comcast suckage
Mon Mar 9 13:16:40 EDT 2020
My webserver's log stopped at 04:53 this morning. The server's IP has changed, so Comcast's router bounced something. This broke the port forwarding from outside to my webserver. (We had our own router with Comcast's modem until they switched hardware on us while I was at Pennsic last year. This, of course, broke my web serving at the time.)
The router's "advanced" config is now no longer done with the router, but through Comcast webpages - which do not like my Firefox, which I'm pretty sure is up-to-date. It is working with Chrome, though. The problem is probably something I'm blocking in Firefox - which I have blocking a lot of crap, stopping a lot of the tracking and ad serving.Advanced Settings
Port Forwarding: Enable online gaming, VoIP and peer-to-peer applications to connect directly to a device on your home network.
LAN & WAN: Customize your LAN (local area network) settings, and view your WAN (wide area network) IP address.
DMZ: Configure a demilitarized zone for your home network.
Data Usage: View how much Internet data you have used over the past four months.
I've got port 80 open through to my webserver's current IP now, and Dreamwidth pages are loading with my photos again. Comcast's config options have a lot of over-the-web games pre-defined, but no support for interesting things like web servers or data-sharing services. Sounds like another effort at trying to stop customers from using the web the way they want to.DMZ
Enabling DMZ (a demilitarized zone) may resolve issues with an online application communicating with a specific device. However, this creates a security risk and should be used with caution; it is recommended that you add a port forward for the device instead.
I see the webserver's old IP still set up for the DMZ. I wasn't able to set up specific port forwarding on the router before, so I suppose this is an improvement. (I.e. every port was open to my webserver!)
Monthly Summary
Usage shown for the current month may not include data from the past 24 hours.March 2020Data Used 10GB
February 2020Data Used 40GB
January 2020Data Used 55GB
December 2019Data Used 58GB
3+ (not 4) months of data usage is possibly of interest, but not detailed.
Advanced Security is disabled. Following the links to read more, I find:iOS
Android
Windows Phone
Macintosh/Apple (OSX)
Windows PC
PlayStation 3
PlayStation 4
Xbox 360
Xbox One
Once again, Comcast has ignored Linux. (Interesting that phones seem to have priority over computers.)
Comcast WiFi lets you assign each device to a profile, and constrain Internet access by time of day, time duration, data volume, content filtering, and security risks. I pretty much don't want any of this. We're adults here, and I don't need an Internet nanny. Blocking malware might be a good thing, so I may look into that more later.
I don't want Comcast (or anyone else) monitoring my traffic, although there's not much I can do to stop my ISP from prying, short of using a VPN and encrypting everything.
I might have noticed my personal webserver outage sooner if I hadn't been on a trouble call for work 02:00-06:30. I suppose I'm lucky that whatever Comcast changed didn't keep me from doing the work I'm paid to do. (My connection was interrupted a couple of times, though.... But that's not out of the norm. ☹)
Tuesday 15:09
My images are not loading in my Dreamwidth postings now. ☹
Tuesday 17:25
My images are not loading for DW and LJ journal entries I posted today (those dated 2020/Mar/02-09), but images are loading for older entries.
Tuesday 23:21
The Comcast/Xfinity setup could be less confusing. I've now added ports 8080 and 8088 to 80 for forwarding to my webserver.
Wednesday 01:10
The Comcast router is blocking incoming traffic as "unauthorized". It's blocked about 150 IPs. I can unblock them, one by one, for 30 days.
It looks like port 80 alone was sufficient for a webserver.
This is totally unsatisfactory for a webserver. I'm not supposed to know where the traffic is coming from in advance.
Wednesday 02:21
Dreamwidth can see images hosted on my webserver again.
I haven't unblocked any Russian IPs, so LJ is still not seeing my images.
Wednesday 03:31
This may be what I need:xFi Advanced Security
By disabling, you'll lose 24/7 threat monitoring and real-time reporting on your home network. Keep in mind, you'll still be subscribed to Advanced Security even if you're not using it.
What I need - to get rid of....
Wednesday 03:43
Dreamwidth is still able to load images; LiveJournal still fails, and the browser on my office desktop PC fails. (I can't really test with my own laptop at home because it's not going out and back in through the router.)
Correction @ 03:49: my office desktop PC is loading pages from my website now. This remote-access business has frequent problems. And LJ at my office is getting images from my website.
I'm declaring it "fixed".
It would be nice to have Comcast blocking connections from (and to) known bad-guy sites, but if everything that's not whitelisted (for 30 days) is blocked as "unauthorized", I can't run a webserver.
I do now have port forwarding of only port 80 to the webserver, instead of the server being completely exposed in a DMZ and taking assaults on all ports (which it seems to have withstood). Then again, I also had individual port forwarding before Comcast stuck/snuck their router in here while I was out of town.
Wednesday 12:43
Somebody's been browsing my photos on line: nslookup 100.14.213.160: name = pool-100-14-213-160.phlapa.fios.verizon.net.
I'm guessing that's Philadelphia, PA. I wonder whether this is someone I know? The logs show interest in the Pennsic photos.
It's nice to see someone looking at my photos instead of looking for WordPress vulnerabilities.
Saturday 06:00
The Comcast router changed my webserver's IP address (DHCP). The Comcast web-admin for the router sets up the port forwarding with the device name, so I was hoping the port forwarding would be updated whenever the router changed the server's IP. Nope. I needed to delete the forwarding and re-enter it.
But guess what? The web-admin side of things wasn't aware of the IP change; it set up the forwarding at the old IP. Apparently I would have to restart the networking on the server for the web-admin to notice the change. So I bounced the networking, and the web-admin eventually updated. I deleted the forwarding and set it up again. But there was still no traffic to the webserver.
With the bounce, the DHCP switched the webserver back to its previous address. While the web-admin picked up the "new" IP it was no longer using. So I needed to delete the device from the web admin so it could find it again with its current IP. And then set up the port forwarding a 3rd time.
So next time the IP changes, I'll just try bouncing the service to see whether it flips back. I hope this doesn't become something frequent. It had gone months since it last changed, and now it's changed twice thrice in a week. (Yes, what I should do is put it on a wired connection with a fixed IP.)
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/1128463.html on Dreamwidth (where there are
comments).]
My webserver's log stopped at 04:53 this morning. The server's IP has changed, so Comcast's router bounced something. This broke the port forwarding from outside to my webserver. (We had our own router with Comcast's modem until they switched hardware on us while I was at Pennsic last year. This, of course, broke my web serving at the time.)
The router's "advanced" config is now no longer done with the router, but through Comcast webpages - which do not like my Firefox, which I'm pretty sure is up-to-date. It is working with Chrome, though. The problem is probably something I'm blocking in Firefox - which I have blocking a lot of crap, stopping a lot of the tracking and ad serving.Advanced Settings
Port Forwarding: Enable online gaming, VoIP and peer-to-peer applications to connect directly to a device on your home network.
LAN & WAN: Customize your LAN (local area network) settings, and view your WAN (wide area network) IP address.
DMZ: Configure a demilitarized zone for your home network.
Data Usage: View how much Internet data you have used over the past four months.
I've got port 80 open through to my webserver's current IP now, and Dreamwidth pages are loading with my photos again. Comcast's config options have a lot of over-the-web games pre-defined, but no support for interesting things like web servers or data-sharing services. Sounds like another effort at trying to stop customers from using the web the way they want to.DMZ
Enabling DMZ (a demilitarized zone) may resolve issues with an online application communicating with a specific device. However, this creates a security risk and should be used with caution; it is recommended that you add a port forward for the device instead.
I see the webserver's old IP still set up for the DMZ. I wasn't able to set up specific port forwarding on the router before, so I suppose this is an improvement. (I.e. every port was open to my webserver!)
Monthly Summary
Usage shown for the current month may not include data from the past 24 hours.March 2020Data Used 10GB
February 2020Data Used 40GB
January 2020Data Used 55GB
December 2019Data Used 58GB
3+ (not 4) months of data usage is possibly of interest, but not detailed.
Advanced Security is disabled. Following the links to read more, I find:iOS
Android
Windows Phone
Macintosh/Apple (OSX)
Windows PC
PlayStation 3
PlayStation 4
Xbox 360
Xbox One
Once again, Comcast has ignored Linux. (Interesting that phones seem to have priority over computers.)
Comcast WiFi lets you assign each device to a profile, and constrain Internet access by time of day, time duration, data volume, content filtering, and security risks. I pretty much don't want any of this. We're adults here, and I don't need an Internet nanny. Blocking malware might be a good thing, so I may look into that more later.
I don't want Comcast (or anyone else) monitoring my traffic, although there's not much I can do to stop my ISP from prying, short of using a VPN and encrypting everything.
I might have noticed my personal webserver outage sooner if I hadn't been on a trouble call for work 02:00-06:30. I suppose I'm lucky that whatever Comcast changed didn't keep me from doing the work I'm paid to do. (My connection was interrupted a couple of times, though.... But that's not out of the norm. ☹)
Tuesday 15:09
My images are not loading in my Dreamwidth postings now. ☹
Tuesday 17:25
My images are not loading for DW and LJ journal entries I posted today (those dated 2020/Mar/02-09), but images are loading for older entries.
Tuesday 23:21
The Comcast/Xfinity setup could be less confusing. I've now added ports 8080 and 8088 to 80 for forwarding to my webserver.
Wednesday 01:10
The Comcast router is blocking incoming traffic as "unauthorized". It's blocked about 150 IPs. I can unblock them, one by one, for 30 days.
It looks like port 80 alone was sufficient for a webserver.
This is totally unsatisfactory for a webserver. I'm not supposed to know where the traffic is coming from in advance.
Wednesday 02:21
Dreamwidth can see images hosted on my webserver again.
I haven't unblocked any Russian IPs, so LJ is still not seeing my images.
Wednesday 03:31
This may be what I need:xFi Advanced Security
By disabling, you'll lose 24/7 threat monitoring and real-time reporting on your home network. Keep in mind, you'll still be subscribed to Advanced Security even if you're not using it.
What I need - to get rid of....
Wednesday 03:43
Dreamwidth is still able to load images; LiveJournal still fails, and the browser on my office desktop PC fails. (I can't really test with my own laptop at home because it's not going out and back in through the router.)
Correction @ 03:49: my office desktop PC is loading pages from my website now. This remote-access business has frequent problems. And LJ at my office is getting images from my website.
I'm declaring it "fixed".
It would be nice to have Comcast blocking connections from (and to) known bad-guy sites, but if everything that's not whitelisted (for 30 days) is blocked as "unauthorized", I can't run a webserver.
I do now have port forwarding of only port 80 to the webserver, instead of the server being completely exposed in a DMZ and taking assaults on all ports (which it seems to have withstood). Then again, I also had individual port forwarding before Comcast stuck/snuck their router in here while I was out of town.
Wednesday 12:43
Somebody's been browsing my photos on line: nslookup 100.14.213.160: name = pool-100-14-213-160.phlapa.fios.verizon.net.
I'm guessing that's Philadelphia, PA. I wonder whether this is someone I know? The logs show interest in the Pennsic photos.
It's nice to see someone looking at my photos instead of looking for WordPress vulnerabilities.
Saturday 06:00
The Comcast router changed my webserver's IP address (DHCP). The Comcast web-admin for the router sets up the port forwarding with the device name, so I was hoping the port forwarding would be updated whenever the router changed the server's IP. Nope. I needed to delete the forwarding and re-enter it.
But guess what? The web-admin side of things wasn't aware of the IP change; it set up the forwarding at the old IP. Apparently I would have to restart the networking on the server for the web-admin to notice the change. So I bounced the networking, and the web-admin eventually updated. I deleted the forwarding and set it up again. But there was still no traffic to the webserver.
With the bounce, the DHCP switched the webserver back to its previous address. While the web-admin picked up the "new" IP it was no longer using. So I needed to delete the device from the web admin so it could find it again with its current IP. And then set up the port forwarding a 3rd time.
So next time the IP changes, I'll just try bouncing the service to see whether it flips back. I hope this doesn't become something frequent. It had gone months since it last changed, and now it's changed twice thrice in a week. (Yes, what I should do is put it on a wired connection with a fixed IP.)
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/1128463.html on Dreamwidth (where there are
comments).]