Skip to content
m3_del's profile

Contributor

 • 

20 Messages

Thu, Sep 17, 2020 5:00 PM

Bridge Mode inbound/ingress traffic issues

Hi, I recently received a speed upgrade to my service which came with a new Comcast supplied gateway. Previously I had been running on a modem I supplied. I was happy to see I could enable bridge mode for my service (I do NOT have static IP service). I set the gateway to bridge mode, plugged my laptop in directly first and viola! I had a public IP and blazing fast speeds. The tech left and I unplugged the laptop and plugged in my ASUS wifi router (3rd party). It too got a public IP form Comcast and all my outbound traffic worked great! Still blazing fast. We run a couple of simple web sites locally and have port forward rules setup on the ASUS router for forward port 80 and 443 to the appropriate server. This has worked great for the last 10 years and I had anticipated no problems with bridge mode enabled. Sadly that is not the case. While I can ping the IP my router receives, no web traffic is being passed through. I thought it could be something funky with the router connecting to the bridge mode. So I called tech support and unplugged my router from the gateway, and plugged my laptop (firewall disabled!!!!) into the gateway device. I spun up a simple hello world web service on port 80. Alas, still no traffic forwarded to my public ip that my laptop received! We disabled bridge mode, got a NAT'ed IP, setup a standard 80:80 port forward on the Comcast gateway device and of course that worked.

 

Long story short I want bridge mode to work so that all traffic is sent on to my ASUS router and to allow that to handle all the traffic/forwarding/etc. Double NAT and 1-to-1 NAT sound horrible and make my DDNS solutions less than elegant. HELP!

Responses

Official Employee

 • 

348 Messages

7 m ago

Thank you so much for providing that information as this does give us a better understanding of what is going on. I do see that we still have our open ticket for advanced repair and we should be reaching out to you within 24-48 hours. I know how frustrating this has been for you and we really do appreciate your patience with us and I will reach out as soon as we have an update with the request. 

Contributor

 • 

20 Messages

7 m ago

Do you know why my post was marked as spam? Here it is with IP's edited out (assuming that is why this was marked as spam)

 

Simple testing reveals the bridge mode issue. in both examples I am hosting a simple web page on my laptop on port :787 (to keep the filters simple in Wireshark).

 

Comcast Gateway Model: CGA4131COM

HW Version: 2.3

Boot Version: S1TC-3.60.19.137

Download Version: CM DOCSIS Application - Prod_18.3_d31 & MTA Application - Prod_18.3

Double NAT WorkingDouble NAT Working

The above Wireshark capture is my laptop behind my ASUS router with (192.168.0.X). *IP's removed*

  1. The Comcast Gateway (Public IP 76.104.XXX.XXX) is in NAT mode (10.1.10.X). 
  2. Only the ASUS router is plugged in (10.1.10.XX)
  3. My laptop is connected to my ASUS router via WIFI. (192.168.0.XXX)
  4. Gateway port forward is 787->787 to my ASUS router
  5. ASUS port forward is 787->787 to my laptop

Notice even through this mess of a double NAT the Source IP is showing the client inbound IP (73.83.X.X). We validated that was his IP. This is expected behavior. He gets to the web pages listening on my laptop on port :787.

 

Now for the problem.

Bridge Mode Direct not workingBridge Mode Direct not working

The mess above is now showing what happens when my same laptop, hosting the same web page on port :787 is plugged directly into the gateway while in bridge mode. The client is now reaching out to my laptop via the public IP my laptop gets via Comcast DHCP. Notice in this session the SRC, which should be my clients IP, has been replaced with the IP of the gateway device. Now my web server does not know where to send ACK's and the web page data. This setup is

  1. The Comcast Gateway (Public IP 76.104.XXX.XXX) is in bridge mode (basic)
  2. Only my laptop is plugged in and getting a public IP (76.104.XXX.XXX)
  3. Website is the same and still hosted on port 787.

Official Employee

 • 

240 Messages

7 m ago

Thank you for providing these details and for sending over those pictures! We appreciate you for the time you have spent on this so far. We want nothing more than to get this resolved for you. Most of these settings are beyond our demarcation of support as internal networks vary so drastically from business to business. Thanks for that great question about the posts being marked as spam. We definitely would not want your IPs posted publicly for security purposes. What I would like to do from here is monitor the request that we have opened with our Advance Repair team who will be contacting you within the next 24-48 hours. Our Advance Repair team and will work hard with us with dedication and commitment to resolving the modem concern as quickly as possible. In the meantime, please feel free to reach out for any additional questions or concerns. Thank you for your business and patience.

Contributor

 • 

20 Messages

7 m ago

Thanks for the note Gabe.

 

The issue (second part) is in no way past your Demarcation. Hence I am directly connecting to the gateway in bridge mode. As user: SBT is also seeing the gateway is doing something with the packets as they pass through to the laptop public IP that replaces the SRC IP with the IP of the gateway. Without getting shell access into the gateway to run a TCP dump there is no way for me to prove this to you besides what I am showing here. The standard answer of demarcation is not acceptable. At this point if that would be the answer it would need to be proved to me that this is in fact an issue on my end. I have provided mountains of data that I believe show the issue is with the gateways bridge mode mangling packets.

Contributor

 • 

20 Messages

7 m ago

To rephrase what you just asked...

 

Comcast did "SOMETHING" to resolve this.

 

The something is where there is a mystery. I hope they do "SOMETHING" to resolve this for you so you do not have to spend capital on standard modem. 

Contributor

 • 

13 Messages

7 m ago

Just so I understand, Comcast did something on their end to fix your issue.

Contributor

 • 

13 Messages

7 m ago

If its not to much trouble, I would be curious what your router software version is, I wonder if the downgraded or upgraded your firmware?