Skip to content
Skip to main content

  • Home

plindner's profile
plindner

New Contributor

 • 

9 Messages

Monday, May 6th, 2019 12:00 AM

Routing 10.1.10.x to Static IP

My old SMC finally failed and I now have a new CBR-T.

 

Sadly it appears that this new modem is incorrectly skipping the NAT when connecting to the static IP.

 

Configuration

   - Standard internal DHCP network on 10.1.10.x

   - Server with 2 ethernet connections to CBR-T switch:

     - Interface #1  IP: 173.164.253.125/30 default gw 173.164.253.126

     - Interface #2  IP: 10.1.10.2 (not using the default router)

     - ip forwarding disabled.

   - Firewalls disabled

   - DMZ disabled

   - 1:1 NAT disabled.

 

External traffic correctly uses the static IP.

Internal DHCP hosts can use external hosts and other 10.1.10.x hosts without problems.

 

The problem comes when I want to go from an internal host (say 10.1.10.31) to the static IP (173.164.253.125).  It appears that the CBR-T is not NATing traffic destined for that network.  Here's an example packet capture showing an attempt to connect to port 80 from an internal host to the static IP:

 

 

 

$ tshark -i eno1 -i eno2 port 80

1 0.000000000 173.164.253.125 → 10.1.10.31 TCP 74 80 → 50661 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3822064875 TSecr=1709399951 WS=128
2 -0.000066636 10.1.10.31 → 173.164.253.125 TCP 78 50661 → 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1709399951 TSecr=0 SACK_PERM=1
3 1.051509002 173.164.253.125 → 10.1.10.31 TCP 74 [TCP Retransmission] 80 → 50661 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3822065927 TSecr=1709399951 WS=128

 

Note that the connection comes directly from 10.1.10.31 instead of the NAT external address at 173.164.253.126

 

This all worked before on the SMC.

 

Any ideas?

 

 

 

 

 

 

 

 

Question

 • 

Updated 

5 years ago

2.3K

7

0

0

CCMichaelM

Visitor

 • 

226 Messages

5 years ago

Good morning. Thanks for reaching out to us here on our Comcast Business Support Forums. I'll need to take a closer look at the Comcast Modem to get a full understanding of what your issue is. Please, send me a private message with your full name, address and, the phone number listed on your Comcast Business Account for assistance.

0

0

plindner

New Contributor

 • 

9 Messages

5 years ago

My Mosh traffic on UDP port 60001 is working fine though ¯\_(ツ)_/¯

 

[root@mirth ~]# tcpdump -n -i eno1 port 60001
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
00:35:46.302524 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 85
00:35:46.311390 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 77
00:35:46.360842 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 90
00:35:46.390143 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 86
00:35:46.399038 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 78
00:35:46.449449 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 78
00:35:46.503274 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 64
00:35:46.817347 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 78
00:35:46.826931 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 727
00:35:46.846943 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 110
00:35:46.876673 IP 173.164.253.125.60001 > 10.1.10.31.56945: UDP, length 74
00:35:46.928970 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 70
00:35:47.127783 IP 10.1.10.31.56945 > 173.164.253.125.60001: UDP, length 80

0

0

CCMichaelM

Visitor

 • 

226 Messages

5 years ago

Good morning, Paul.

That's awesome that everything is working now! I still want to keep an eye on this though. I'll follow up with you in about a week to make sure that it is :).

Do you have the Comcast Business mobile app? It's super convenient. You can verify reported interruptions in the area and, send the same refresh signals that we do! You can also manage some features like your Wi-Fi settings and verify your static IP address. That's in addition to being able to manage your bill as well.

I'll message you next Wednesday to make sure everything has been working good for you. Of course, if there's anything you need in the meantime, feel free to message me. Thank you so much for reaching out to us for help here and, for choosing Comcast! Have a wonderful day.

0

0

CC_Anisa

Problem solver

 • 

348 Messages

5 years ago

How long has this happened?

0

0

plindner

New Contributor

 • 

9 Messages

5 years ago

No no no..  still not working.

 

Only UDP traffic is able to transit.  TCP connections are totally messed up.

 

Can you escalate?   This seems like it should be something that should be documented directly...

 

Thanks!

0

0

plindner

New Contributor

 • 

9 Messages

5 years ago

Anisa: this has never worked on the new CBR-T modem.

 

Routing on the old SMC modem was working properly.

 

I do hope that there is a solution so that the NAT'd traffic can use the static IP directly.  I really don't want to add another router or use split-DNS.

0

0

plindner

New Contributor

 • 

9 Messages

5 years ago

Shouting into a void some more after more experiments

 

  • Devices using the CBR-T wifi network can send/receive traffic to the static IP.
  • Devices on the wired network or using an AP Bridge cannot.

That makes sense as routing/firewall from interface <-> interface is easier between physical interfaces.

 

My feature request is that the CBR-T should split ethernet interfaces, static on a specific port, NAT on the others...

 

0

0