Incoming Ports That Telus Blocks

Telus blocks you from hosting several services on your home internet connection. This prevents you from hosting things like web sites, ftp servers, mail servers, on their native ports. You can get around this by hosting these services on non-standard ports or using a VPN connection that doesn't block the same incoming traffic. 

The rationale for blocking these services appears to be under the guise of protecting users and the Telus network from malware. Really it's just a way to prevent you from fully utilizing your home connection and to force you to buy a more expensive tier of service.

The only packages with no blocked ports at this time are the Server packages.

The blocked ports currently are:

TCP 21 (ftp)
FTP server

TCP 25 (smtp)
Email delivery server (MTA - Mail Transfer Agent)

TCP 80 (www)
Web server

TCP 110 (pop3)
POP3 email retrieval servers (MDA - Mail Delivery Agent)

TCP 6667 (ircd)
IRC servers (Internet Relay Chat)

TCP/UDP 135-139 (dcom and netbios)
135 Windows RPC
136 PROFILE Naming System (basically unused)
137-139 Windows NetBios

TCP/UDP 443 (ssl)
Secure web browsing - HTTPS

TCP/UDP 445 (ms-ds)
Microsoft Directory Services

TCP/UDP 1433-1434 (ms-sql)
Microsoft SQL Server

Using your own router in tandem with the Actiontec V1000H Router and Telus Optik TV

...I choose my networking hardware, not my ISP (Telus)!

In the ideal big-brother world of Telus they would have you only use their supplied hardware for networking - ie the Actiontec V1000H Router. For advanced users this is a serious pain, when your own router probably has a much richer feature set. For others you may just want complete control of your network and its hardware.

The solution? Log in as root, set the Actiontec to "bridged mode", essentially turning it into a standard modem. Now you can use your own router connected directly to the WAN. If you call Telus tech support, they won't have a clue what you're talking about when you mention bridging or just tell you it's not possible. I understand that it's more difficult for the Telus support people to read from their script when every customer could have a different router, but I, like many others, never call Telus tech support unless there is something broken on their side, like my service has dropped completely. You may be better off talking to brick wall for anything else.

If you don't enable bridging on the Actiontec and you use it with your router, you'll get a double NAT situation. While it may work, it will be a pain to configure and may result in some peculiar networking problems. This is exacerbated by the fact that you don't have access to fully configure the Actiontec router to work properly in this situation - like disabling DHCP. Check out this explanation of double NAT for more info.

The below instructions work flawlessly with my DDWRT54G v3 running Tomato Firmware v1.28.7633 .3-Toastman-VLAN-IPT-ND ND VPN

To start - knowing your logins:

There are a set of logins for the Actiontec - the one that you're given is a crippled account with limited access to settings.

default customer login is (can be changed after first login)
username: admin
password: telus

"poweruser" login - some options are still locked
username: tech
password: t3lu5tv

root login - all features are unlocked and configurable
(old firmware 31.30L.48)
username: root
password: m3di@r00m!

(new firmware 31.30L.55)
username: root
password: Thr33scr33n!

Bridged Mode - so you can use your third party router:

Before enabling bridged mode you may want to turn off wireless if you're going to use it on your own router. I've had some problems turning it off after enabling bridged mode. Also, you can unscrew the attached antennas, you don't need them if you've turned off wireless.

On your third party router change the default LAN subnet to something outside of the Actiontec's default subnet 192.168.1.0 255.255.255.0 - 10.0.0.0 255.0.0.0 should work fine.

To enable transparent bridging mode:

1. log in as root
2. go to "Advanced Setup"
3. WAN IP Addressing
4. 2. Select the ISP protocol below
5. select "RFC 1483 Transparent Bridging"

Plug your own router (WAN port) into the actiontec router (LAN port), now your own router should transparently pass through the actiontec getting a DHCP assigned IP address directly from Telus. Some additional config may be necessary on your router.

To connect to the Actiontec router while in bridging mode:

Directly connect a computer to the actiontec router and change the adapter address to a static IP in the actiontec's default IP range.

192.168.1.1 should work.
Then connect to the router as usual - http://192.168.1.254

With bridging enabled, some strange behaviour is exhibited when logging in - you'll see below the log in section that it says you're already logged in as admin although you won't be able to view any of the configuration pages. When you log in as root you won't see any confirmation of a log in, you'll just get bumped back to the home page. You should be able to go to config pages once logged in though.

Alternatively you can log in using telnet if you want to enable it:

1. Advanced Setup
2. Remote
3. Remote Telnet
4. 1. Set the remote telnet state below.
5. Local Telnet -> enable
6. Set the user name and password for login

Use putty or some other terminal client and login using the username and password you've set.
Once logged in, you have a crippled shell - like the command "ls" and "cd" won't work.
To get a slightly more functional shell type "sh" to get a busybox shell.

To get Optik TV working with a third party router, you must enable multicasting:

If you don't have multicasting enabled on your third party router, TV channels will work for a few seconds then drop out.

For the tomato firmware this option is:
Advanced -> Firewall -> Multicast
Enable IGMPproxy
Check off the LAN segment you want to enable multicasting on - default should be LAN

Troubleshooting:

If you find you've locked yourself out of the router, or want to reset all the settings back to the defaults - do a factory reset.

Take a pen and press the reset button down (the button is recessed in a hole marked with a red circle around it) for a few seconds until the power light turns red, then unplug the power and plug it back in. The router will take around 30 seconds to reboot with the default settings.

UPDATE - May 1, 2013

If you need to do a factory reset or want to do other types of fiddling after being in bridged mode for awhile, disconnect the phone cable. Many people are reporting that their firmware gets updated immediately after a factory reset with the phone cable plugged in (ie being connected to the Internet) and the root password has been changed (unconfirmed) on newer versions of the firmware.

UPDATE - July 20, 2013

People are reporting that on newer firmware versions doing a factory reset will allow the root login to work again.