Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Comcast routing

We have a Comcast modem and a TZ400 connected as the firewall.

From Comcast we have a block of 13 IPs.

Our block is for example 66.200.171.161 to 66.200.171.173 the default gateway is 66.200.171.174, subnet mask is 255.255.255.240. LAN is 192.168.1.1

The problem we have is when using the onboard Comcast wifi the users are unable to connect to any service on our firewall, ie: websites, email etc.

The modem has bridge mode disabled, if I try and connect to the modem 10.1.10.1 it times out from the firewall side. I i connect to the modem through wifi it connects.

Are we missing a route some where??

Thanks in advance.

Category: Entry Level Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @Charterwarranty,

    Welcome to SonicWall community.

    So, when connected to the Comcast wireless, you are unable to access the LAN resources present behind the firewall?

    If yes, the reason could be that the Comcast does not know how to reach the internal network of the firewall.

    You would need the following changes:

    1) On comcast: You would need a static route, telling X0 subnet of firewall can be reached using the gateway: (SonicWall's WAN IP). This way the Comcast would send the traffic destined for 192.168.1.0/24 to the firewall instead of sending it to the internet.

    2) On SonicWall: You would need an access rule from WAN to LAN, allowing traffic from the wireless network of Comcast to SonicWall's LAN network as all traffic from WAN to LAN is denied.

    No route is required on the SonicWall, as we would always send traffic to network that we do not know about to our default gateway which is Comcast.

    I hope that helps!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Shipra

    Thanks for the quick comment.

    No I can not connect to the lan from the modem wifi which I DO NOT want access to. I want the wifi to not have any access to the private or lan.

    What I can't figure out is the the public IP I get when using the Comcast wfi is the default gateway address 66.200.171.174 via iPhone.

    Why I can't get to any of my public IP address services, for example my website is @ 66.200.171.169 I would expect the iPhone connected to the Comcast wifi to know to go to www.mysite.com (66.200.171.169)

  • shiprasahu93shiprasahu93 Moderator

    @Charterwarranty,

    In that case, I am sure you have port forwarding on the firewall to allow access o your website. We would need to check the following:

    1) Is that traffic reaching the firewall? That can be done by performing a packet capture on the firewall.

    2) If the traffic is not reaching firewall, we need to check on the Comcast end.

    3) If the traffic is reaching the firewall but getting dropped or incorrectly forwarded, we would need to see the drop reason and find out how to get around that.

    I just wanted to make sure that the LAN IP subnet on firewall: 192.168.1.0/24 is not the same that Comcast assigns to the wireless devices connecting to it. If the firewall receives traffic from IP: 192.168.1.x on X1 interface it will drop it as IP spoof.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • It appears that the traffic from the Comcast wifi isn't reaching my block of IP's I think it's something to do with the default gateway address on the firewall 66.200.171.174 being the same as the modem wifi public IP

  • @Charterwarranty,

    I don't think that should be an issue as SonicWall should use Comcast as the default gateway and since the wireless is on Comcast, they would see the same IP as their public IP as well.

    The website that you are trying to reach, is that hosted on X1 IP itself or some usable IP from X1? If it is an usable IP, please check if Comcast has ARP for that IP with SonicWall's X1 MAC address. If not, it might not be forwarding us the traffic.

    Also, if you have something hosted on X1 IP itself, it would be best to test that first.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.