Actiontec MI424WR-GEN2 Firmware Fiasco

OK, this will get a little technical but that’s all right.  Some other poor techie out there might benefit, and you don’t mind helping, do you?  It’s important!

Verizon killed our streaming server.

It all started about a week ago, after I got the Icecast streaming server installed and running.  (We need Icecast because Windows Media Services doesn’t broadcast in MP3 format and we iPhone users absolutely DESERVE Ultimate Super Radio!)  Icecast was working fine on the LAN, so I went to modify the port forwarding rules on the Verizon / Actiontec MI424WR-GEN2 hardware version E router in order to stream the station out to the Internet.  Just a couple of days before I had logged into this same router, edited the port forwarding rules and sent the Windows Media stream out to the World.

Quite naturally I was surprised when I logged into the router and found that the GUI for writing the port rules was GUTTED.  A behind-the-scenes firmware update had eviscerated the port forwarding editor and port forwarding capabilities of the router.  I could no longer edit rules on a address-by-address basis.  I couldn’t even edit the existing rules, only delete them.

Verizon or Actiontec had ‘upgraded’ my router firmware from 20.9.0 to 20.10.7 in the last day or so.  This update wrecks the port forwarding capabilities and GUI for anyone running multiple public IP addresses.

(Now — I have to confess — I have a backup IPCop router standing by with all the rules programmed into it.  All I had to do when my first MI424WR router died was move the LAN and WAN cables over and boot the box.  I love IPCop — I just prefer hardware-based firewalls.  So, not to worry.  If I wanted to get the media server playing to the Internet I could.  But what I wanted to do was find out why the router had been trashed like this.)

I immediately called FiOS tech support, got the call escalated, and then discussed the problem with an equally astonished engineer.

He escalated the call again.  Over the next four days, Arthur and Jay (or Jason), two excellent Verizon engineers found out that, yup, the port forwarding GUI had been redesigned; yup, my firmware had just been updated; and yup, we have the old firmware [version 20.9.0] available for you.  How kind, I thought.

But things went downhill quickly.  The Actiontec router, once upgraded to 20.10.7 will not downgrade to 20.9.0. 

Here are some other tidbits I learned.  Arthur and Jay [of Verizon, remember] contacted Actiontec engineering and learned that Verizon had requested the firmware changes.(!)  They chuckled when they told me, a bit chagrined.  They offered to send me a router with the 20.9.0 firmware.  That was kind, but unworkable.  They had nuked my firmware once, I knew they could do it again.

Sidebar — For those of you playing along a home, the MI424WR-GEN2 is the FiOS router being used widely on the East Coast.  Buried under the Advanced settings > Firmware Upgrade menu is an option to Upgrade from Internet.  You can turn this automatic firmware upgrade feature off, according to the GUI.  In reality you can just ignore the setting entirely.  I had the automatic update option TURNED OFF and they still installed the newest firmware.

Endgame — I have a nice Logic Supply Mini-ITX 4-port implementation of m0n0wall sitting here on the bench.  At this point, that appears to be the best path forward.  I’ll DMZ the Actiontec router so the Set Top Boxes for FiOS TV still work (Menu, Program Guide, etc.), then set up the port forwarding rules the way I want them, again using an Open Source firewall.

IPCop and m0n0wall, take a bow!  Why did I ever leave you in the first place?  Ultimate Super Radio should be back on the air this week, Lord willing.  Stay tuned!

3 comments on “Actiontec MI424WR-GEN2 Firmware Fiasco”

  1. Hi Stephen,

    I wanted to give you some feedback with the way I handled this particular router.

    In the Port Forwarding section, I chose “Specify IP”, “Custom Ports”, “Protocol – TCP”, Source Ports – “Any”, Destination Ports “Specify” with outside Port 50000 (like, and Forward to Port “Specify” with inside port 3389 (This used the RDP, or what ever your hardware needs to communicate). That configuration worked beautifully. I was able to connect multiple remote desktop connections.

    I think that the Source ports are what screws up the configuration. I wish there were clear directions on how to properly do this, but after a few hours of trial and error, I figured it out.

    If you ever get a chance to attempt this version of the setup and have success please let me know.


    Paul Donovan

    1. Beautifully done, Paul.

      I like the redirect you added. I’ve had to use the same approach when working with limited external IP addresses. Different outside port numbers direct to different internal IP addresses on port 3389. (Or an alternate port, if you’ve changed the RDP listener port.)

      For example, points to points to points to

      Etc. That’s a great add, Paul. Thanks a lot!

      Steve Worden @RadioNewark

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup!