0

Recently Xfinity changed out our modem for a new one due to our old one being at end of life. On our old Xfinity modem I was able to use 443 with two different external ports for instance.

Exchange 192.168.2.2 Public 443 > Internal 443

ACS 192.168.2.151 Public 442 > Internal 443

I have a server running Exchange and a access control system in the building. The Xfinity modem port forwards 443 to 192.168.2.2 the Exchange servers private address. The access control system uses port 443 for accessing the devices webpage. I tried to create an additional port forward on 443 to 192.168.2.151, but Xfinity's modem says there is already a port forward for this port and doesn't allow me to create a second port forward for 443. Do you have any idea how I can do this?

Pic1

Pic2

Improve this question
4
  • 3
    That's not "the same port", that's two different ports. Can you show a photo/screenshot of your current settings and what you're trying to input?
    – grawity_u1686
    Commented May 10, 2019 at 14:17
  • Added two picture to original post.
    – Ryan176
    Commented May 10, 2019 at 15:21
  • How I used to access these port forwards from outside the organization prior to the business class modem change. Exchange - mail.costco.org/owa ACS - 123.123.123.123:442
    – Ryan176
    Commented May 10, 2019 at 15:24
  • Ouch. I haven't seen a router that limited.
    – grawity_u1686
    Commented May 10, 2019 at 15:56

1 Answer 1

Reset to default
2

I have found that these ISP-provided modems/routers are very limited and won't let you do much beyond the very simple. Asymmetric port forwarding 442->443? Forget about it.

You are way better off putting the modem/router in bridged mode and using another router of your choice that has the functionality you need (IMO ISPs are overstepping their bounds with these devices but that's a whole other rant). There are many possibilities SOHO and up that will be infinitely better than using the ISP's device.

Alternatively, if you do not want to add another device to your network, you could consider setting up a reverse HTTP proxy server to serve both services. In this setup, you would have a single port forward on port 443 to the reverse proxy on your network, which would perform TLS termination and proxy the request to the correct target based on the supplied hostname. There are a number of ways to do this, but the simplest would likely be to set up Apache or Nginx to do reverse proxying.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .