Skip to content
m3_del's profile

Contributor

 • 

20 Messages

Thu, Sep 17, 2020 5:00 PM

Bridge Mode inbound/ingress traffic issues

Hi, I recently received a speed upgrade to my service which came with a new Comcast supplied gateway. Previously I had been running on a modem I supplied. I was happy to see I could enable bridge mode for my service (I do NOT have static IP service). I set the gateway to bridge mode, plugged my laptop in directly first and viola! I had a public IP and blazing fast speeds. The tech left and I unplugged the laptop and plugged in my ASUS wifi router (3rd party). It too got a public IP form Comcast and all my outbound traffic worked great! Still blazing fast. We run a couple of simple web sites locally and have port forward rules setup on the ASUS router for forward port 80 and 443 to the appropriate server. This has worked great for the last 10 years and I had anticipated no problems with bridge mode enabled. Sadly that is not the case. While I can ping the IP my router receives, no web traffic is being passed through. I thought it could be something funky with the router connecting to the bridge mode. So I called tech support and unplugged my router from the gateway, and plugged my laptop (firewall disabled!!!!) into the gateway device. I spun up a simple hello world web service on port 80. Alas, still no traffic forwarded to my public ip that my laptop received! We disabled bridge mode, got a NAT'ed IP, setup a standard 80:80 port forward on the Comcast gateway device and of course that worked.

 

Long story short I want bridge mode to work so that all traffic is sent on to my ASUS router and to allow that to handle all the traffic/forwarding/etc. Double NAT and 1-to-1 NAT sound horrible and make my DDNS solutions less than elegant. HELP!

Responses

Contributor

 • 

20 Messages

5 months ago

So it seems others are seeing similar issues with, perhaps this HW, not passing through traffic correctly in bridged mode. Support is telling me (via voicemail and then closing a ticket, BTW) that this is a de-mark issue so I need to contact my IT (which is me).

 

Where can I get help? I am having to have the poor support gal open yet another ticket for me regarding this.

 

 

Contributor

 • 

20 Messages

5 months ago

So advanced Bridged mode leaves the wifi hotspot active?

Official Employee

 • 

234 Messages

5 months ago

Thank you for your time and patience. You are correct. The advanced bridge mode leaves the option to have the WiFi hotspots active. In reviewing the account, I do see that we have another ticket open with our Advanced Repair team. What I will do from here is monitor this ticket and follow up with you in 24 hours to make sure you are contacted. How does this sound?

Contributor

 • 

20 Messages

5 months ago

OK, So with the help of a friend I am starting to get to the bottom of this. Here are some items we ran through with Wireshark on my end.

 

Gateway in bridge mode for all of this. Laptop plugged directly in with public IP address.

 

ICMP (Ping from my buddy's house to my public IP on my laptop): Wireshark file: brad-icmp | Wireshark filter: icmp

  • Success! pings happen. Wireshark see's them all. I see the request and the reply. It does not show my friends public IP as the source, rather it shows the IP address the gateway has received. I assume this is normal.

 

Traceroute from buddy to me: Wireshark file: brad-traceroute | Wireshark filter: tcp.port == 787

  • Seemingly a failure. He targeted my port 787 (which I was hosting a web on on at the time). We give up after 100 plus hops most of which are unknown/unreachable addresses. Wireshark does see traffic during this time. A LOT OF RETRANSMITS START TO OCCUR. More on this later.

At this point I started my web server. I decided to listen on port 787 rather than 80 to try and quiet the noise in Wireshark. This worked well to isolate traffic!

 

TCP locally on my laptop to port 787 on my laptop Wireshark file: localhost-port787 | Wireshark filter: tcp.port == 787

  • Success (big surprise!) Wireshark sees exactly 4 transmits. The GET followed by my ACK, Then the html payload being sent (in clear text since not using https) and the ACK.

TCP from external user (friend) to my laptop port 787 Wireshark file: brad-tcp-port787 | Wireshark filter: tcp.port == 787

  • Failure. Wireshark sees the attempts and it just floods in with re-transmits. A lot of RST and TCP Retransmits.

I am not network expert but I believe there could be some packets being malformed as they pass through the gateway device.

 

I have captured all of the wireshark outputs and am more than happy to share and even walk through live over a zoom/webex/teams/whatever screen share tool of your choice. Please let me know if you are able to update the ticket with this information to help with the troubleshooting.

 

Here are the Wireshark captures. I have updated the BOLD above to correlate the captures with the traffic type.

https://gofile.io/d/hdiKbS

 

Because I am not going to leave my laptop plugged in to my gateway all night. If you need a place to test against you can use the IP my router has on port 80 73.97.101.85 -> when this works my web service should just return a 404 page not found error

Contributor

 • 

20 Messages

5 months ago

Unless they have a special reset different from the one we can try thru the GUI, I have tried that more than one time 😉

 

In NAT mode using the gateway's port forward to my laptop plugged directly in, everything works great.

In bridged mode with the laptop getting a public IP... no dice. My laptop see's the traffic but it appears to be malformed packets (or something is getting in the way of response). I will have my friend run Wireshark captures from his end tomorrow to see what it looks like from his end.

 

All the traffic inbound looks like it comes from the gateway IP (even in bridge mode). I am not sure if that is to be expected or not though.

New Contributor

 • 

13 Messages

5 months ago

My call back from Level 2 support said I need to factory reset the comcast router. I'm trying that now.

 

I see the traffic coming in my logs thru my port forwards but the source IP is not what I expect and nothing works. Sounds like we have found a firmware bug or config bug that's not large enough for them to see enough issues to take notice.

New Contributor

 • 

13 Messages

5 months ago

I held little hope that a reset was going to fix it, but I jump thru the hoop.

 

The onsite gateway is mangle the src address or something.

 

This is a log entry of me sending an RDP connection thru a router at customer with comcast that is working. (diffrent model modem) I had to change the source address because it was my IP

Sep 21 20:29:08 Board007 kernel: [WAN_IN-3003-A]IN=eth0 OUT=eth1 MAC=04:18:d6:a1:24:53:28:52:61:f0:34:22:08:00 src=XXX.XXX.XXX.11 DST=10.6.7.110 LEN=52 TOS=0x00 PREC=0x20 TTL=119 ID=30148 PROTO=TCP SPT=41266 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0

 

This is a log entry doing the same to a router connected to the not properly working modem.

Sep 21 14:16:57 Board005 kernel: [WAN_IN-3003-A]IN=eth0 OUT=eth1 MAC=04:18:d6:a1:24:11:0c:11:67:02:48:22:08:00 src=73.11.255.94 DST=10.6.5.25 LEN=52 TOS=0x02 PREC=0x20 TTL=102 ID=20303 DF PROTO=TCP SPT=61896 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 MARK=0x64800000

 

I have no idea what's with this source address, its not my external IP address that I expect it to be.

 

I have come to the conclusion that the fastest resolution since I don't expect any help from comcast is to replace the modem with a store bought modem. I really like the Aris surfboard modems and have several deployed a clients and it saves them $15/month too.

Official Employee

 • 

508 Messages

5 months ago

Thank you so much for taking the time to supply all of the details.  A bridged modem will only assign dynamic public IPs to connected devices in the same manner as a basic cable modem. When you are setting up bridge mode are you using basic bridge mode? If so do you have your device set to allow WAN DHCP?

Official Employee

 • 

136 Messages

5 months ago

That is actually a really good modem! If you are looking into getting a modem here are the ones that work best with our Business Services, here is the link below. I would absolutely like to troubleshoot your modem further. Could you respond using a private note, just in case we need to dig deeper into your concern and need to access your account information. I would like to take a few more steps with troubleshooting your service, but it might impact any work that you are currently in process of working on. Would now be an okay time to work on your service? 

Contributor

 • 

20 Messages

5 months ago

While I am sure you are asking to work with SBT. I am still up and open to working on troubleshooting this issue.

 

If you are open to trying a few things, let me know.

Contributor

 • 

20 Messages

5 months ago

Ok, heading to bed. I will document the two scenario's in the morning.

 

SBT I can only imagine getting a fix for this will take some time as it is most likely a software fix and will require first being put on someones radar, having some sort of priority then finally going through test/Q&A before being released. If you need a fix in a timely manner my guess is purchasing your own modem is going to be the way to go. Sad thing is Comcast asked me to not bring my own as bridge mode would work just fine... 

Contributor

 • 

20 Messages

5 months ago

This is the problem! Thanks SBT for tag teaming this with me!

 

When I switch the gateway to NAT mode and port forward to my router which then port forwards to my server the SRC address shows my clients IP. (Double NAT's make me cringe)

 

When I have the gateway in bridged mode, my router gets a public IP but and maintains the same port forward settings as above. traffic shows up with injected packets where the SRC IP is actually the IP of the Gateway (yes it still gets an IP in bridged mode [Gateway->Connection->Comcast Network].

 

This is most certainly a bug. I am more than happy to document all of information that illustrates both scenario's

Official Employee

 • 

136 Messages

5 months ago

I truly apologize that you are currently having issues with your service. I know issues with the consistency of your internet service can affect your business and I would like to get to the bottom of this before it becomes a bigger problem. Would it be okay to further troubleshoot your service. This may affect any work you have in progress. Would it be okay to try a few more steps at this time?  

Contributor

 • 

20 Messages

5 months ago

I can only perform disruptive activities before 8am pst or after 3pm pst

I was available around 11:30pm right after you offered help. But couldn’t keep my eyes open until 2am. I will document the bug in your firmware this morning if you are interested.

Contributor

 • 

20 Messages

5 months ago

I saved my post that was just marked as spam (who knows why) if anyone from Comcast would like it. In my post I detailed my setup in both bridge mode and NAT mode showing the Wireshark captures that outline the supposed bug we found with these gateways when set in bridge mode.

 

The long and the short of it is that in bridge mode the gateway is injecting its IP into the source field versus passing the actual source on.