Work Around ISP Blocking Ports for Windows Home Server 2011

Home Server 2011 Login Screen
Windows Home Server offers you remote access to all of your files, that is, if your ISP lets you run a server on ports 80, 443 and 4125.  Not every home ISP allows you to run inbound traffic on those ports.  Luckily you can work around this by redirecting traffic from the outside internet to your internal network.  Before you do anything call your ISP and ask them if they will open up those three ports.  Many times they will oblige and you can save yourself a headache.  If that does not work and it is not against your terms of service, then there is a way to semi-elegantly work around the blocked ports.  Have a look after the break to find out how!

Disclaimer: I am not responsible or liable if you break your ISP’s terms of service by working around their port blocking.  Perform these instructions at your own risk.  Call your ISP if you are uncertain.
First the domain needs to be set up to point at your home router’s IP address.  Microsoft gives WHS 2011 users an out and offers to give you a subdomain like DomainName.homeserver.com.  It should also handle the IP address of your router switching, so there is no need to set up a static IP address with your ISP.  Next, the router is configured to forward a port that is not blocked by your ISP and forward it to your internal networks port 80, 443 and 4125.  Lastly, a subdomain of your own can be set up if you have an existing website similar to mine, or a domain name that you want to use specifically for your home server.  Geekier stock can take that to the bank, but for everyone else I have screen by screen instructions below.
Home Server 2011 Dashboard
Launch the Dashboard and click “Server settings” on the right
Remote Web Access Screen
Click “Remote Web Access” on the left pane.  Under the “Domain name” section click “Set up”
Getting Started Screen
Click “Next” to get started.
Kind Of Domain Screen
Select the “Get a personalized domain name from Microsoft” to get a SubDomain.homeserver.com style domain name.  Of course you could set up your own domain as long as your ISP will give you a static ISP.  Microsoft will handle the changing of your IP address through the homeserver.com domain.  When your IP changes, the homeserver.com domain will adjust on the fly and you will still be able to get to your home server.
New Domain Screen
Select “I want to set up a new domain name” and click next to continue.

Sign into Windows Live Screen
Sign into your Windows Live account and click next.
New Domain Setup
Select a (sub) domain name and click “Check availability” to see if it is taken already.  Finally click “Set up” to complete the registration.
New Domain Progress Screen
Wait while Microsoft registers a domain on your behalf.
Domain is setup screen
Success!  Click “Close” to continue.  If your ISP does not block ports then you would be done here.  For many of us, continue on!
Router Login Screen
You’ll need to configure your router to forward the correct ports.  Make sure you either turn off UPNP in the router or choose not to set up the router in the wizard under “Server settings”  By not letting WHS set up the router automatically, we can set the ports to forward to the right spot manually.  One more caveat here:  If you do not disable remote access to your router from outside of your home network, your SubDomain.homeserver.com will point to your router’s admin page.  You might not want to expose that to the public internet without a strong password.  You have been warned!  Either sure up your password or disable WAN side administration.
Router Port Forwarding screen
I will use my Linksys E2000 as an example.  You need to get a port that is not blocked to forward to port 443 over the TCP protocol.  That is the bare minimum to get any remote access at all.  In this example I am forwarding 4430 to 443 over TCP.  So we have the unblocked port 4430 from the outside internet redirecting to port 443 of the IP address of your home server on your internal network.  That is it for https access only; you may wish to forward these ports as well:

  • Port 443 is https (encrypted, secure)
  • Port 80 is http (unencrypted)
  • Port 4125 is WHS remote web desktop access

Remote web access should now work if you point your browser to https://SubDomain.homeserver.com:4430/remote If you are ok pointing your browser to that ugly URL then you are all done.  You should have remote access to the web interface of your home server.  If that is not quite good enough you can set up a redirect from a domain you already have, like I do with barnesian.  I use Google Apps with Go Daddy, but these general steps should work with any domain name provider.  You can set up a nice domain like SubDomain.barnesian.com which forwards to that ugly URL above.

Go Daddy Console

Log into your domain registrar’s dashboard and select your domain.

Go Daddy Subdomain setup
Select “Manage” to set up the subdomain.
Go Daddy Subdomain forwarding
If you forwarded port 4430 to port 443 then you can set up the subdomain to point to that ugly URL we used earlier.
That is all!  You can then go to SubDomain.YourDomain.com and you will be forwarded to your Windows Home Server’s web log in screen.  All IP address switching should be handled by Microsoft and you have successfully routed around the port blocking.  Enjoy!
Disclaimer: I am not responsible or liable if you break your ISP’s terms of service by working around their port blocking. Perform these instructions at your own risk. Call your ISP if you are uncertain.
Join me in the comments if you have any questions!

6 thoughts on “Work Around ISP Blocking Ports for Windows Home Server 2011

  1. how do i port forward all 3 ports? i can access the logon page but once i click on login, it is now blocked again. it seems all 3 ports are blocked from my isp. what do i put on the external port for port 80 and 4125? thanks!!

    1. It’s just a mapping, so you should be able to put 8080 (or whatever you choose) external => to 80 internal or something like that. Just pick a port and set up the external to map to the proper internal (like 80 and 443) and you should be fine.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>