Equipment (Modems,Gateways)

HOW TO: Set SMC D3G In Passthrough (Bridge) Mode With An External Router & Static IPs

At the risk of sounding repetitive, below is how you can set your SMC D3G in bridge mode, with static IPs, and use your own router, as well as a detailed description of my use case for sake of example.


Many people here have been asking questions around this, and there doesn't appear to be much in the way of clear information in response.


Despite statements around the forum to the contrary, you can put the SMC D3G into bridge mode with static IPs.


I have this set up, using a pfSense instance as my router/firewall/NAT/IDS. I have a static IP with a NAT configuration pointing it to a Debian VM running Apache HTTPD Server.


To be more exact, I have pfSense running in a VirtualBox VM on a mid-2011 Mac Mini Server, configured in such a way that even the Mac Mini, itself, is assigned an IP address on the network by pfSense (and is therefore also protected), as well as a Debian VM and network hardware downstream from the Mini. This is accomplished using the machine's built-in ethernet as the WAN port, and a Thunderbolt to ethernet adapter as the LAN port. Both are full-gigabit speed. 

I have a Netgear gigabit switch on the LAN port, and a Netgear wireless router on that (as just an access point, with firewalling and DHCP disabled, connected to the switch by one of its LAN ports, rather than its WAN).


To put the SMC D3G into bridge mode, what you need to do is disable the built-in DHCP server (in LAN > IP Setup) and disable the built-in firewall. You can then handle all of that through your router. To start, you will need to configure your static IP as the WAN for your router. If you have multiple static IPs, you will need to set up virtual IPs, unless, like pfSense, your router supports a multi-WAN setup. Most routers have their own interface for doing this, and if you're reading this, you probably already know how for your device/software, or know how to Google, so I'll skip the detailed explanation here.


As far as speed is concerned, some routers don't play well with the SMC D3G's default auto speed setting (in LAN > Switch Controls). You might try deselecting Auto on any ports you're using, and set them explicitly to Speed: 1000, Duplex: full, which forces it into full-gigabit. Likely, your router will have similar speed options, and you should set them similarly. If that doesn't work, then adjust your QoS settings. Normally, routers don't throttle your performance out-of-the-box.


Aside from the usual online speed tests, your best option is to install iperf. You can run it between two machines on your LAN, or over the internet. Normal average speeds over a gigabit LAN should be in the 940Mbps range. I average 941Mbps on the network I described above. Running iperf to my static ip which is then pointed via NAT to the aforementioned Debian server, I average 522Mbps, which is also normal.

New Member

Re: HOW TO: Set SMC D3G In Passthrough (Bridge) Mode With An External Router & Static IPs

Thanks for the post.  Glad you have things working the way it should.  I have a similar setup with a block of 5 static ip's.  I have a couple of vpn's on a fully routed rfc1918 network behind my router (my own border router setup similar to yours NOT the SMC D3G) that work well but I have one that just does NOT like to traverse the SMC after it is 1:1 nat'd on my border router.  If you get a chance, look at my post and see if you have any advice to offer.



0 Kudos
New Member

Re: HOW TO: Set SMC D3G In Passthrough (Bridge) Mode With An External Router & Static IPs

WARNING: !!!   If you follow these instructions you will not be in TRUE bridge mode. I work for an MSP and deal with Comcast alot.  You have to "Call Comcast Support" and have them put it in bridge mode.  You must tell them "NOT VIRTUAL BRIDGE MODE". Meaning, you don't want them to just turn off DHCP and Firewall but you want them to disable routing completely.  If the tech doesnt get it then ask for another one who does.  You cannot put a Comcast Gateway into True Bridge mode yourself. A comcast support tech must do it. They cannot do it on site either.



To check whether you are in true bridge mode, open a command line and perform a "tracert".   If you see any local ip like 10.0.0.X in the hops inbetween your local router IP and your main Public Ip then you are not truly bridged.