US Cable Support → Comcast HSI > [Connectivity] Static IP & SonicWall SOHO3 Configuration

[Connectivity] Static IP & SonicWall SOHO3 Configuration

We have recently switched ISP to use Comcast Business. They installed and configured a Comcast SMC Gateway. We have purchased one static IP address. We have turned off DHCP, NAT and Filtering on the SMC Gateway and have our SonicWall SOHO3 providing these functions to our LAN (192.168.0.x).

If we configure the WAN address on the SOHO3 as 10.1.10.10 and set the gateway to point to the SMC Gateway (10.1.10.1) then client devices on the LAN can access the web.

The problem arises when we configure the WAN address of the SOHO3 to use our Comcast assigned static IP address and set the gateway to point to the Comcast gateway address ( 1 + the static IP address). With this setup, client devices can no longer access the web. We can ping sites by domain name, or by IP address, but we can not connect using Telnet or a browser.

Comcast have connected remotely and reviewed and tested the gateway configuration and confirmed that it is setup and working as expected.

The only possble clue I see is that when we browse the web the SOHO3 appears to log a message reporting a TCP null port scan with a destination of our static IP address (SOHO3 WAN address), but I have not been able to confirm definitively that these events are related.

Does anyone have suggestions on configuration changes to the SOHO3 to try or further diagnostics to perform so that we can get our static IP implementation working?

Thanks in advance.

Correct. We have NAT enabled when we have 10.1.10.10 as the SOHO3 WAN address, but NAT disabled when attempting to use the Comcast provided static IP addresses. Apologies if I did not make that clear.

If it helps, I used the guide at »handymanhowto.com/2011/08/19/how···address/ to direct the configuration.

Do you have a routed subnet or multiple bridged IP addresses?

Where are the configuration instructions Comcast provided, or are you on your own using unsupported equipment?

Multiple times, the static info that Comcast gave us was wrong and they didn't recognize that even after we contacted them. I wouldn't rule that out as being the culprit, here.

Well, according to the Comcast instructions you mentioned, you should have all of your usable IP addresses available on the ethernet port of their gateway which is configured as a router by Comcast. Do you?

I can tell you for a fact that at our church we have comcast, static ip and Sonicwall its a different model. We used the static ip, gateway, dns that comcast provided and had to program a few rules and it worked. this was like 3 years ago so I dont remember anymore without looking at it again. But it was relatively easy once we figured it out. It sounds like you have done everything right so far. Probably its a sonic configuration that needs adjusting. Sorry I couldnt be more help

You might try replying to the OP who has the problem. I am not him.

I am unfamiliar with Sonicwall, but this sure sounds like a firewall issue.

Can you temporarily disable the firewall on the Sonicwall (leaving only NAT) and see what happens?

It almost sounds as if outbound traffic destined for port 80 is blocked.

Can you try and pull up a web page by ip instead of domain name (just to eliminate the dns lookup)...

Also, what about email...does it work or not (using an email client...not web mail)?

-Alan

-EDIT- Also, it is not necessary to disable DHCP or NAT on the SMC. If DHCP is enabled, and a client requests an address, the SMC will hand out a 10.1.10.x address. However, if a client is configured for a static public IP then the SMC will automatically "bridge" that connection to the public internet, bypassing NAT [my terminology may not be completely accurate here], without the need to disable NAT on the SMC.

A quick "guide" with screenshots just for a checklist:

»[Business] SMC modem with True Static IP for hosting web server

Some progress this morning but no final solution yet. Wanted to post this update in case it triggers any new suggestions.

The problem is with packet fragmentation. By default the Sonicwall will reject fragmented packets. There is an option to change this on each rule configured in the firewall. When I allow fragmented packets for traffic on port 443 client devices are immediately able to browse sites over https. Unfortunately, setting up a rule for port 80 that allows packet fragmentation has not so far had the same result.

What is odd is that the MTU must be different when the Sonicwall is configured with a static IP address. Will do some more investigation as to what the values are changing between.

If this gives anyone new ideas, please let me know.

Standard ethernet MTU is 1500. If you are using a lower value without a specific reason you may have problems.

your should check MTU setting son client PCs, also see this DSL Reports page about MTU:

»AT&T Southeast Forum FAQ »How do I find my optimum MTU setting?