Monday, 8 October 2012

Incoming Ports That Telus Blocks

Telus blocks you from hosting several services on your home internet connection. This prevents you from hosting things like web sites, ftp servers, mail servers, on their native ports. You can get around this by hosting these services on non-standard ports or using a VPN connection that doesn't block the same incoming traffic. 

The rationale for blocking these services appears to be under the guise of protecting users and the Telus network from malware. Really it's just a way to prevent you from fully utilizing your home connection and to force you to buy a more expensive tier of service.

The only packages with no blocked ports at this time are the Server packages.

The blocked ports currently are:

TCP 21 (ftp)
FTP server

TCP 25 (smtp)
Email delivery server (MTA - Mail Transfer Agent)

TCP 80 (www)
Web server

TCP 110 (pop3)
POP3 email retrieval servers (MDA - Mail Delivery Agent)

TCP 6667 (ircd)
IRC servers (Internet Relay Chat)

TCP/UDP 135-139 (dcom and netbios)
135 Windows RPC
136 PROFILE Naming System (basically unused)
137-139 Windows NetBios

TCP/UDP 443 (ssl)
Secure web browsing - HTTPS

TCP/UDP 445 (ms-ds)
Microsoft Directory Services

TCP/UDP 1433-1434 (ms-sql)
Microsoft SQL Server

32 comments:

  1. Hey, buddy, thanks for the good post. May I know what ports are default open in Telus Actiontec I could used to communicate with outside via the firewall? Thanks.

    ReplyDelete
    Replies
    1. All outbound traffic originating from inside the router will be allowed. For allowing unsolicited incoming traffic into your network you'll need to configure port forwarding or put a machine in the DMZ. The above ports won't work regardless if you port forward because they are blocked on the Telus "home" network. This prevents you from hosting a web server on port 80, or an email server on port 25, etc.

      Delete
  2. thanks for feedback. I d like have port forwarding for the port 3368 in Actiontec. Seems the admin page does not work anymore after it was forced to upgrade to 31.30L.55 firmware (not sure if only I am screwed). Nothing is added after I click the apply in the port forwarding page. Do you know any way I could have the port forwarding working, except for the bridging? Thanks.

    ReplyDelete
    Replies
    1. Have you tried any of the alternative logins listed in the bridging post? Is the advanced page inaccessible with all the logins? If all you want to do is enable port forwarding on the Actiontec and can't, then you should contact Telus support so they can give you a new router. Just expect to be on the phone for a couple of hours while they juggle you around their incompetent support and ask you to reboot your router 10 times.

      Delete
    2. hey, can you use a flash drive on the actiontec and setup a http server in the busybox? are the ports blocked to the router? as far as I can see the router has its own internet address? is it just that it wont forward those ports to your network? is there any way to open these ports? I am just wondering if it is blocked at router or blocked at telus internet, the server assigning the router its ip and passing traffic to it?

      Delete
    3. 1. No, you can't use a flash drive on the router.
      2. Telus blocks this traffic on their network, so you can install a web server, port forward http ports, but nobody will be able to get to your site as Telus will block incoming port 80 (HTTP) to your machine before it ever hits your router. The workaround is to have your web server listen on different ports and access the site by putting :port at the end of the url - for example http://mycoolwebserver:7373

      Delete
  3. does the DMZ work at all on the Telus V1000H modem? Tried to put my shiney new IP Camera in the DMZ but it didn't work. Also tried port forwarding the IP Camera traffice to port 8090 or 9000 (which portscan says is open) but that didn't work either... any ideas?

    ReplyDelete
  4. I've been working on this for several days for no luck, and I finally found an obscure post that pointed me to the real problem that had nothing to do with the actual port forwarding

    - make sure that the browser you are using to test the connection is not on your home network. For whatever reason, it can't go out and come back in
    - if using your cell phone to test the browser (as myself, the 'I thought I smart enough', has been doing), make sure your wi-fi is turned off on your phone! Otherwise, you are still on the network and the test won't work

    ReplyDelete
    Replies
    1. That was it!! Thank you!

      Delete
    2. If your router has a feature called NAT Loopback, NAT Hairpinning, or NAT Reflection (all different names for the same thing) this will allow you to access your public IP from inside your network. If you don't have this feature then just access the service on the local network address when on the LAN and use the public IP when outside your local network.

      For more info see:
      http://en.wikipedia.org/wiki/NAT_reflection#NAT_loopback

      Delete
  5. Is there a way that I can connect to my old mail server to get my left over mail on it after I hooked up my Telus Actiontec router and started using Telus as my ISP?

    ReplyDelete
  6. To Anonymous, April 6, 2013: Thanks for this advice. This was exactly my problem.

    ReplyDelete
  7. I have set up port forwarding and tried to establish a Remote Desktop Connection with Telus as ISP to no avail (e.g. http://my.isp.ip:53589). Telus stated in a 2004 document (and in conversations with tech support) that it was blocking all ports on dynamic ip accounts. They offer a static ip option on business accounts for a fee that does not block the ports.
    I have successfully set up RDC and Windows Home Server with Shaw as ISP with no difficulty and routinely log in remotely. Both networks use Linksys routers. By the way, Connecting WHS to DNS (via the wizard) requires turning off the router's wireless capability.
    I would like to hear from anyone who has successfully set up RDC or WHS with Telus as the isp.
    My experience has shown that it is not possible with Telus. This problem is caused by a Draconian Telus marketing decision and the quickest way to setup a connection from the internet is to change isp.

    ReplyDelete
    Replies
    1. Currenlty, the only ports blocked are the ones listed in the main blog post. You're being misinformed if someone from Telus told you otherwise.

      Delete
  8. i have telus and using cerberus and i am needing to set up an ftp soo whebn i am away i can access my files from home. i am on telus and using actiontec v1000 and can anyone tell me how i can do this. i changed ports on cerb and telus router and cant even access ftp in my net work upon doing so.
    anyone figure this out yet ?? please e-me derek.barker604@gmail.com if someone has an 100% fix i tried everything.

    ReplyDelete
  9. If Telus blocks all ports on regular accounts, then what happens if someone wants to check their IP cameras (such as the D-Link DCS-942L sold at Costco?). Do they have to upgrade to a "Business" account with a static IP? This seems so 1996 of them. Next they'll bring back PSK dialup but this time over VoIP over fiber as their next wonderful marketing innovation.

    ReplyDelete
    Replies
    1. change the port the service listens on to a port that isn't blocked

      Delete
    2. All ports are blocked man ....

      Delete
    3. I wasn't doing any BUSINESS. I was just SSH-ing from/to the next computer in my room. After one hour ALL ports became blocked. So mean.

      Delete
  10. Arg, spend over 6 hours trying to get my IP cameras to work. It should be so simple and yet I thought I was doing something wrong. My wife is in bed probably upset at me for working on this project which shouldn't take more than 10 minutes. Glad to see this post. I'll either have to switch off of Telus or just not be able to access my security system... hmm, wonder which it will be

    ReplyDelete
  11. I have a Telus V1000H router as well. I try to setup remote desktop. On the router I enabled port forwarding on port 3354 and in my computer's firewall I added the inbound port. I also added in the registry that remoted desktop uses port 3354. Still no luck. I get the standard message: "Remote Desktop can't connect to the remote computer...."
    By my knowing port 3354 is not a blocked port. What else could be wrong?

    ReplyDelete
  12. I have access to external IP server via Remote Desktop Connection. I cannot map the (external) server shared folder - I am told by the hosted server folks that the ports needed are 135-13 & 445 for both TCP and UDP. Sad part is I could do this on Shaw - but changed to Telus last week and now can't do it. Can I use port forwarding to accomplish this?

    ReplyDelete
  13. FYI I just got my IP cam to work remotely using port 333. As someone else stated in the comments above I can't see it when inside my own network accessing my IP address, but using my phone on the cellular network i was successful. Let's hope it stays working!

    ReplyDelete
  14. RaspberryPi Apache2 server on Telus. The following settings worked for me after much trying (ActiontecV1000H router/modem). Under Firewall change the security from NAT only to Low. This seems particularly important! Apply. Under Advanced Setup/DHCP Reservation enter the MAC address and select a permanent IP address (Telus seems to assign 192.168.1.xx, so change the xx) Apply Under Firewall/Port forwarding enter your fixed IP address and make all the start and end ports 87, and leave the protocol as TCP Apply. Now you need to change your server to listen to port 87, and access from outside will be your modem IP address (see Actiontec home page) followed by :87 Note that a lot of browsers ban port 87, so the outside users may need to override that ban in their browser settings.

    ReplyDelete
  15. ps to previous comment. Port 87 is the ttylink port, I changed to 85 and avoided the problem.

    ReplyDelete
  16. I have installed Xampp server in 3 computers for web development and using them as internal network. But I am unable to connect remotely as port 80 is blocked by telus. Can I config any other port to access remotely.

    ReplyDelete
    Replies
    1. I have Telus. Port 3389 is open. I don't use remote desktop. So on the telus router I port forward 3389 to 80 and my server IP. Going to try ssl later. This works greats so far

      Delete
  17. Fucking idiots, I spent hours on the phone with them, most of them don't even know what a static ip is, then after the hours on the phone we ended up 3 way actiontech for them to tell me how to setup the modem to use a static ip, which I already know how to do ... Then when it get to the meat where I have to enter the static ip info, he tells me I'm suppose to enter my domains ip there, what a fucking idiot, my domain points to the static ip they are suppose to give me. They have no clue what they're talking about most of the time, they don't even know port 80 is blocked, I just cant stand it. I ended up entering the dhcp ip i was given as a static ip, which lets the modem get onto the network, but yea of course that ip, port 80 is still blocked, and I think after a while it might expire or something and I won't be able to use that address, maybe not sure. I can get nginx to respond on port 81, but nothing on port 80. Does anyone even know if I do get a business account with a static ip if port 80 is going to be open, cause they have no fucking idea !! I just cant believe how oblivious they are ... even ended up talking to a tier 1 guy trying to tell me that they block port 80 for security reason with IIS back in 2006 or something, what a joke !!! They just don't want you to run a webserver from home unless you pay the big bucks, even tho I already even unlimited data package at home, my small home business website may serve 500mb a month !! What a joke they are, almost ready to switch to SHAW ! Unbelievable, so frustrated.

    ReplyDelete
  18. Fucking idiots, I spent hours on the phone with them, most of them don't even know what a static ip is, then after the hours on the phone we ended up 3 way actiontech for them to tell me how to setup the modem to use a static ip, which I already know how to do ... Then when it get to the meat where I have to enter the static ip info, he tells me I'm suppose to enter my domains ip there, what a fucking idiot, my domain points to the static ip they are suppose to give me. They have no clue what they're talking about most of the time, they don't even know port 80 is blocked, I just cant stand it. I ended up entering the dhcp ip i was given as a static ip, which lets the modem get onto the network, but yea of course that ip, port 80 is still blocked, and I think after a while it might expire or something and I won't be able to use that address, maybe not sure. I can get nginx to respond on port 81, but nothing on port 80. Does anyone even know if I do get a business account with a static ip if port 80 is going to be open, cause they have no fucking idea !! I just cant believe how oblivious they are ... even ended up talking to a tier 1 guy trying to tell me that they block port 80 for security reason with IIS back in 2006 or something, what a joke !!! They just don't want you to run a webserver from home unless you pay the big bucks, even tho I already even unlimited data package at home, my small home business website may serve 500mb a month !! What a joke they are, almost ready to switch to SHAW ! Unbelievable, so frustrated.

    ReplyDelete
  19. I’m not sure whether my internet service agreement has any note on blocking port 80 plus other important ports. Telus should understand that this is 2016 and providing internet service is becoming a just another “utility service” as electricity and water.

    ReplyDelete
  20. As time goes on, Telus is blocking more and more ports. As of today (September 9, 2016), they are blocking AFP ports (427 and 548), VNC ports (5800/5900), and CrashPlan remote backup ports (4242) in addition to the ports listed above.

    ReplyDelete