So today was meant to be a great day for me.
My home is serviced by Comcast’s Xfinity service. To increase my bandwidth and get unlimited data I had them come out today to give me their unlimited 1Gb down / 40Mb up service.
This service requires the use of their xFi Advanced router (if you don’t provide your own, but also seems required if you want unlimited based on fine print).
The tech came this morning, replaced the wire and the modem, tested speeds, did basic setup and left. While he was working I got the alert that my node was down as expected but I was busy with other things when he left and didn’t think to check that my node came back up before he was gone.
When I checked the node, I found that the Last Contact in the dashboard was very erratic. It would climb to a couple mins then go to zero, repeat. Didn’t show offline but not talking correctly.
I use DDNS and that was all correct and updated with the change. Google had the right IP.
I check the port forwarding settings in the new modem and they were correct.
I checked the modem’s standard internal firewall settings and they were not set to block any thing.
I checked that the port was open and found it reported as closed.
I spent an hour troubleshooting and found that if I rebooted the modem or delete/add the port forward the port would stay open for about 10-30 seconds then close. I couldn’t figure out how to keep it open in the new modem settings.
I then spent 2 hours 1 min and 39 seconds on the phone with Comcast support. As expected, it was a total joke and 2 people not knowing what port forwarding is didn’t help. I finally got someone who understood that I did more troubleshooting then they understand and got approved to replace the modem at the local Xfinity store. Drove to the store, in and out with a different modem.
Got that setup and got the same results. I spent several more hours trying to troubleshoot, factory default, modem logs, online settings, etc and could not get the port to stay open. Even tried switching docker to a different port, nothing worked. The store closed by the time I gave up so I decided I would go to the store tomorrow and at least get the old style modem back until after the USA holiday and a tech could come out later in the week.
I was just about ready for bed and got an alert never seen before on my phone from Xfinity. It was a daily summary report of Advanced Security blocks for the day. I think the point of the alert was to notify the average home user that Xfinity has their back and are providing great security services. I looked at the report and it was filled page after page with blocked activity on port 28967.
I went back to the modem’s internal firewall and verified nothing was activated for block (I have a different firewall on the inside). Checked the logs and nothing. I then clicked around on the Xfinity site and found that this upgrade also included with the deal something Xfinity xFi Advanced Security features (free of course).
This Advanced Security isn’t controlled at the modem admin gui, it must be controlled via the cloud. I got into the Xfinity account page and found where I could disable it.
The second I clicked save - the node dropped from 8 mins Last Contact to 0 secs and stayed.
I am still livid about this. I even asked the third Comcast support person about security settings.
So I hope that if anyone else who gets the xFi Advanced system with their gig service can benefit from my 16 hours of down time for a 30 min modem replacement job.