Need help with your equipment?
cocksy's profile

Teacher

 • 

25 Messages

Tuesday, November 27th, 2012 4:03 AM

Forwarding port 443 for WHS - conflict with connectToCiscoAP

I previously had my WHS set up and working fine for remote web acces for use with my AT&T Uverse internet. However, I think the RG has recently had a software update or something, as it has lost all my settings. Now, when I try and set it up to open ports 433, 4125 and 80 for WHS, it comes up with the following error:

 

WHS Ports conflicts with connectToCiscoAP which is currently in use on Cisco_AP_ATT.

WHS Ports and connectToCiscoAP use the same resources and cannot both be hosted at the same time. To use WHS Ports, you must first remove connectToCiscoAP from the application list of Cisco_AP_ATT. Alternatively, you can install the applications on one computer and add both application profiles to the application list for that computer.

 

Any idea whether its safe to remove the "connectToCiscoAP" rule and allow my rule so that I can connet to my WHS from the web? Will it mess up my TV or wireless TV receiver or something? I don't recall having this issue last time I set it up, but may have forgotten!! Many thanks.

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

11 years ago

The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.

Accepted Solution

Expert

 • 

9.4K Messages

11 years ago

You might want to verify that your firewall is properly configured and the proper ports are allowed for inbound traffic. You can do this by going to http://www.canyouseeme.org/ and using their port checking tool. Be aware that this website can only test TCP ports, not UDP.

If the ports are open, then you've configured everything correctly. If not, check the WHS by browsing to it using a computer on your local LAN. If that works, then the WHS is configured correctly and the 2Wire is not. If it doesn't, then the WHS isn't configured correctly to work with the alternate ports.

Accepted Solution

Expert

 • 

9.4K Messages

11 years ago

No, the switch should not interfere with anything. The switch doesn't know about IP addresses or ports, it operates at a lower layer.

If on the LAN, port 4433 didn't work, then the WHS wasn't configured correctly to switch the connection from 443 to 4433.

Now you say you've switch the WHS port to 433. (You typed 433, when the original port was 443. I don't know if you made a typo, or if you actually changed it to 433 instead of 443). Please verify what port you switched the WHS to.

OK, now remember that all of these ports are used for different things. I was looking up some WHS tech documents, and I can only find that WHS needs 3 ports open for remote access. 80, 443, and 4125.

80 is used for the main web page interface to the server.
443 is used for the secure version of that main web page interface to the server.
4125 is used for RDP (Remote Desktop Protocol).

So here's what I recommend:

1. Using the web link I posted previously:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/

Follow their steps to make sure that your WHS ports are set to 80, 4433, and 4125 for those 3 functions.

2. Verify that they all work from another computer on your LAN:

http://
https://:4433
RDP to :4125

3. Configure the 2Wire gateway like we discussed earlier (remove all your previous entries first). Open only ports 80, 4433, and 4125.

4. Find out your outside IP address by looking at the 2Wire page:

http://192.168.161.254/xslt?PAGE=C_1_0

It will have your external IP address listed under "IP Address".

5. From some other computer on the Internet (friend's house, work computer, etc.) try to access your WHS:

http://
https://:4433
RDP to :4125


There is another article that may be of interest. I found this on Microsoft Technet. This has step-by-step instructions for configuring routers to support external access to WHS. (Although the 2Wire is not listed). Also, this is for an older version of WHS that used port 3389 for RDP vice 4125. However, the article has a lot of information that can be used to verify your setup:

https://social.technet.microsoft.com/wiki/contents/articles/922.windows-home-server-router-setup.aspx

Master

 • 

5.9K Messages

11 years ago


@SomeJoe7777 wrote:
The "connectToCiscoAP" rule is automatically added to the RG by AT&T for those people who have wireless STBs. This entry reserves port 443 for the Cisco access point for the wireless STBs so that AT&T can communicate with it and manage it.

If you have wireless STBs and need to use inbound port 443, the only way to get around this entry is to use static IPs ($15/month).

If you remove the connectToCiscoAP entry and put in your own rule for port 443, the AT&T system will remove your entry and replace the connectToCiscoAP entry within a few hours automatically.


So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

 

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.

 

 

 

 

ACE - Expert

 • 

34.7K Messages

11 years ago


@Computer-Joe wrote:

So, does that mean everyone with a wireless STB is precluded from running secure web servers/services on the standard ports?

You'd think they would use port triggering instead of a continuous forward if it's only for sporadic management access.


Yes, it means that.

 

Yes, it sounds pretty heavy handed of them.  However, most residences don't run web servers at all, let alone SSL protected ones, and if you're really serious about running a web server at home, you'll probably buy a static IP address.

 

Is it any more heavy handed than preventing you from using 10.0.0.0/8 as your LAN subnet?  Maybe.

 

Teacher

 • 

25 Messages

11 years ago

Thanks For the info SomeJoe7777.

So, not sure if you can help, but is there any way to change the port that my WHS uses for the connection to the internet??!!

Any other ideas on how to get round this, as I'm flatly not paying an extra $15 a month?!!

Expert

 • 

9.4K Messages

11 years ago

Yes, you can assign alternate port numbers to WHS. See the following article:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/

Teacher

 • 

25 Messages

11 years ago

Thanks for the link. I think I managed to change the WHS ports (I'm using WHS 2011 so it wasn't exactly the same), but I still cant get access to my server from the web; I just get the error:

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

I've opened the following TCP ports: 4433, 80, 4125, 65515, 65510, and set the https on the WHS to run on port 4433.

What am i doing wrong??!! I have had it going on AT&T before, but I never went through such issues!!!!

Teacher

 • 

25 Messages

11 years ago

Thats a great site - thanks for the link. So, it turns out I can't access all the ports that I've opened; the only one open was 80 - all the others were closed!

Is there any way to find out a list of ports that AT&T will allow me to open, or is it just a bit of trial and error?!

Expert

 • 

9.4K Messages

11 years ago

You should be able to open any port on the 2Wire except:

443 (because of the wireless STBs)
22 (conflicting reports on whether this can be opened or not)
8000-8015 (reserved for U-Voice VOIP)

For an example of how to open multiple ports for a single application, see the following post:

http://forums.att.com/t5/Residential-Gateway/Security-Camera-Pinholes/m-p/3209955#M5535

Follow the directions under the "2Wire Camera 1 Setup" section, except substitute your own port numbers for the WHS.
Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.