Skip to content
Skip to main content

  • Home

J
jaredmcq

New Contributor

 • 

2 Messages

Sunday, August 8th, 2021 10:32 PM

IPv6 Firewall on CGA4131COM Seems To Do Nothing!

I just discovered that the IPv6 firewall on my CGA4131COM seems to allow traffic regardless of the settings.

Set to the default of:

  •  

    LAN-to-WAN: Allow all.

    WAN-to-LAN: Block all unrelated traffic and enable IDS.

My internal FTP server is exposed to the Internet, even without any additional rules allowing FTP traffic. I worked around this by adjusting the Windows firewall rules.

My web server continues to be exposed to the Internet even if I switch the firewall setting to Custom and select "Block HTTP".

I was clued into this behavior when I discovered an abnormality in my DNS server and I discovered that it was able to answer requests from the external Internet.

Of course, I'm going to put in a third-party firewall now to deal with this mess, but given that Comcast basically forces IPv6 connectivity through the modem, you'd think they'd at least make the security work.

I tried to call in on Friday about it and was escalated to Advanced Repair. Advanced Repair emailed me this morning and said everything was working properly from my modem and they were able to reach the internet (OBVIOUSLY THEY DIDN'T EVEN READ OR UNDERSTAND THE TICKET).

I tried to call back in, but was hung up when I tried to explain the difference between IPv4 and IPv6.

Question

 • 

Updated 

3 years ago

222

2

0

CC_PeterC

Problem solver

 • 

17 Messages

3 years ago

Hi there @jaredmcq I hate to hear about the issues you're having with getting a resolution IPv6 firewall issues, but I can definitely take a look into this further for you. Please send us a Live Chat with your first and last name as well as your service address so we can assist. 
 
To send a Live Chat, click the Peer to Peer chat icon at the top right of the page and enter Comcast Business in the "To" section of the chat.

0

0

jaredmcq

New Contributor

 • 

2 Messages

3 years ago

I opened a chat and they were able to confirm what I was seeing -- making changes to the IPv6 firewall configuration makes no difference.  Even at the "Standard" setting, IPv6 is unfiltered.

I confirmed that even RDP on TCP 3389 is unfiltered, so the leading cause of network compromise right now is left publicly accessible on all systems immediately behind a Comcast Business Gateway in the Comcast default installation.

Comcast not only opens the door for hackers, they wedge it open by not even letting you turn off IPv6 in the gateway.

My ticket has been escalated again. Waiting the "up to 3 business days" to see what support says.

(edited)

1

0

CC_Ethan

Trusted Forum Contributor

 • 

51 Messages

I am glad it is being worked on and we definitely want to make sure of a solution. If you need further help, reach out.

I no longer work for Comcast.

Like

Reply

3 years ago

0