Equipment (Modems,Gateways)
New Member

SMCD3G-CCR and 13 Static IPs and full-featured Fiirewall device possible?

It's a basic requirement of most businesses to force (route) all incoming traffic to a specific IP running a full featured firewall, yet it seems to be impossible with Comcast SMSD3G-CCR modem and static IPs.  This is a trivial matter with Cisco devices and even some of the cheap consumer routers and gateways can do it. Why is this impossible with Comcast? This means each individual machine that is connected to one of the static IPs has to have it's own firewall installed and configured. That's both error prone and very time consuming.


I spoke to Tech Support twice now and have been told the same thing. The modem is not capable of being put in true bridge mode and if I use a different modem, the static IPs wont work behind it. Sheesh.


Any thoughts or information on this would be greatly appreciated.





0 Kudos
Community Manager
Community Manager

Re: SMCD3G-CCR and 13 Static IPs and full-featured Fiirewall device possible?

Welcome phoneinfo.  Thank you for your post.  The SMC as it is configured for Comcast Business services will not pass thru static IP'S when in "true bridge mode".  However a full featured firewall such as a sonciwall or watchguard can support a /28 on it's Ethernet port and should eliminate the need for an additional firewall set-up for each PC. Additional support for networking issues behind the SMC is available via signaturesupport or 1-855-585-0300.


Thank you

0 Kudos
Forum Contributor

Re: SMCD3G-CCR and 13 Static IPs and full-featured Fiirewall device possible?

John this isn't what he's talking about and you know it.


I have a /28 in my SMC


I would like to gain netflow data on usage of this subnet.


with every other ISP in the world I can plug a Cisco into their CPE and put my /28 on my inside

interface and the ISP's /30 or whatever on the outside.  Then I can get netflow data from my Cisco.


I can't do this if I turn off routing on my Cisco and turn it into a bridge because Cisco does not

present layer 3 netflow data when in bridged mode.


The watchgards and other baloney firewalls that respond to the /28 on their external network interface can only do it when in NAT mode.  They can't present that same /28  on their inside interface if not in NAT mode.


You know, even the free dd-wrt firmware can present Netflow.


your SMC gateways run embedded Linux.  Why can't you grab the free netflow module off a Linux distro and put it in your SMC modem the way dd-wrt did?


The inspection firewall in the SMC is utter bull-waste.  Nobody serious about it uses that.


The only thing I can do is put a separate machine in promiscious mode then plug it into a monitoring port on a switch plugged to the SMC to get at that data.  it's a really crummy way to do it.


I will also point out that Comcast has been taunting us with IPv6 availability for the last 2-3 years now.  When is that going to happen?  You list IPv6 compatability for some of your RESIDENTIAL modems for crying out loud but not the SMCD3G which is the _newer_ modem.  I'm getting sick of routing traffic through Hurricaine Electric's gateways.

0 Kudos

Re: SMCD3G-CCR and 13 Static IPs and full-featured Fiirewall device possible?

I have the same problem and it frustrates me to no end. We are trained network techs and cannot configure our equipment in the most basic configuration used by most businesses.


The amount of money we have cost you calling tech support over and over again hoping to find someone who understands should be motivation enough for you to answer this question properly.


You should write a "How to" about this.

0 Kudos