Port forwarding with wireless home internet on Home Hub 2000

Go to helpful replies
talisker
Contributor II

‎11-26-2021 05:32 PM - last edited on ‎01-02-2024 10:55 AM by

New customer on Bell Wireless Internet, and 25Mbits is actually an improvement from my last ISP ... 

I completed the setup of the hh2k, and actually just chose to bypass it, sending all traffic to my own router which is already configured for whole home internet with mesh extenders.  Normal traffic is working just fine, for streaming an d outbound traffic with no performance hit from the second hop ... BUT ... It appears that Bell blocks all 'inbound' traffic. I tried port forwarding (which the hh2k supports) and nothing worked, so I set up the DMZ to push all traffic to my internal router ... still nothing.  so I port scanned my external IP address, no matter what port I opened up on the router it just shows as 'closed' ... I can see a bunch of ports that come back as 'filtered' as well, but some of them are to be expected.  I did see 50001 open, which is a port Bell uses for firmware I think.

so the question is ... should I be able to open a port for inbound requests, http, sftp, ssh, or any other service for that matter.  I am not fussed what port numbers can be opened, I just want to have some inbound traffic through the router.  is this possible, and/or what am I doing wrong.

note: I did call tech support twice, and got cutoff twice, so thought I would try the forum next.

Labels:
2 8 13.2K
1 helpful reply

Accepted Solutions

Go to helpful replies
ZaneP
Community All-Star
Community All-Star
In response to talisker

‎12-08-2021 09:03 AM - last edited on ‎10-03-2025 02:10 PM by

Thanks for the great diagram.

Here's an interesting snip from the r/Bell sub on Reddit, re blocked ports. It likely applies to your scenario. The OP in the thread has fixed wireless LTE from Bell.

A reply to the OP:

"I can’t be factual on this but I would guess they indeed block incoming connexions like my satellite communicator does to avoid abuse / spam on the limited bandwith."

Another reply:

"This is a bit different than normal wireline residential internet, because Bell would need to allow traffic on those ports on the relevant firewalls at the LTE core network."

 

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

View reply in original post

8 REPLIES 8

Go to helpful replies
BellDRock
Community Manager

‎11-29-2021 09:44 AM

Welcome to the Community @talisker and great post!

I'd love to tag in a few others who have been so helpful with these type of questions in the past.

@JD @ZaneP @navderek any thoughts on @talisker's HH2000 port question?

Go to helpful replies
ZaneP
Community All-Star
Community All-Star

‎11-29-2021 11:10 AM - last edited on ‎10-03-2025 02:11 PM by

Hi @talisker (cc @BellDRock )

Not sure how much help I can be with this issue. I was with a different ISP prior to Bell.

I'm sure certain ports are blocked to inbound traffic (25, 80) but all of them?

Is there a service you're trying to host? Is there an enabled firewall on your own router which needs to be configured? 

I assume you're having no success when you create a port-forwarding rule on the HH2K. 

Have a look at this link on HH2K port-forwarding setup: openmyip.com/Bell-Home-Hub-2000-router-setup

Try again to a conversation with Bell Tech Support.

Let us know how you're doing with this!

ZaneP

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
talisker
Contributor II

‎12-07-2021 02:24 PM

perhaps a diagram would help.  I use telushosting to host a domain which is simply pointed to DynDNS.

to test http traffic, DynDNS does a webhop to push port 80 traffic out to port 8004, to avoid blocks issued on port 80, of course any port could be used for the hop, these numbers are arbitrary for testing. I can see the exposed IP on the WAN side of the Bell Home hub 2000, and confirm that is what DynDNS is seeing.

on the the HH2K it has been configured to use my internal router as the DMZ, passing all port traffic through. so from 192.168.2.1 to 192.168.2.10 in this case. (I have also tried explicit port forwarding)

the Netgear Router acts as my firewall only promoting the chosen ports ... ssh and http in this case.  on the inside the Netgear Router is 192.168.1.1 and promotes the traffic on 8004 to port 80 on an internal server.

I have used my phone to test connections at all levels ... 

  • when connected to the netgear router I can reach 192.168.1.2:80
  • when connected to the HH2K I can reach 192.168.2.10:8004  and 192.168.2.10:80
  • when using LTE services I cannot reach 142.187.xxx.xxx:8004 or dynDNS:80 or domain.org

so I know my internal setup is forwarding fine, and based on my port scan I can only assume that Bell is blocking unsolicited port traffic.  

Network ConfigurationNetwork Configuration

Go to helpful replies
talisker
Contributor II

‎12-07-2021 04:37 PM

NOTE:  I am a rural customer using a wireless signal from tower 3km away ... wondering if there is a difference in how Bell supports this service as opposed to a Fibe connection (besides the obvious difference of the limited speed they support over wireless ... 25Mbits)

Go to helpful replies
ZaneP
Community All-Star
Community All-Star
In response to talisker

‎12-08-2021 09:03 AM - last edited on ‎10-03-2025 02:10 PM by

Thanks for the great diagram.

Here's an interesting snip from the r/Bell sub on Reddit, re blocked ports. It likely applies to your scenario. The OP in the thread has fixed wireless LTE from Bell.

A reply to the OP:

"I can’t be factual on this but I would guess they indeed block incoming connexions like my satellite communicator does to avoid abuse / spam on the limited bandwith."

Another reply:

"This is a bit different than normal wireline residential internet, because Bell would need to allow traffic on those ports on the relevant firewalls at the LTE core network."

 

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
MC4
Contributor
In response to ZaneP

‎08-08-2023 03:33 PM

Does Bell block all incoming traffic on port 25? Is it possible to open it?

0 Likes

Go to helpful replies
Mark2004
Contributor
In response to MC4

‎12-31-2023 08:52 AM

Can someone confirm if port forwarding is available using Wireless Home Internet with the Home Hub 2000?  According to Bell Technical Support, although the HH 2000 has this feature, Bell does not allow port forwarding on this type of connection.

None of this is commmunicated in the marketing of the service.  If no port forwarding is allowed by Bell on the Wireless Home Internet Service, customers should be informed. 

Bell, Please have someone respond to this post, and update the marketing material if you are not offering port forwarding for the wireless customers.

 

0 Likes

Go to helpful replies
PrecisionPete
Contributor
In response to Mark2004

‎04-25-2024 09:59 AM - last edited on ‎04-26-2024 01:22 PM by

We are using this service at our Cottage. It is a life changer!

On the Bell Wireless Home Internet...

  • There is NAT at the HH2000 (192.168.2.1).
  • There is another NAT at the cellular modem (192.168.3.1).
  • And there is yet another NAT somewhere out in the Bell cloud.

Unfortunately, you have no way to configure the NAT out in the cloud. So, it is not possible to access the port forwarding on the HH2000.

However.... There are ways around it. I use a product called Netrinos that manages WireGuard networks. For example, if I want to access my PC at the cottage with RDP, from a PC in the city, I install Netrinos on both devices. It will then create a private VPN connection between the two devices that is oblivious to all the NATting going on. You don't need to open any ports, use dyndns, or make any firewall/router configurations at either end. You get a point-to-point encrypted tunnel to a private static IP with a friendly DNS name. And, it works both ways: city to cottage, cottage to city. The latest beta version also allows you to see other devices within the other network.

0 Likes