/922.windows-home-server-router-setup.aspx

Computer_Joe

Master

 • 

5.9K Messages

10年前


@SomeJoe7777 wrote:
The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.


So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

 

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.

 

 

 

 

JefferMC

ACE - Expert

 • 

29.3K Messages

10年前


@Computer-Joe wrote:

So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.


Yes, it means that.

 

Yes, it sounds pretty heavy handed of them.  However, most residences don't run web servers at all, let alone SSL protected ones, and if you're really serious about running a web server at home, you'll probably buy a static IP address.

 

Is it any more heavy handed than preventing you from using 10.0.0.0/8 as your LAN subnet?  Maybe.

 

cocksy

Teacher

 • 

25 Messages

10年前

Thanks For the info SomeJoe7777.

So, not sure if you can help, but is there any way to change the port that my WHS uses for the connection to the internet??!!

Any other ideas on how to get round this, as I'm flatly not paying an extra $15 a month?!!
SomeJoe7777

Expert

 • 

9.4K Messages

10年前

Yes, you can assign alternate port numbers to WHS. See the following article:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/
cocksy

Teacher

 • 

25 Messages

10年前

Thanks for the link. I think I managed to change the WHS ports (I'm using WHS 2011 so it wasn't exactly the same), but I still cant get access to my server from the web; I just get the error:

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

I've opened the following TCP ports: 4433, 80, 4125, 65515, 65510, and set the https on the WHS to run on port 4433.

What am i doing wrong??!! I have had it going on AT&T before, but I never went through such issues!!!!
cocksy

Teacher

 • 

25 Messages

10年前

Thats a great site - thanks for the link. So, it turns out I can't access all the ports that I've opened; the only one open was 80 - all the others were closed!

Is there any way to find out a list of ports that AT&T will allow me to open, or is it just a bit of trial and error?!
SomeJoe7777

Expert

 • 

9.4K Messages

10年前

You should be able to open any port on the 2Wire except:

443 (because of the wireless STBs)
22 (conflicting reports on whether this can be opened or not)
8000-8015 (reserved for U-Voice VOIP)

For an example of how to open multiple ports for a single application, see the following post:

http://forums.att.com/t5/Residential-Gateway/Security-Camera-Pinholes/m-p/3209955#M5535

Follow the directions under the "2Wire Camera 1 Setup" section, except substitute your own port numbers for the WHS.
cocksy

Teacher

 • 

25 Messages

10年前

Well, I've folowed those instructions 3 or 4 times creating new rules, but they dont work!

 

The only one I ca get to open up is port 80 - I can turn it off again, so I know I'm doing the process right, but none fo these get opened 4433, 4125, 65515, 65510, according to canyouseeme.org.

 

AT&T Firewall Router Pic.png

 

Any ideas?!

SomeJoe7777

Expert

 • 

9.4K Messages

10年前

Well, from what I can see on the firewall status screenshot you posted, it looks like you're opening the ports correctly. As far as why the WHS isn't responding, I can't explain. I don't know too much about WHS, so other than pointing you to the article I found on changing it's ports, that's about all I know.

I hate to refer you elsewhere, but you might try a WHS forum and see if they have anything additional to offer. Because at this point, it doesn't look like the firewall is the problem.
cocksy

Teacher

 • 

25 Messages

10年前

I know why WHS doesn't respond: because according to the canyouseeme.org site - the ports aren't open, even though the RG syas they are!!

 

Any ideas?!!

SomeJoe7777

Expert

 • 

9.4K Messages

10年前

All that the canyouseeme.org site can test is if the TCP connection will open or not. That tells you if it's working, but if it's not, it doesn't tell you why.

If the connection can't be made, that could be because the port isn't open. It could also be because the WHS server isn't responding, even though the ports ARE open. This is what appears to be the case, because your screenshot above clearly shows that the ports are open.

Can you get to the WHS on the LAN? What happens if you go to https://:4433 ?

cocksy

Teacher

 • 

25 Messages

10年前

Ah, I see, I understand a bit more clearly now!

 

OK, when I go go the address of the WHS on the network & :4433 the page doesn't open, if i go to the IP without 4433 it seems to work. So, it does appear to be something with the WHS, not the Router.

 

I'll do some digging, but I dont know exactly where I should be looking...!! 

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.