[ale] HELP NEEDED - Comcast cable Modem and linux-centric home network

Thu Jul 19 12:49:43 EDT 2012

On 07/19/2012 10:22 AM, mike at trausch.us wrote:
> you have the business class Internet.
> 
> Yes, here is my advice:  Just get used to it.
> 
> Seriously.

Ah - business is a completely different thing than residential.

If you have business class, keep reading. If you don't. Stop. I'd rather not
confuse anyone.

If you are on residential, buy a DOCSIS3 modem from their approved list.
Further, during boot, it will get settings from Comcast and their techs will be
able to remote into it, reboot it, and do things that I think they shouldn't
considering that it is **my** equipment.  OTOH, it is THEIR network.

------------------

For business class, you must use their CPE and they will manage the public
facing data. It is DOCSIS3 and they will not connect your account to any other
equipment.  Get any old cheap router and force the public IP address to be one
of your static IPs from Comcast (assuming you have at least 1) and plug it into
any of the SMC ports. Doesn't matter which port.  Traffic will be bridged to
your router automatically.

Forget about the SMC and only use YOUR router to manage everything.

If you are on business class, the help line is usually pretty good.
Don't bother trying to set a complex password over 21 characters. The manual for
this router says they support 32 alphanumeric characters, but comcast has a
custom firmware. The comcast crapware firmware doesn't support it.  I spent more
time than anyone should with Tier-3 support trying to figure out the
undocumented complex rules.  9 characters, alphanumeric, with no more than 1
number, no punctuation, no special characters. These limits were in effect last
fall for the "cusadmin" account, on the SMC router, 10.1.10.1.

According to the tier-3 guy, the admin password on all these routers was changed
daily to prevent non-employees from screwing around the following day. Further,
the current admin password was much more complex than what they allowed on
"cusadmin" account.

If you think about the average business class cable modem user, then you can
understand why they lock down the subnet controls. It could be bad for the
internet if "Dad's Soda Shoppe" entered wrong settings. Someone could take China
off the internet, right? They provide a limited web interface, but definitely
not subnet mask or public IP controls. You can forward ports, but it is just
easier to treat that SMC cable modem like the public internet as hostle and use
another router as the gateway to your network.

If you don't have business class forget what I've said.
If you don't have at least 1 static IP, forget what I've said.

Comcast DNS was updated with faster servers a few years ago. On residential
accounts, there was (it might still be there) a setting inside the web controls
for your account to disable Comcast from redirecting all DNS queries to their
servers. If you don't disable that, any requests sent to UDP/TCP port 53 will be
redirected to the comcast DNS servers.