Another COMCAST question

[Brian S]

Hi I am new to UT and need some advice documentation on what to do.
I have Comcast business It comes with a SMC router/firewall/cable modem box
I have 5 static IPs but the 192.xxx.xxx.xxx subnet is on the same ports as my static
IPs when I set up port forwarding, static routes NAT on the smc I lose all inbound traffic
I contacted Comcast and there solution was to put Firewalls up on each Static Ip I have
Tried several setup configs but I no success how do I set it up so I get my 192 sub
Access and route in on my static IPs for my mail, web server any help would be greatly
appreciated

[bratsadtar]

Welcome to the forums!

UT is only going to serve one master IP.
Sounds like you would want to use multiple UT's.

From your SMC cable box run:
1: UT- network 192.168.xxx.xxx systems
2: Next Static 2nd IP device (ie: emailserver)

And so on. That is, of course, if your SMC router will provide each Static IP Address through its router/firewall/cable modem box. If not, use a switch box.

Hope this makes sense.

[mdh]

Brian,

I've read your posts a few times, and I'm not clear on what you're asking. We have many users who have multiple public IPs coming into a Untangle box and can use static NAT when needed to have a single private IP associated with a single specified public IP. If I could figure out what you're asking, I might be able to tell you more. Maybe some specifics? Mention specific private IPs but refer to publics as a.b.c.d instead of using telltale numbers.

[YeOldeStonecat]

I have quite a few clients on Comcast business with the SMC gateway.
The SMC gateway will obtain the first public IP address in your static IP block
You assign your own router...the second public IP address that you are given (refer to your documentation that Comcast gave you to find this..if not, call them, their business support department is excellent). Plug the red NIC of your Untangle box into one of the LAN ports of the SMC. Now you've IP mapped your 2nd public IP to your UT box.

Log into the SMC router, and disable the firewall services...because it will still somehow affect traffic such as SMTP traffic..and if you're running an e-mail server behind Untangle..it will be sorta blocked.

If I recall (I have it written down somewhere)...the user/pass for the SMC is
cusadmin or custadmin with a password of highspeed

The green (LAN) NIC of your Untangle box will plug into a switch...for the rest of your network. Anything else you plug into the SMC gateway with TCP/IP set to obtain auto will simply pull DHCP from the SMC and be behind its first NAT....using the first IP address..and naturally be on that separate network. You usually don't use this.

[Lee Sharp]

I HATE those Comcast SMC "business class" routers. Call them up and get them to swap it for a docsis basic box. They will do it, and you will be right on the net. Much cleaner, and the techs don't accidentally reset it to NAT.

[YeOldeStonecat]

Quote:

Originally Posted by Lee Sharp

I HATE those Comcast SMC "business class" routers. Call them up and get them to swap it for a docsis basic box. They will do it, and you will be right on the net. Much cleaner, and the techs don't accidentally reset it to NAT.

I'm not a fan of the equivalent "gateway" DSL units that AT&T/SBC deploys for their biz accounts...the 2Wire units. But honestly haven't had a single issue with the SMC units Comcast provides. I leave the NAT on, the ip mapping sidesteps the NAT in the setups I do, as the NAT only functions on the first IP address of the IP block.

[Lee Sharp]

Quote:

Originally Posted by YeOldeStonecat

I'm not a fan of the equivalent "gateway" DSL units that AT&T/SBC deploys for their biz accounts...the 2Wire units. But honestly haven't had a single issue with the SMC units Comcast provides. I leave the NAT on, the ip mapping sidesteps the NAT in the setups I do, as the NAT only functions on the first IP address of the IP block.

For that to work, you need static IP addresses, which they charge for. If you have dynamic IP, it will not work. (full stop)

And it confuses the heck out of them when I say I want a basic docsis box, or a Speedstresm DSL modem, not the fancy router dejure.

[YeOldeStonecat]

Quote:

Originally Posted by Lee Sharp

For that to work, you need static IP addresses, which they charge for. If you have dynamic IP, it will not work. (full stop)

Correct..a static business account...all my clients are on that. For my DNS needs, mail delivery, VPN, remote access portals...they'd be a handful on dynamic IP accounts eh?

Business accounts get higher uptime priority, and lower contention rates (oversubscription) than standard accounts..which is another reason I have my clients always get biz grade accounts.

[Lee Sharp]

Quote:

Originally Posted by YeOldeStonecat

Correct..a static business account...all my clients are on that. For my DNS needs, mail delivery, VPN, remote access portals...they'd be a handful on dynamic IP accounts eh?

Business accounts get higher uptime priority, and lower contention rates (oversubscription) than standard accounts..which is another reason I have my clients always get biz grade accounts.

All my clients are business accounts with dynamic IP addresses. (You save $5 a month over 50 locations...) But I have a commercial account at Dyndns.com and it flat out rocks!

PS: They also never blocked p2p on business accounts.

[sky-knight]

Yeah this isn't Comcast specific either.. every ISP I've ever worked with does this. And whenever possible I always go for the "bridge" device to interface with their networks. I want the Internet IP's on my equipment not stuck inside theirs..