Question

Network set up with Comcast cable modem SMC8013WG

Asked by: doritang

Hi,
I recently got Comcast High speed cable modem at home with 5 static IPs. I would be grateful if some one can recommend a good solution to network 2 servers such that they can be accessed from the outside using 2 of the 5 static IPs. I plan to attach 2 linux servers to the modem. The modem config is as follows:

Cable Modem external IP/Gateway: 70.90.xxx.206 (5 static: 70.90.xxx.201 to 205)
Cable Modem internal IP: 10.1.10.1
The cable modem does provide NAT/port fwd option when login into it using the 10.1.10.1
Internal network range of IPs for computers: 10.1.10.10 to  10.1.10.199  

2 linux servers running red hat ES 2.1

Goal:
1. The right way to hook/network the 2 linux servers to the cable modem
2. What IPs assign to my 2 linux servers---how?
3. To make sure that the 2 linux servers are accessible from the outside (lets say 70.90.xxx.201, 202)
4. Do I need to use a proxy server? How to set it up.

Since I'm new to networking, as much detail is required as possible or please guide to me to an article/book to set it up.

Many thanks in return.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-02-07 at 08:39:34ID21727085
Tags

comcast

,

modem

,

cable

Topic

DSL Lines / Cable Internet

Participating Experts
7
Points
500
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Comcast cable modem static IP mapping...
    I'm new t0 networking.....so please bear with me.... I recently got comcast cable with 5 Static IPs. The modem IP address have range of 10.1.10.X. The modem is working fine with DHCP for my wireless network. Now I want to hook up my Linux server. I gave it internal address o...
  2. Comcast static address and PIX501
    We have a comcast business with a static addresss up purchased a pix501 to do vpn and site to site ect. The issue we are having is the comcast modem with the SMC router will not go into bridge mode and let the cisco pix501 have the static address assigned to it. If we put t...
  3. Comcast cable static IP / NAT / SMC modem / configurat…
    working with a comcast smc modem, I have some questions. The modem they supplied has 4 'lan' ports on it. Our network (firewall to a dual nic sbs box to the rest of our network) was plugged into port 1, 2 other networks were in port 2 & 3. our firewall and the other ne...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: kfullartonPosted on 2006-02-07 at 11:30:49ID: 15895611

1.  The right way would be to have a firewall in place behind the cable modem.  Here's a book that's probably way more than you need, but will point you in the riught direction.

http://www.oreilly.com/catalog/fire2/

 

by: MCPJoePosted on 2006-02-07 at 13:24:58ID: 15896838

I usually recommend that people that want to do this just get a better cable modem, than the standard one the ISP gives you.  I highly recommend the SBG1000 from Motorola or the SBG900.  Both have NAT, port forwarding, a firewall with stateful packet inspection, etc.  You then just plug in your machines, configure port forwarding or use a DMZ and assign your machines the public IP addresses.  Its a lot easier than it sounds, but that would be the best way.  You can always add a router, but that just adds one more device and one more point of failure.  I have a similar setup at home, I have a Motorola SBG900, which has port forwarding for various services pointed to my firewall (which is not necessary, but I have it anyway for added security).  The firewall then forwards the ports to the LAN IP I specify.  I don't have to have multiple IP addresses to get my home network to function the way I want.  Port forwarding works nicely.  Although I could always do the DMZ thing in my cable modem if I wanted to.  But then I'd have to buy IPs from them.  Keep in mind that hosting some types of servers on your home network might be against the ISP terms of service.  For example, hosting a mail server.  

 

by: cubemonkeyPosted on 2006-02-07 at 15:09:55ID: 15897835

There are several diffrent brands of routers and firewalls that you can use that are made by different vendors. I always feel it is best to go with the brands that you feel comfortable working with like linksys, netgear,d-link, zyxel, ect. It really depends on your budget and your networking know how. Basically what you need to find is a router or firewall that supports multi-nat, or full-feature NAT. As for myself I like working with ZyXEL Zywalls but here are some resources for you to look at:

Zywall 2:
http://us.zyxel.com/products/model.php?indexcate=1044940679&indexcate1=1123007871&indexFlagvalue=1021873683

Here is an article from toms networking about this subject with a few suggestions:
http://www.smallnetbuilder.com/FAQ-7-Hardware+Routers-5.php

Products with this capability include the SMC7004VBR, SMC2804WBR, ZyXEL ZyAIR G-2000 and ASUS SL1000 Internet Security Router.

Hope this helps and happy networking!
Cubemonkey

 

by: cubemonkeyPosted on 2006-02-07 at 15:11:20ID: 15897850

 

by: Bill_FleuryPosted on 2006-02-07 at 20:41:57ID: 15899630

Unfortuneately, MCPJoe's suggestion of getting a different cable modem will not be an option.  Comcast delivers their static IP's via RIPV2, and in order to accomplish this there is a RIP KEY that needs to be set on the modem in order for it to authenticate with the routers to update the routing tables.  

As well, you will be unable to place a firewall of any sort between your computer and the modem, unless you are able to forward ports back to the servers as the static IP's will NOT route through any other devices.

You can assign any of your IP's to your two linux servers, just remember the subnet will be 255.255.255.248.  As well, in order to ensure that all traffic is directed to your computers, without the SMC's firewall interferring, you will have to log into the firewall and disable the LAN Firewall (Click firewall on the left, then take the checkmark out of "Enable Public LAN Firewall", then press apply).

To log into the modem, browse to http://10.1.10.1 , and use the username and password provided by comcast.  Since I work for comcast, I cannot post the default username and password for the router due to Comcast's security concerns, but you can do a quick google search or just call the business support at 800-316-1619 ,  so long as you are the authorized contact on the account.

I would recommend using IPCHAINS on the linux servers for your firewalling software.  Also keep in mind if you want local clients that are using the 10.1.10 addresses to be able to access these servers, you will actually have to assign them with a second IP address that is in that network range.  10.1.10 computers on the local network are unable to communicate with the 70. IP's properly.

If you run into any problems, their tech support is available 24/7 and can verify your settings for you if needed.

 

by: savonePosted on 2006-02-08 at 05:15:52ID: 15901979

If you have comcast workplace you most likely have an SMC 8013.  The best way to do this varies greatly on what you are doing.  

If you feel the linux servers are quite secure you can simply assign an public IP to the servers.  For example if your gateway (the one on the SMC) IP address is 70.90.22.22 (just an example) then you can assign 70.90.22.21 and 70.90.22.20 to your linux servers using a gateway of 70.90.22.22 and a /29 mask (255.255.255.248).  

If you want you can also put a firewall/router behind the SMC and assign a public IP to that instead.  I kind of prefer this way since it is alot more secure.

INSIDE TIP: Make sure you are using the correct DNS settings.  NS1.comcastbusiness.net has been have load issues.  Try using ns4, and ns5 (208.39.158.2 and 64.56.37.246)

Good luck.

 

by: alandcPosted on 2006-02-08 at 05:29:59ID: 15902088

One way we have done this in the past is to create a DMZ (using a small switch or using part of a programmable switch by creating a VLAN) then plug your firewall(s) and cable modem into this DMZ.

The firewalls we use a are cheap Netgear units that only support one IP address each so for each public address we have to add another. On the upside we can run another web server for each one we add.  Of course, you still need port forwarding enabled for the specific services (web, mail, etc.) that you are supporting with each firewall.

If you are lucky enough to have a firewall that support multiple external IP addresses then you don't need the DMZ (switch).  If not (and you want to follow our pattern) then you need another switch and another firewall for each IP address you add.

 

by: doritangPosted on 2006-02-08 at 08:27:22ID: 15903802

Thanks much all of you!!!

Savone--
I will try your simple strategy first (since new to networking) to see if it works directly with static IPs. I understand that I do not need to assign local IPs to the servers like 10.1.10.10, 11, 12 and so on. Correct? Just hook to the back of the SMC modem and assign the given static IPs to both of my servers as you mentioned.

I will get back later this evening to let you know what happens after setting up your way.

 

by: JohnKlinckPosted on 2006-02-08 at 09:38:02ID: 15904608

Both Bill and Savone are correct. And I agree with Savone that it appears that ns1 has been having load issues and using other dns servers would be preferable to that one in particular.

 

by: doritangPosted on 2006-02-08 at 16:00:18ID: 15908446

Savone/Bill--

Does it matter if DHCP is on on SMC8013 for my wireless connection (linksys wireless router) connected to the same modem. That is working fine for my PCs at home.

Savone--
I did as per your instructions:

Linux 1:  Gateway: 255.255.255.248

 

by: doritangPosted on 2006-02-08 at 16:06:28ID: 15908481

Sorry.....my mistake above ....

Gateway : 70.90.xxx.x06, Static IP: 70.90.xxx.x05....provided the primary and secondary DNS as 208.39.158.2 and 64.56.37.246.

I can connect to the outside world...However, when I try http://70.90.xxx.x05  from my notebook on the same cable modem via wireless....I see the page not found error, although the linux server has Apache2.0 running on port 80.

May be I need to be outside of my home domain?? I will check tomorrow from my office.

Please let me know if that is the case or is there something else you guys might think happening.


 

by: Bill_FleuryPosted on 2006-02-09 at 01:15:10ID: 15910846

Please re-read my earlier post regarding this:

Iwould recommend using IPCHAINS on the linux servers for your firewalling software.  Also keep in mind if you want local clients that are using the 10.1.10 addresses to be able to access these servers, you will actually have to assign them with a second IP address that is in that network range.  10.1.10 computers on the local network are unable to communicate with the 70. IP's properly.

Therefore, if you are tryign to browse from locally, you will have to browse to the second ip address you gave it, the 10.1.10 address.

 

by: doritangPosted on 2006-02-09 at 12:13:10ID: 15916120

Bill--

Thanks for the info. I would use IPCHAINS for firewall. However, I cannot access my server via IP 70.90.xxx.x05 (from outside the cable domain) as stated above to set it up by hooking it to the modem and setting up the static IP's directly. The firewall on the modem is  NOT enabled either. I probably will call comcast later today to see if they can help.

 

by: Bill_FleuryPosted on 2006-02-09 at 12:25:59ID: 15916277

Are you able to browse to it from another computer using one of your statics?  I'm thinking it's a configuration problem on your server at this point, perhaps there is no firewall rule to allow traffic on port 80?

Tip- call comcast in the evening, you won't have to wait on the phone and there are a few server people answering the phone that may be able to help out a little better.

 

by: JohnKlinckPosted on 2006-02-10 at 00:40:54ID: 15920377

In regards to the question about the DHCP server. It will only make a difference if the SMC is plugged into the LAN side of the Linksys router. If you have it on the WAN/Internet side then the DHCP Servers will never clash (You can log into the SMC and disable the DHCP server inside of it, but ensure that you statically set your ip for the Linksys before you do that.

Am I understanding correctly that you can connect to the outside world when you are using the 70.90.x.205 static ip on the server? I'm just double checking. If so, and you have turned off the firewall then double check that Apache is running (double check you have it initializing when you start the server or activate it yourself) and that the linux firewall is allowing connections on port 80 (I ran into issues when using the higher security firewall linux settings, even when I set it to the lowest settings that I could, in the end I simply disabled them).

If you can't connect on port 80 to the server from the outside world, trying pinging the static IP and the static gateway that you have. (the 70.90.x.206)

It appears to be a server setting at this point since you can connect to the internet from that server while utilizing the static IP.

 

by: doritangPosted on 2006-02-11 at 12:40:48ID: 15931873

got it working.....along with DHCP.......assigned both external and internal IPs. Disabled firewall on the linux server.....can access Apache as well as ssh. Test it on the LAN and from outside of the cable domain using static IP.

Thanks all of you....especially Bill, Savone, John.........

now on to 2nd linux server.............

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...