Been trying to work through a repeated issue w/Comcast Tier 1 and Tier 2 regarding the Cisco DPC3939B and my fixed IP routing. The issue is fixed and then something on the comcast end causes it to break again. Repeated tickets and Tier 2 closing them without contacting me is beginning to get frustrating and affecting my business.
Routing table is set up correctly to work when traffic is routed from the internet to my fixed IP devices without issues. The issue is when a computer is hard-wired to the LAN side (or WiFi is enabled) of the DPC3939B and served up a private network LAN address, it is not able to connect to any of my fixed IP resources. The routing table does not know where to route that packet and therefore never connects to the resource.
Any help would be appreciated.
Seems like this issue is common.
This needs to be fixed.
Are you saying that a host on the back side - like one at 10.1.10.56 - cannot contact a port-forwarded IP such as
184.108.40.206 that is assigned to you as a static IP on the outside?
If this is what you are saying what you are asking for is a capability called "hairpinning" where the packets are
double-natted - they go out through the translator in the cable modem to the outside interface then immediately come right back inside on the public IP and are passed yet again through the translator.
To put it simply, "doctor doctor it hurts when I do this - well don't do that!"
In this environment you need 2 DNS servers. The outside one that serves out the public IP 220.127.116.11 for your outside host names, and an inside one that serves out 10.1.10.56 for the inside host name.
Then all your machines on the inside use the inside IP and get the correct internal local 10.1.10.x numbers when they try to reach other hosts on the inside.
Otherwise you are running ALL traffic on the inside network through your cable modem and I am quite sure that unit is not capabable of doig gigabit-to-gigabit routing it just does not have that fast a CPU.
Thanks for taking the time to follow-up - much appreciated!
Correct, the issue is "hairpining"/NAT Loopback.
The network on the LAN side of this device is completely isolated from my corporate network for security reasons. There is no reason that a packet to a fixed IP/port should not be routed back as if I was sitting in my local Panera's. Multiple DNS servers, Split-Brain DNS, Dual Homing and hosts/routes changes are all overkill. The issue isn't "well don't do that" because the router did support NAT Loopback at one time before the recent firmware update. I've determined that the firmware upgrade is the cause of the problem. If Comcast rolls it back, it will just be updated again at a future time as I've seen before. I get it, there are some that believe that NAT loopback can be a security issues (albeit only in a poorly architected network topology) but a business customer should be allowed to configure their network as required. Moral of the story is that business customers should be given a full featured device, especially since we are paying for rental.