Port forwarding 101 for a router lan comcast

I always have trouble with this stuff, but it seems really simple?

I have Comcast box (coax coming in and Cat 5 data cable going out, into the wan of my cisco small business firewall).

The cisco says it's wan IP is and its gateway is

On the lan side of the cisco, devices have ip addresses.

we put a security camera DVR on the lan with ip and want to get to it from outside.

there's 2 ports the dvr company says we need to forward 40085 and 49009

in the cisco I have 2 rules doing that - in on 40085 , out on port 40085 to ip

then in the Comcast box, I logged in and under firewall, set up 2 port forwarding rules

40085-40085 forwards to 40085 and the IP is (right, where the packets are going to - the wan of the cisco router?)


49009-49009 forwards to 49009 and the IP is



still says the ports are closed.  what am I doing wrong?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

BigPapaGottiConnect With a Mentor Commented:
The WAN IP address that is being assigned to your Cisco router is a Private IP address and is not routable on the internet. You would need to contact Comcast and tell them you need a public IP address assigned to your Internet Service in order for this to work.
BeGentleWithMe-INeedHelpAuthor Commented:
argh! I did some googling and added the cisco box as the DMZ on the Comcast device - that passes everything to the wan of the cisco.

port checking shows the port is still closed.  what's wrong?! I have the enable checked next to the 2 entries in port forwarding.
BeGentleWithMe-INeedHelpAuthor Commented:
weird.  I put the as the DMZ of the cisco router and it still shows the port is closed.  Any kinds of tests can I do?  I can ping the public IP from an outside machine and I get a ping back.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

May I ask what the Public IP address is that you are pinging?
BeGentleWithMe-INeedHelpAuthor Commented:

there's a setting in the gateway to turn off pinging on the wan port.  While pinging and getting replies, I turned off pinging and the replies stopped. so I do have a public IP?  right, the 10.x.x.x and 192.x.x.x IPS are not routable.  but just like I can get out to the web with them, I should with port forwarding / dmz, be able to get back in?

I just used


and for the ports that are open, it said filtered rather than closed and the first port said: mit-ml-dev and cslistener
InfamusConnect With a Mentor Commented:
You have to use 10.1.10.x IP if the device is on DMZ.
BeGentleWithMe-INeedHelpAuthor Commented:
yes, the wan of the cisco box is
InfamusConnect With a Mentor Commented:
The DVR device needs to be on 10.1.10.x subnet and the port forwarding needs to be done on comcast side.  If you want to manage your router, then camcast has to be on a bridge mode but I'm not sure if comcast allows that.  Most DSL providers would do that for you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.