|
[Business] Comcast Business Class irritationsI removed the triple play package I originally had at my residence and upgraded the internet to Business class. Let me just say first and foremost that Comcast has been Johhny-on-the-spot with their support thus far. I have a direct customer service rep who has been more than helpful and the techs so far have been awesome.
This being said, there are some irritations with the Cisco Router DPC3939B that was issued. First and foremost I am a .Net/Android programmer so routers aren't my strong suite but usually I can get it to do what I want... Eventually.
I have a web server that I put up to host my sandbox for development projects. I own several Domain Names and I can not get to them when I am on my network. When I am outside my network, it is no problem (I think this is a form of NAT done within the router). Usually it is just a checkbox but I can't find it in the router.
I have a second router that I dumbed it down and basically use it as a WIFI access point on the third level of my house. I use Chromecast all over my house. Apparently Chromecast and the Cisco router are completely incompatible (Seriously?). Anyways, I have to keep the additional router on the network in order to use Chromecast. Now that Comcast finally gave me a router that can have signal on my third floor of my house, it is incompatible with Chromecast.
Both items seem small and trivial but combined they kind of defeat the purpose of going business class. Since I have a work around for the Chromecast, I need to get the NAT working on my network. I kind of consider this a show stopper. It complicates debugging applications multi-fold. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL
1 recommendation |
said by cgcarter1:I have a web server that I put up to host my sandbox for development projects. I own several Domain Names and I can not get to them when I am on my network. When I am outside my network, it is no problem (I think this is a form of NAT done within the router). Usually it is just a checkbox but I can't find it in the router. Nothing unusual here. Most NAT routers will not allow LAN clients to connect to the WAN IP address (or a host that resolves to the WAN IP address). This is called "loopback not supported." There are workarounds, the simplest being to add entries in your PC hosts file that relate your domain name to the private IP address of the server. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to cgcarter1
The problem you are having is that your domain names (which I assume point to one or more of your static IPs?) resolve to those IP addresses when you are inside your network on the LAN side - but on the LAN side those machines have local IP addresses (which are mapped to the static IP in the router)
Expensive routers do nat loopback routing (you can google that for all kinds of info on it.)
Your work around is to run a local DNS server - that server would return the local IP addresses for your locally hosted domain names. It's pretty simple in Linux land do to that, I don't have any experience with Microsoft DNS servers. Perhaps even your "dumbed down" router could do it. |
|
|
|
to graysonf
Thanks for the reply!
Host files? Wow, haven't played with those in a decade or so. Sounds like I just need to bite the bullet and get a good business class router. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
JohnInSJ
Premium Member
2015-Jan-30 10:00 am
said by cgcarter1:Thanks for the reply!
Host files? Wow, haven't played with those in a decade or so. Sounds like I just need to bite the bullet and get a good business class router. It's got to be the router doing the NAT. If that's comcast's router, then you're kinda stuck with it. |
|
|
I can bridge Comcast's router and then get a business class one. There are a couple features that I have looked at and was shopping when I was looking before but thought why spend the money when Comcast was giving me a new one. If it wasn't for this loopback issue, I would be ok sticking with it but I really need to get this resolved. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to cgcarter1
Do you have static IP's? if not then get a SB6183 instead and use a stand alone router.
some routers do loopback on nat but others don't
What I would do is run an internal DNS server and use that to do split DNS. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
to cgcarter1
said by cgcarter1:Thanks for the reply!
Host files? Wow, haven't played with those in a decade or so. Sounds like I just need to bite the bullet and get a good business class router. Two potential problems with "I just need to bite the bullet and get a good business class router." One is that Comcast probably won't support it if you have static IP address(es). Two is that it will not solve the problem if it doesn't support loopback. Unless you can come up with a good reason not to use host file entries, it's the easiest and simplest solution. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to cgcarter1
Don't bother just get a SB6183 and a router of your choosing. never bother trying to bridge the gateways its just asking for trouble. |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
1 edit |
to cgcarter1
said by cgcarter1:I have a web server that I put up to host my sandbox for development projects. I own several Domain Names and I can not get to them when I am on my network. When I am outside my network, it is no problem (I think this is a form of NAT done within the router). Usually it is just a checkbox but I can't find it in the router. To my knowledge, none of Comcast's business class gateway boxes will properly handle NAT loopback. If you have a dynamic IP address account, the only solution (if you continue to use the Comcast gateway) is to do local DNS to supply the local LAN IP address(es) for local server(s). The best solution for BCI dynamic IP address customers is to ditch the rented Comcast gateway box and use your own standard cable modem (make sure it is on the approved list for business class at » mydeviceinfo.comcast.net ) and your own router that can properly handle NAT loopback. I do this using a Motorola SB6121 modem and a D-Link DIR655 router, and I have no problems with NAT loopback. If your Comcast BCI account includes a public static IPv4 address block (or if you can justify paying for a static IPv4 address block), the simplest solution is to directly assign one of your public static IPv4 addresses to the server in question, and then you won't be troubled with NAT loopback, because NAT will not be involved. I used to do that when I was foolish enough to pay Comcast for a /29 static IP block. But now I just use the built-in DDNS provided by my domain registrar/DNS hosting service, and I have no problems with not using a public static IP address for each server (I just don't use a rented Comcast gateway box in order to not have NAT loopback problems). RE: bridging the Comcast gateway: I can verify from personal painful experience that trying to get a Comcast business class gateway put into bridge mode is a hassle. And also that keeping Comcast from randomly resetting it back into RG mode is an even bigger hassle. Get your own standard cable modem from the approved list and don't bother with the hassle of trying to get (and keep) a Comcast business class gateway box in bridge mode. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
to graysonf
said by graysonf:One is that Comcast probably won't support it if you have static IP address(es). If he has statics then put a business router behind the DPC and assign it one of the statics, if he doesn't have statics then just get a SB6183 and a router of his picking. |
|
DarkLogix |
to NetFixer
said by NetFixer:is to do local DNS to supply the local LAN IP address(es) for local server(s). Also local DNS would be better because if traffic were to get up there then internal DNS would point internal directly to the server and not add load to the router. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to DarkLogix
I would assume he does - one does not usually assign dynamic IP addresses to domain names. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
DarkLogix
Premium Member
2015-Jan-30 11:20 am
said by JohnInSJ:I would assume he does - one does not usually assign dynamic IP addresses to domain names. But it sounds like he's doing NAT on the SMC thus doesn't sound like he has statics, or if he does he's not doing it right. |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
1 edit |
to JohnInSJ
said by JohnInSJ:I would assume he does - one does not usually assign dynamic IP addresses to domain names. Why not? It is no more difficult to assign a dynamic IP address to a domain name (or host name) if your DNS hosting service properly supports DDNS. I have no problems at all using Namecheap to assign dynamic IP addresses to hosts in my domains (an A record is an A record): C:\>dig www.nature-pics.com
; <<>> DiG 9.9.2 <<>> www.nature-pics.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17722
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.nature-pics.com. IN A
;; ANSWER SECTION:
www.nature-pics.com. 180 IN CNAME nature-pics.com.
nature-pics.com. 180 IN A 107.3.233.242
;; Query time: 109 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Fri Jan 30 10:24:10 2015
;; MSG SIZE rcvd: 78
C:\>dig webhost.dcs-net.net
; <<>> DiG 9.9.2 <<>> webhost.dcs-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55775
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;webhost.dcs-net.net. IN A
;; ANSWER SECTION:
webhost.dcs-net.net. 180 IN A 107.3.233.242
;; Query time: 125 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Fri Jan 30 10:40:04 2015
;; MSG SIZE rcvd: 64
C:\>dig dcs-srv.dcs-net.net
; <<>> DiG 9.9.2 <<>> dcs-srv.dcs-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10005
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;dcs-srv.dcs-net.net. IN A
;; ANSWER SECTION:
dcs-srv.dcs-net.net. 180 IN A 68.53.43.116
;; Query time: 125 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Fri Jan 30 10:40:15 2015
;; MSG SIZE rcvd: 64
EDIT: Here is the dcs-srv.dcs-net.net server's A record after I just changed its local default gateway (no manual DNS record changes were required): C:\>dig dcs-srv.dcs-net.net
; <<>> DiG 9.9.2 <<>> dcs-srv.dcs-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50907
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;dcs-srv.dcs-net.net. IN A
;; ANSWER SECTION:
dcs-srv.dcs-net.net. 180 IN A 107.3.233.242
;; Query time: 125 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Fri Jan 30 10:59:20 2015
;; MSG SIZE rcvd: 64
|
|
NetFixer |
to DarkLogix
said by DarkLogix:said by JohnInSJ:I would assume he does - one does not usually assign dynamic IP addresses to domain names. But it sounds like he's doing NAT on the SMC thus doesn't sound like he has statics, or if he does he's not doing it right. Unfortunately, some BCI CSRs will insist that using 1 to 1 NAT is the only proper way to assign a public IP address to a server behind a Comcast gateway. I had that stupid discussion with more than one BCI CSR when I would have to call to have them fix problems on my SMCD3G-CCR that my cusadmin credentials would not allow me to fix. I even had one CSR who refused to believe that I actually had active servers because I did not use 1 to 1 NAT, actually change my config remotely to use 1 to 1 NAT (without informing me that was being done). If the OP has a static IP account, and Comcast was consulted on how to setup the gateway to assign a static IP to a local server, the result could very well be that 1 to 1 NAT was used. |
|
|
to JohnInSJ
said by JohnInSJ:I would assume he does - one does not usually assign dynamic IP addresses to domain names. I have a single static IP Address. It fits my purposes because I have a single web host server that will translate the header DN to the correct website in Windows 2008. All that is required is to forward port 80 on the router (I'm sure you guys know this...) So, on my Windows Server I need to add the DNS Role, configure the zone and then configure the forwarder to Comcast's DNS. This will cover me for the internet. On my side I can come up with whatever FQDN I want as long as I configure it in the hostname for the site in IIS because the request never leaves my intranet. The forwarder will handle everything else. Seems like I'm going around my elbow to get to my ass when all Cisco had to do was add the functionality to the router (I get it... security)... |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX 1 edit |
DarkLogix
Premium Member
2015-Jan-30 12:34 pm
said by cgcarter1:I have a single static IP Address. It fits my purposes because I have a single web host server that will translate the header DN to the correct website in Windows 2008. All that is required is to forward port 80 on the router (I'm sure you guys know this...) If you're paying for a static then DO NOT USE THE DPC FOR NAT EVER. (in fact if you're using BCI then just don't use the Comcast provided gear for nat ever.) Technically there are 2 statics, one assigned to the DPC and one you're paying for, the one assigned to the DPC is your gateway address for your router the other is the one you should be using, sure some play games and use both by doing 1-to-1 NAT on the DPC to use the 1st and then assign the paid for one to their gear but doing any NAT on the DPC isn't a good idea. |
|
DarkLogix |
to NetFixer
said by NetFixer:Unfortunately, some BCI CSRs will insist that using 1 to 1 NAT is the only proper way to assign a public IP address to a server behind a Comcast gateway. I had that stupid discussion with more than one BCI CSR when I would have to call to have them fix problems on my SMCD3G-CCR that my cusadmin credentials would not allow me to fix. I even had one CSR who refused to believe that I actually had active servers because I did not use 1 to 1 NAT, actually change my config remotely to use 1 to 1 NAT (without informing me that was being done). If the OP has a static IP account, and Comcast was consulted on how to setup the gateway to assign a static IP to a local server, the result could very well be that 1 to 1 NAT was used. Ya some CSR's are dumb others are great. But there is never a good reason to do NAT on a BCI gateway as they are best just routers not nat routers. The proper way as we know here is assign the paid for static to your own router behind the DPC and use that router for NAT with no NAT what-so-ever on the DPC and just let it do basic routing. |
|
|
Thanks everyone for the enlightenment. I really do appreciate it! |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to DarkLogix
said by DarkLogix:said by JohnInSJ:I would assume he does - one does not usually assign dynamic IP addresses to domain names. But it sounds like he's doing NAT on the SMC thus doesn't sound like he has statics, or if he does he's not doing it right. SMCs can't be put into bridge mode, even with statics. You won't be able to hit your external static IP address from inside your network in any mode of the SMC, it just doesn't route that way. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX |
If you have statics they're assigned to you equipment thus its not the SMC that needs to route your internal traffic to them, the SMC would just route external to them and them to external. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to JohnInSJ
said by JohnInSJ:... one does not usually assign dynamic IP addresses to domain names. I did just that on an AT&T account, and on a Sonic.net account; until Sonic.net offered a free static /32 while I was still trying to decide if I wanted to pay an extra $10 a month for statics. |
|
edporch join:2011-06-25 Indianapolis, IN |
to JohnInSJ
said by JohnInSJ:SMCs can't be put into bridge mode, even with statics. -snip- Just for the record, SMCs can be put into bridge mode. I have an SMCD3G with a block of 5 static IP's. It was put into bridge mode remotely by Comcast tech support. I simply run one network cable from any of the SMC's outputs to the input NIC of my router. My router is an OpenBSD based PC that I built as a 3 legged firewall. In my hostname.em2 definition file for the input NIC of the router I have: inet xx.xx.182.73 255.255.255.248 NONE inet alias xx.xx.182.74 255.255.255.255 NONE inet alias xx.xx.182.75 255.255.255.255 NONE inet alias xx.xx.182.76 255.255.255.255 NONE inet alias xx.xx.182.77 255.255.255.255 NONE On the inside of my network, one NIC uses 3 of the static IP's for web and mail servers. With the 5th Static IP used for the other inside NIC as a NAT address for my private network. I used Unbound as my DNS caching server program (it comes with OpenBSD) I solved the problem of accessing my domains in the other inside network by simply adding DNS spoof statements to the unbound.conf file in the firewall/router. for example: # DNS spoof to point to site local to network local-zone: "mydomainname.com" redirect local-data: "mydomainname.com A 10.0.0.2" # where 10.0.0.2 is the local binat IP address of that web/email server This works well to allow access from the Internet on a routable address, and locally. Openbsd is free, secure and you can make a great router with it using any PC with reasonable processing power. openbsd.org |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
3 edits |
NetFixer
Premium Member
2015-Jan-31 11:43 pm
said by edporch:Just for the record, SMCs can be put into bridge mode. I have an SMCD3G with a block of 5 static IP's.
It was put into bridge mode remotely by Comcast tech support... I can guarantee that your SMCD3G-CCR is not in bridge mode if you still use the static IP gateway address (which is the address assigned to the SMCD3G), and are still able to use your assigned static IPv4 address block. In order for Comcast's authenticated RIP to work (and authenticated RIP must be used for Comcast's static IPv4 routing), the SMCD3G-CCR must be in RG (router) mode...period...no exceptions. All the BCI CSR did was to set your SMCD3G-CCR into true static IP mode with no NAT and no LAN side DHCP server -- and that is not bridge mode. When they do this and tell the customer that their SMCD3G-CCR is in "bridge mode", they sometimes also disable the customer side admin login capability as "proof" that the SMCD3G-CCR is in "bridge mode" (and also to keep the customer from easily seeing what they really did) -- but that is a big lie designed to get a static IP customer who insists that the SMCD3G-CCR be put into "bridge mode" off the phone and pacified. The SMCD3G-CCR can actually be put into bridge mode, but getting that done is a hassle, and keeping Comcast CSRs from resetting it back into RG (router) mode is an even bigger hassle (BTDT and it is a really big PITA). If your SMCD3G-CCR were actually in true bridge mode, it would act just like a stand alone bridge cable modem, and instead of being able to use the /29 static IPv4 address block that you are paying for, you would instead be getting up to five DHCP assigned dynamic IPv4 addresses (and they would not be in a single route-able block). You are of course, free to believe the above information -- or not. After all, Comcast would certainly not lie to a customer and you don't know me at all; but it is nonetheless the way it really works. |
|
edporch join:2011-06-25 Indianapolis, IN |
NetFixer, Thanks for the info. Yes, once they do this I can't login to the SMC. But from my end, I get my block of 5 static IP's just like I used to when I had DSL and put it into "dumb modem" mode.
So while you make the case that it isn't in "bridge mode" it behaves that way for my purposes, and I'm satisfied.
Now, that said, I'm curious, how does one actually put an SMCD3G into true bridge mode? |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2015-Feb-1 12:59 am
said by edporch:Now, that said, I'm curious, how does one actually put an SMCD3G into true bridge mode? One doesn't put an SMCD3G-CCR into true bridge mode unless one has access to the "mso" password of the day. If one can obtain that password, my recollection is that the command line is "set RG 0" (or perhaps "set RG=0", it has been a long time since I logged into a Comcast business class SMC gateway box, and my memory is a bit fuzzy). But remember, true bridge mode will disable the SMCD3G-CCR's capability to use the Comcast static IPv4 address block -- it will be a bridge device, and it won't even show up in any IP traffic. That is because it will not have a customer side Internet IP address (it will have a CMTS maintenance interface IP address, but that is a totally different part of the device that is not directly involved with Internet traffic). |
|
edporch join:2011-06-25 Indianapolis, IN |
Thanks for the info. I don't really have any desire to do it, I was just curious. |
|
DarkLogixTexan and Proud Premium Member join:2008-10-23 Baytown, TX 1 edit |
to edporch
said by edporch:Just for the record, SMCs can be put into bridge mode. I have an SMCD3G with a block of 5 static IP's.
It was put into bridge mode remotely by Comcast tech support. That's an error of terms its not in bridge mode. bridge mode is for dynamic users only and may be reset at anytime. (such a user should just get a SB6183) "Pure Router" mode is for use with statics and will not be lost. |
|
DarkLogix |
to edporch
said by edporch:Thanks for the info. I don't really have any desire to do it, I was just curious. And if it were in bridge mode and you set your network for that then it would randomly change back breaking your network .as to accessing the SMC while in "Pure Router" mode as it currently is yes it is possible but you need to; 1. confirm what it's private IP is (it still has one its just that you don't use it) 2. insure that your internal network doesn't overlap. 3. ensure that you don't have a routing statement that conflicts. I know because I used the SMC, SMC-d3, and now the DPC3939b and on all I set its private IP to 192.168.100.1 (well the DPC to 192.168.200.1 as it has some internal issue with 100) and was still able to access it from internal. IIRC the default IP that they use is 10.1.10.1 which if you're using 10 internally then it might conflict and thus you won't be able to reach it. |
|