Installation Setup Problem.

[hbradbur]

I have a new client that has Comcast business 20 MB ISP service. They currently have a Netgear FVS328 firewall with a static ip address and a subnet of 255.255.255.248/29 - so I "assume" there are several spare IP addresses.

After hours, I disconnected the existing firewall patch cable (to the comCast box) and installed it on the new untangle server to the external network card. During setup - Untangle recognizes the external network card as connected.

When I enter the static ip address, subnet, gateway, DNS1, DNS2 and press Test Connectivity - the response is "test failed" - and makes me re-enter the data.

Note that the existing firewall is isolated (unplugged from the both sides of the network). Each time I enter the data for the external network, I get the same response.

Has anyone connected an Untangle Firewall to Comcast Business service? Any tips on getting Untangle to pass the test and accept the WAN settings?

I can reconnect the old firewall and all is well. The only thing I notices on the netgear firewall was 3 port forwards for smtp, https and pptp - all forwarded to the server x.x.x.100. To me, nothing there that should stop the install of Untangle.

The settings on the Netgear FVS328 show:
Internet connection - Broadband - No Login
NAT - Enabled
Use Static IP Address - x.x.x.229
IP Subnet Mask - 255.255.255.248
Gateway IP Address - x.x.x.230
Primary DNS - 8.8.8.8
Secondary DNS - 8.8.4.4
Router's MAC Address - Use Default Address

Internal - LAN Setup
Ip Address - 192.168.0.1
Subnet - 255.255.255.0
RIP Direction - None
Rip Version - Disabled

The only option under rules that I see (don't understand) is Enable DNS Proxy.

To me, this should be a no brainer - but apparently it is :-(
Any help/idea's would be appreciated.

Thanks in advance.

[dmorris]

When I enter the static ip address, subnet, gateway, DNS1, DNS2 and press Test Connectivity - the response is "test failed" - and makes me re-enter the data.

What numbers are you entering?

You could try DHCP. Its probably served by your comcast box.
You may need to reboot your comcast box so it forgets the leases its handed out and it won't get confused about the MAC changing if you are re-using your old firewall's IP.

[hbradbur]

I am using the same IP address's that are in the Netgear Firewall.

Because it is a /29 subnet, there should be at least 5 usable IP address's for me to use (although I have not contacted Comcast).

Currently, Netgear FVS328 setup (working configuration) see's the internet service as Broadband - no login (so no ppoe login info needed).

It is configured with a static ip address - not DHCPP (Get Dynamically for ISP).

I have listed the last octate of the ip address (static) - x.x.x.229
The subnet mask is 255.255.255.248
Gateway is x.x.x.230


When prompted on Untangle setup for ip address - I enter the x.x.x.229 - just like on the Netgear firewall.

Then Untangle makes you use the dropdown box for the subnet mask - scroll down and select 255.255.255.248

Then enter in the gateway - x.x.x.230

Then DNS1 and DNS 2 - 8.8.8.8 and 8.8.4.4 respectively

Then - Press "Test Connection" - after a about 45 seconds it comes back that the connection test failed.

I wouldn't assume a reboot of the Comcast box would be needed ....... unless it records a mac address of the firewall? Do you (or anyone) knows if this is what happens when using Comcast Business service?

Thanks for such a quick response.

[dougfoot]

I have run into Comcast and other ISPs holding onto the MAC address of the devices setup on their network. This makes it difficult to add new devices.
After a few minutes off the network, the MAC address should be released allowing the new device to be configured and function properly.
Sometimes a call to the service provider is in order to release the old MAC address to get things working again.

[hbradbur]

Thanks, I will try to reboot the device and see if that will work. I know the connection was down at least a couple of minutes (not that I was typing in the IP info several times).

I will have to wait until monday to do the reboot and get the client to contact Comcast and add me to the "allowed" list of people to talk to.

Thanks for the response.

[plasstech]

I did some work for a client a few month's ago on comcast, Same issue, New router replaced old router that used to connect using static IP. I had to call Comcast and they had to release the mac on the old router. Very strange I think. Here with cox. Doesn't matter what is connected as long as the static settings are correct. Give CS a call.

[sky-knight]

Most cable networks you need to call the ISP and have them manually flush the arp cache before you can replace statically assigned equipment. DHCP you can simply reset the cable modem, but static changes usually require the ISP's help to move over.

[hbradbur]

What I found out.

Client existing Netgear firewall is using:
DNS1 8.8.8.8
DNS2 8.8.4.4

During setup of Untangle, you are prompted to enter static ip, subnet, gateway and DNS primary - secondary is optional.

I entered the static ip, netmask, gateway and the above DNS1 & DNS2.

Talking to Comcast, they use 75.75.75.75 as primary and 75.75.76.76 as secondary. These along with proper IP "stuff" still did not pass the "Test Connectivity" test.

I entered the Static IP address info again - with only the primary DNS and pressed Next instead of "Test Connection" - it took longer to test but still failed, BUT, you have the option to continue to LAN setup. Once the LAN segment was input, I was able to access the default rack screen.

From there - Config, Networking, Interfaces. Edit the External interface and was able to enter in 8.8.8.8 and 8.8.4.4 as DNS1 & DNS2. If I entered in the default Comcast DNS IP's, Untanlgle will show DNS connectivity failure.

Anyway, I now know that Comcast does not look for mac address or record them once it see's an active connection.

Thanks for the ideas and help!

[dmorris]

So is it working?

Those little numbers matter. You can't just enter anything. "stuff" is not a valid or proper IP.
Based on your first post it should probably be 192.168.0.2 with a netmask of 255.255.255.0 if you are installing behind your netgear.
The same as the netgear if you are replacing it.

Here are some tests you can run from networking or the command line to see whats going on:
http://wiki.untangle.com/index.php/T...ntangle_server