New problem solver
•
20 Messages
Bridge Mode inbound/ingress traffic issues
Hi, I recently received a speed upgrade to my service which came with a new Comcast supplied gateway. Previously I had been running on a modem I supplied. I was happy to see I could enable bridge mode for my service (I do NOT have static IP service). I set the gateway to bridge mode, plugged my laptop in directly first and viola! I had a public IP and blazing fast speeds. The tech left and I unplugged the laptop and plugged in my ASUS wifi router (3rd party). It too got a public IP form Comcast and all my outbound traffic worked great! Still blazing fast. We run a couple of simple web sites locally and have port forward rules setup on the ASUS router for forward port 80 and 443 to the appropriate server. This has worked great for the last 10 years and I had anticipated no problems with bridge mode enabled. Sadly that is not the case. While I can ping the IP my router receives, no web traffic is being passed through. I thought it could be something funky with the router connecting to the bridge mode. So I called tech support and unplugged my router from the gateway, and plugged my laptop (firewall disabled!!!!) into the gateway device. I spun up a simple hello world web service on port 80. Alas, still no traffic forwarded to my public ip that my laptop received! We disabled bridge mode, got a NAT'ed IP, setup a standard 80:80 port forward on the Comcast gateway device and of course that worked.
Long story short I want bridge mode to work so that all traffic is sent on to my ASUS router and to allow that to handle all the traffic/forwarding/etc. Double NAT and 1-to-1 NAT sound horrible and make my DDNS solutions less than elegant. HELP!
CC_Anisa
Problem solver
•
348 Messages
4 years ago
Thank you so much for providing that information as this does give us a better understanding of what is going on. I do see that we still have our open ticket for advanced repair and we should be reaching out to you within 24-48 hours. I know how frustrating this has been for you and we really do appreciate your patience with us and I will reach out as soon as we have an update with the request.
0
0
m3_del
New problem solver
•
20 Messages
4 years ago
Do you know why my post was marked as spam? Here it is with IP's edited out (assuming that is why this was marked as spam)
Simple testing reveals the bridge mode issue. in both examples I am hosting a simple web page on my laptop on port :787 (to keep the filters simple in Wireshark).
Comcast Gateway Model: CGA4131COM
HW Version: 2.3
Boot Version: S1TC-3.60.19.137
Download Version: CM DOCSIS Application - Prod_18.3_d31 & MTA Application - Prod_18.3
The above Wireshark capture is my laptop behind my ASUS router with (192.168.0.X). *IP's removed*
Notice even through this mess of a double NAT the Source IP is showing the client inbound IP (73.83.X.X). We validated that was his IP. This is expected behavior. He gets to the web pages listening on my laptop on port :787.
Now for the problem.
The mess above is now showing what happens when my same laptop, hosting the same web page on port :787 is plugged directly into the gateway while in bridge mode. The client is now reaching out to my laptop via the public IP my laptop gets via Comcast DHCP. Notice in this session the SRC, which should be my clients IP, has been replaced with the IP of the gateway device. Now my web server does not know where to send ACK's and the web page data. This setup is
0
0
Comcast_Gabriel
Official Employee
•
297 Messages
4 years ago
Thank you for providing these details and for sending over those pictures! We appreciate you for the time you have spent on this so far. We want nothing more than to get this resolved for you. Most of these settings are beyond our demarcation of support as internal networks vary so drastically from business to business. Thanks for that great question about the posts being marked as spam. We definitely would not want your IPs posted publicly for security purposes. What I would like to do from here is monitor the request that we have opened with our Advance Repair team who will be contacting you within the next 24-48 hours. Our Advance Repair team and will work hard with us with dedication and commitment to resolving the modem concern as quickly as possible. In the meantime, please feel free to reach out for any additional questions or concerns. Thank you for your business and patience.
0
0
m3_del
New problem solver
•
20 Messages
4 years ago
Thanks for the note Gabe.
The issue (second part) is in no way past your Demarcation. Hence I am directly connecting to the gateway in bridge mode. As user: SBT is also seeing the gateway is doing something with the packets as they pass through to the laptop public IP that replaces the SRC IP with the IP of the gateway. Without getting shell access into the gateway to run a TCP dump there is no way for me to prove this to you besides what I am showing here. The standard answer of demarcation is not acceptable. At this point if that would be the answer it would need to be proved to me that this is in fact an issue on my end. I have provided mountains of data that I believe show the issue is with the gateways bridge mode mangling packets.
0
0
m3_del
New problem solver
•
20 Messages
4 years ago
To rephrase what you just asked...
Comcast did "SOMETHING" to resolve this.
The something is where there is a mystery. I hope they do "SOMETHING" to resolve this for you so you do not have to spend capital on standard modem.
0
0
SBT
Contributor
•
13 Messages
4 years ago
Just so I understand, Comcast did something on their end to fix your issue.
0
0
SBT
Contributor
•
13 Messages
4 years ago
If its not to much trouble, I would be curious what your router software version is, I wonder if the downgraded or upgraded your firmware?
0
0