Comcast Business Class Gateway Setup

**scottrill2** · 04-29-10, 07:28 AM

Hello,

I recently had comcast business class installed to replace our DSL. We also have a small server colocated, since I have 10mbps upstream and the server does not require failsafe or redundancy I thought I would bring it back here to the shop to offset the cost some.

The server is a linux box, but also with a virtual MS server for terminal service apps. I have 5 useable static IP's.

The colocation company of course handled all the networking hook ups etc (I am a networking newb) and comcast refuses to give advice one way or another on the setup.

I would like this scenario:

1. Port 1 on the Business gateway needs to connect to a wireless router so my workstations/laptops etc can access. I would like to have one static IP for this and then use DHCP for all the stations.

2. Port 2 on the Business Gateway needs to connect to the linux box. I would like the remaining 4 static IP's to all go into this one server.

3. I of course would want it reasonably secure.

So my questions are thus:

1. The wireless router hooked up to port one is a Cisco and I hear they have good firewalls built in, so I figure the dhcp side with NAT will be safe correct?

2. On the server side at port 2, the Business gateway itself has a firewall/SPI but is it a quality firewall?

3. What would be the best way to hook everything up to arrive at the scenarios I wish for?

4. How do I get 4 static IP's all funneling into one port, I read on google I can have 8 static routes on the comcast gateway, is this what it pertains to?

Even a few hints will be leaps and bounds over the service I received from comcast.

Thanks in advance for your time.

***YeOldeStonecat*** · 04-29-10, 08:41 AM

The SMC appliance that Comcast gives you with the business setups is a combo modem/router. It already runs NAT, its default LAN IP is 10.1.10.1, web admin username:cusadmin or custadmin, password highspeed

You can leave it by default, uplink a switch to it, and setup your network behind it just like any old home grade Linksys router...it runs DHCP by default, clients will pick up 10.1.10.100 and on up IP addresses. The NAT/firewall is decent...just like any other basic NAT router.

The public IP address that it picks up is not the static IPs that Comcast gives you with your account, Comcast will give you your static IP(s) on a sheet of paper when they do the install. What I do is use my own routers for my clients...and you enter that static IP info on the WAN interface of your own router..and uplink the WAN interface of your own router into one of the LAN ports on the back of the SMC. Before that, I log into the SMC and turn off the firewall feature..if I'm running my own services behind it. The SMC will pass the public IP right along, with this setup there's no double NAT'ing, so even though it looks like a router plugged into another router..it's not.

If your case, if you want to leave the SMC as your gateway, uplink a switch to it for your network. For your wireless router...change its LAN IP to 10.1.10.2 or 10.1.10.245 or 10.2.10.253 (whichever you like). Disable DHCP on your router, and uplink it to one of the LAN ports of the SMC..using a LAN port of your router..not your routers WAN/Internet port. This will make it an access point, not a 2nd router so you avoid double NAT'ing.

For your *nix server, you can either do port forwarding, or DMZ it, or assign it one of your statics and plug it into the SMC. I cannot remember if the SMC had a true DMZ mode for a static IP, I've not used that feature. But you'd want to consider isolating your *nix server from the rest of your LAN properly, for security reasons.

**vmbgap** · 07-17-11, 11:14 PM

Thank you very much YeOldeStonecat even a year later this is exactly what I was looking for!!!

**onastvar** · 09-01-12, 11:18 AM

Thanks, above post worked for me also. Does anyone know how could I connect WRT54G wirelessly to another WRT54G so I can make it as Wireless Bridge, when I wire 2 other PCs I get internet connection. I followed this guide, but I'm not sure if this works since my Wireless Router WRT54G is connected wo lan port 1 rather then WAN port (per above setup) Any ideas, or is this even possible with above setup.

http://www.dd-wrt.com/wiki/index.php/Client_Bridged

**Philip** · 09-01-12, 12:55 PM

You'd have to set the first WRT54G as an access point (with the LAN port connected to your network/gateway) in a way that any wireless clients can connect to it, as described here: http://www.speedguide.net/articles/h...ess-point-2556Then, you can set your second WRT54G as a wireless client, where it will communicate as a client to the first AP, and it will connect other clients via its wired ports.

**onastvar** · 09-04-12, 12:13 AM

I've set 1st WRT54GL (linksys firmware v4.30.15) as an Access Point following instructions from this link: http://www.speedguide.net/articles/h...ess-point-2556 then I followed these instructions http://www.dd-wrt.com/wiki/index.php/Client_Mode to setup WRT54GL as a Wireless Client (dd-wrt firmware), for some reason, I'm unable to connect WRT54G Wireless Client to WRT54GL Access Point.
Any help very much appreciated. Thanks!

**Philip** · 09-04-12, 10:10 AM

Do you have only one DHCP server on the network ?

I'd try setting the AP and the client in the same private IP block, and a client PC with a static IP in the same block, and see if you can ping the AP. From there, you can play with obtaining IP automatically, etc.
Also, sometimes in DD-WRT you may have to click both "Apply" and "Save" for settings to work. It is hard to give more specific suggestions without knowing more details about the specific settings, IPs, etc.

**onastvar** · 09-04-12, 08:10 PM

Thank You!
Yes, the only enabled DHCP is on Comcast SMC Gateway. This is my setup.
**************************************************************************************
Comcast SMC Gateway
IP Address: 192.168.1.254
Subnet Mask: 255.255.255.0
Domain Suffix: wp.comcast.net
Enable LAN DHCP (checked)
DHCP Start IP: 192.168.1.10
DHCP End IP: 192.168.1.199
Primary DNS: 75.75.75.75.
Secondary DNS: 75.75.76.76
**************************************************************************************
WRT54GL (Access Point)
Router IP: 192.168.1.2
Subnet Mask: 255.255.255.0
DHCP Server: Disabled

I can ping WRT54GL (Access Point) from PC (pc ip address is 192.168.1.155)
I am able to connect wirelessly with laptop or phone to WRT54GL (Access Point)
**************************************************************************************
WRT54G (Client) dd-wrt firmware
Router IP: 192.168.1.148
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.2
Local DNS: 192.168.1.2
DHCP Server: Disabled

I'm trying to wirelessly connect WRT54G (Client) to WRT54GL (Access Point) to
get internet connection, so I can connect with wire other devices
(TV, DirecTV, WDTV, etc.) via LAN ports 1-2-3-4 of WRT54G (Client)

Is this possible?
**************************************************************************************

**Philip** · 09-06-12, 09:00 AM

If wireless clients can use the AP and get online, then you only need to worry about the client WRT54G setup.

I'd set the client WRT54G with a static IP in the 192.168.1.x range outside of the DHCP range. I'd also make sure to set its Gateway and DNS correctly (it could work with setting DNS at 192.168.1.254, or 192.168.1.2 as well).

When you connect a wired client to the second WRT54G, make sure it is getting a DHCP address in the correct range (or set a static IP in the same range), then try to ping the client WRT54G, the AP, the modem, a website and see how far you get.