locked
Remote Access through my TELUS home router 2-Wire 2700G RRS feed

  • Question

  • I use a Broadband Router - 2-wire 2700G from Telus (phone company). I tried to auto configure the remote access from the WHS Console/settings/remote access. It seemed to be going fine - but then failed saying the router did not support UPnP. I then tried to configure the modem manually using IE8/access to the router. There is a "edit remote access" menu selection - but then I am stuck. It says

    "Alternate Ports: By default, Web Remote Access uses standard Web ports to connect from a remote location. However, if you are hosting a Web server on your network, you will need to select different ports for Web Remote Access. For more information, click on the Help link above."

    It lists 80 and 443 for http and https - and allows me to change these. There is no mention of RDP. 

    My confusion: surely it is saying http and https (which ARE internet remote access) are set up to use 80 and 443 already - so why is "remote access disabled" . I need some guidance. I am clearly missing something.

    By the way the phone company will not help. I think they think I am planning some serious video downloading. Which I am not. I simply want to access my work files from my office PC.

    I have checked out the extensive threads in the "related topics" - here on the right. I found "Cannot obtain any kind of remote access (HTTP/s or Remote Desktop)" very enlightening. I plan to try to set my 2-wire 2700G using these notes :

    All Replies
    tPgEast
    Sunday, July 27, 2008 9:27 PM
    A few comments. I have configured a Linksys WRT54G, WRT600N and WRT61ON to work with WHS and with Remote Access. The software on o
    all of these units are similar, as are the configuration settings. Here is what I have found:
    1. Windows firewall is on by default on the WHS
    2. Whether you configure your WHS to have a static IP address or reserve a static address through the router’s DHCP reservation option, this is a good thing to do
    3. Changing the MTU setting is (as you suspected) more than likely unnecessary
    4.
    Security setting that work for me are “Filter Anonymous Internet Requests” and Fifter IDENT (port 113)” both checked; “Filter Multicast’ and “Filter Internet NAT Redirection” both UnChecked. I would pay special attention to and make sure that you are filtering Anonymous Internet Requests.
    5. All that is necessary for port forwarding are Ports 80 or 443 and 4125, all TCP only, I use only ports 443 and 4125 and do not allow normal HTTP connections (port
    80). I only allow HTTPS (secure) port 443. 1 am not sure what ports 56000 and port 3389 are for.
    You may have already tried these setting, and they did not work. It may be worth another try, especially to eliminate the extra port forwards and the lack of filtering of anonymous internet requests.

    I am trying to find a simple router config summary in all the threads.

    Sunday, April 4, 2010 5:52 PM

All replies

  • This summary looks the best : I will try it.

    Have you tested remote access from somewhere other than your home? The public library? The local Starbucks? Some routers don't deal properly with looping back to their external IP address from within the local network. You could also determine your external IP address (usually exposed in your router's configuration pages as internet IP, External IP or WAN IP) and try accessing that IP directly, e.g. http://www.xxx.yyy.zzz to make sure it's not a temporary problem with DNS.

    But it sounds like either you haven't set up port forwarding correctly, or possibly your ISP is blocking ports used by Windows Home Server. To set up port forwarding manually for your router (I don't advise relying on the UPnP port forwarding that WHS does, as many routers don't fully support UPnP even if they say they do) you should give your server a static IP address, then find the appropriate guide at
    Portforward.com and follow it, forwarding ports 80, 443, and 4125 to your server.

    If after that you still have problems with remote access, you can try testing the ports to see if your ISP is blocking them using
    ShieldsUp!. If ShieldsUp! reports STEALTH only for port 80, you should still be able to access your server using secure HTTP, e.g. https://<yourserver>.homeserver.com/remote. If ShieldsUp! reports STEALTH for port 443 as well, you can either try changing the ports that WHS uses or work with your ISP to determine what service plan (often a business plan) they offer that will allow your to use those ports. I would recommend working with your ISP first, as they can detect incoming traffic if they want to, and if running servers is against your terms of service, they could terminate your service or charge you retroactively to the beginning of your plan for a higher class of service.

    You may also want to read the Remote Access technical brief, available from the
    Windows Home Server support page.

    Sunday, April 4, 2010 6:53 PM
  • I use a Broadband Router - 2-wire 2700G from Telus (phone company). I tried to auto configure the remote access from the WHS Console/settings/remote access. It seemed to be going fine - but then failed saying the router did not support UPnP. I then tried to configure the modem manually using IE8/access to the router. There is a "edit remote access" menu selection - but then I am stuck. It says

    "Alternate Ports: By default, Web Remote Access uses standard Web ports to connect from a remote location. However, if you are hosting a Web server on your network, you will need to select different ports for Web Remote Access. For more information, click on the Help link above."

    It lists 80 and 443 for http and https - and allows me to change these. There is no mention of RDP. 

    My confusion: surely it is saying http and https (which ARE internet remote access) are set up to use 80 and 443 already - so why is "remote access disabled" . I need some guidance. I am clearly missing something.

    By the way the phone company will not help. I think they think I am planning some serious video downloading. Which I am not. I simply want to access my work files from my office PC.

    I have checked out the extensive threads in the "related topics" - here on the right. I found "Cannot obtain any kind of remote access (HTTP/s or Remote Desktop)" very enlightening. I plan to try to set my 2-wire 2700G using these notes :

    All Replies
    tPgEast
    Sunday, July 27, 2008 9:27 PM
    A few comments. I have configured a Linksys WRT54G, WRT600N and WRT61ON to work with WHS and with Remote Access. The software on o
    all of these units are similar, as are the configuration settings. Here is what I have found:
    1. Windows firewall is on by default on the WHS
    2. Whether you configure your WHS to have a static IP address or reserve a static address through the router’s DHCP reservation option, this is a good thing to do
    3. Changing the MTU setting is (as you suspected) more than likely unnecessary
    4.
    Security setting that work for me are “Filter Anonymous Internet Requests” and Fifter IDENT (port 113)” both checked; “Filter Multicast’ and “Filter Internet NAT Redirection” both UnChecked. I would pay special attention to and make sure that you are filtering Anonymous Internet Requests.
    5. All that is necessary for port forwarding are Ports 80 or 443 and 4125, all TCP only, I use only ports 443 and 4125 and do not allow normal HTTP connections (port
    80). I only allow HTTPS (secure) port 443. 1 am not sure what ports 56000 and port 3389 are for.
    You may have already tried these setting, and they did not work. It may be worth another try, especially to eliminate the extra port forwards and the lack of filtering of anonymous internet requests.

    I am trying to find a simple router config summary in all the threads.

    For starters, go to Shields Up!, do a custom port scan for ports 80, 443, and 4125, then post the results here.
    Sunday, April 4, 2010 7:48 PM
    Moderator
  • Here is the Shields up! summary

    Port 80 Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    80
    HTTP

    Stealth
    There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    Port 443 Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    Port 4125 - not on the report list

     

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



    Unsolicited Packets: PASSED
    — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.


    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                                119, 135, 139, 143, 389, 443, 445,
                                1002, 1024-1030, 1720, 5000

        0 Ports Open
       17 Ports Closed
        9 Ports Stealth
    ---------------------
       26 Ports Tested

    NO PORTS were found to be OPEN.

    Ports found to be STEALTH were: 0, 21, 25, 80, 110, 135, 139,
                                    443, 445

    Other than what is listed above, all ports are CLOSED.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
                       - NO unsolicited packets were received,
                       - A PING REPLY (ICMP Echo) WAS RECEIVED.

     

    Sunday, April 4, 2010 10:47 PM
  • Here is the Shields up! summary

    Port 80 Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

     

    80
    HTTP

    Stealth
    There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

     

    Port 443 Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    Port 4125 - not on the report list

     

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



    Unsolicited Packets: PASSED
    — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.


    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                                119, 135, 139, 143, 389, 443, 445,
                                1002, 1024-1030, 1720, 5000

        0 Ports Open
       17 Ports Closed
        9 Ports Stealth
    ---------------------
       26 Ports Tested

    NO PORTS were found to be OPEN.

    Ports found to be STEALTH were: 0, 21, 25, 80, 110, 135, 139,
                                    443, 445

    Other than what is listed above, all ports are CLOSED.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
                       - NO unsolicited packets were received,
                       - A PING REPLY (ICMP Echo) WAS RECEIVED.

     

    The fact that your ports are coming back as Stealth means either A) your router isn't configured correctly, B) you have a double-NAT situation (are you using a second router in addition to the TELUS box?) or C) your ISP is blocking those ports.  You might want to contact your ISP and see if they are blocking those ports.  As for setting up the router, you should check portforward.com for instructions for your exact router and see if it helps.
    Monday, April 5, 2010 1:24 AM
    Moderator
  • Telus blocks port 80 as well as several other common ports if you have a home account.
    Saturday, May 7, 2011 10:59 PM