How To Configure a Comcast Business Class Static IP Address
This tutorial explains how to configure a Comcast Business Class static IP address to enable remote access to network clients from the Internet. The Comcast Business IP Gateway (SMC8014 or NETGEAR CG3000DCR) is configured for pseudo bridge mode by disabling the normal routing, firewall, NAT and DHCP functions. The Internet-routable static IP address is assigned the Linksys WiFi router WAN interface for remote Internet access to LAN clients.
Remote Internet Access Problem
I was helping a small business setup IP network cameras with the Comcast Business Class cable modem service but ran into a problem with Internet remote access: the DDNS agent in the Linksys WiFi router was showing a 10.1.10.10 (“10 space”) non-Internet routable private IP address . I logged into the Dyn Remote Access account saw the 10.1.10.10 private IP address listed in the Host Services table.
The problem is the Comcast IP Gateway operates in Router Mode and assigns a 10.1.10.x private IP address to the Linksys router WAN interface. My first thought was to request a standard cable modem which operates in Bridge Mode, however Comcast Business does not support static IP addresses on standard cable modems and you must use their Business IP gateway (cable modem/router combo) to get an Internet routable static IP address.
Comcast Business Class Internet will install a NETGEAR CG3000DCR IP Gateway which is a cable modem and router combo that runs a custom firmware load by Comcast. (We originally had an SMC8014 gateway which Comcast replaced with a NETGEAR CG3000DCR when the SMC8014 failed). The Comcast IP Gateway does not support true Bridge Mode as compared to a basic cable modem nor does it provide a simple user menu option to select the “bridge mode | router mode” working mode like some gateways. Remote Internet access to the LAN network clients requires subscribing to Comcast’s Static IP Service and disabling the various Comcast IP Gateway firewall, NAT and DHCP features for the routed equivalent known as “pseudo-bridge mode”. Comcast Customer Support will remotely reconfigure the gateway for you upon request when the Static IP address is activated.
After configuring pseudo-bridge mode the DDNS agent in the Linksys router can now update the Dyn Remote Access service with the Internet routable WAN IP address. Remote Internet access now works with an easy to remember DDNS host name and port forwarding, e.g. https://myhost.homedns.org:443 or the just static IP address, e.g. https://173.xxx.yy.185:443 where the “:443” is the port number to be forwarded by the Linksys router to a particular LAN client.
I called Comcast and subscribed to one (1) static IP address service because a single IP address assigned to the Linksys WRT54GS WiFi router WAN interface would do the job. The sales person said a confirmation e-mail would be sent with the new static IP in 3 to 5 business days. Several days later, an e-mail confirmation arrived with the new IP address, gateway IP, subnet mask, DNS server IPs and instructions to call Comcast Tech Support’s toll free number to active the static IP service. The e-mail was brief and to the point:
Comcast Static IP Block
Comcast offers 1, 5 or 13 usable static IP addresses. “Usable” means the quantity of IP addresses that are available for assignment to your devices. IP subnetting rules require that IP addresses are allocated in blocks of certain fixed sizes. To obtain one (1) useable IP address a /30 CIDR block is allocated. (You can skip the following CIDR block details because the essentials are given in Comcast’s e-mail notice above.)
Comcast Business Static IP Block Assignment: One (1) Customer Usable IP Example
- CIDR Notation: 173.xxx.yyy.184/30
- Network Address (ID): 173.xxx.yyy.184
- Host Addresses: 172.xxx.yyy.185 to .186
- Customer Usable IP(s): 173.xxx.yyy.185 Only one (1) usable IP because the highest host address (.186) is automatically assigned by Comcast to the Business Gateway WAN Internet IP address.
- Network Broadcast Address: 173.xxx.yyy.187
- Subnet Mask: 255.255.255.252
Recall that the Network ID and Broadcast IP addresses cannot be assigned your network hosts (LAN devices). Comcast also assigns the highest usable IP address to the Business gateway WAN interface. Therefore 3 IP addresses in any CIDR block are reserved and not customer usable.
If I had purchased 5 usable static IP addresses for a more complex LAN network application then Comcast would allocate /29 CIDR block:
Comcast Business Static IP Block Assignment: Five (5) Customer Useable IPs Example
- CIDR Notation: 173.xxx.yyy.184/29
- Host Addresses: 172.xxx.yyy.185 to .190
- Customer Usable IP(s): 173.xxx.yyy.185 to .189 Only five (5) usable IP because the highest host address (.190) is automatically assigned by Comcast to the Business Gateway WAN Internet IP address.
- Network Broadcast Address: 173.xxx.yyy.191
- Subnet Mask: 255.255.255.248
The Comcast static IP network diagram for one usable IP address with the NETGEAR CG3000DCR is:
Fluke LinkSprinter Network Tester
I recently had the pleasure of reviewing the Fluke LinkSprinter Network Tester . It automatically tests:
- Power over Ethernet (PoE)
- Ethernet Link and jacks
- DHCP and Static IP Addresses
- Network Gateway
- Internet Connectivity
It’s affordable, easy to use and takes the guesswork out of network test and troubleshooting.
Comcast Static IP Address & Pseudo Bridge Mode
Comcast Business Support (800) 391-3000 can remotely configure the IP gateway for the routed equivalent to Bridge Mode, which disables the DHCP, DNS, NAT, firewall, static routing, filtering, etc. functions. This will allow your firewall/router to provide the LAN DHCP, NAT, port forwarding, VPN, etc. functions under your control.
I noticed both the older SMC8014 and newer NETGEAR CG3000DCR both have the same custom firmware designed by Comcast. See the (circa 2006) Comcast Business IP Gateway User Guide for details which doesn’t include the IPv6 menu options in the latest firmware versions.
The NETGEAR CG3000DCR can be configured for pseudo bridge mode by connecting your computer to a LAN port on the gateway and logging in with a web browser:
- Admin page: http://10.1.10.1
- User name: cusadmin
- Password: highspeed
You’ll be presented with the Comcast Business Gateway Welcome Screen:
Clicking Gateway Summary → Gateway Status displays the Firmware Version, Operating Mode, etc. The Operating Mode will always state “Residential Gateway” as of this writing:
Clicking Gateway Summary → Network will display the Internet and Local network settings. Comcast automatically assigns the highest useable IP address, e.g. 173.xxx.yyy.186, to the Gateway WAN Internet IP Address. Your Static IP Block in CIDR notation (/30) is also displayed:
The pseudo bridge mode configuration settings for the NETGEAR CG3000DCR are as follows with selected screen grabs for the essential settings.
NETGEAR CG3000DCR Pseudo Bridge Mode Configuration Steps
The following steps will configure the CG3000DCR (or the discontinued SMC8014) for pseudo bridge mode by disabling the various Comcast gateway router functions.
- Disable Firewall for True Static IP Subnet Only : Checked This is a critical setting for pseudo-bridge mode.
- Disable Gateway Smart Packet Detection : Checked Smart packet detection was already disabled by Comcast, probably because it often breaks network services.
- Click the apply button to save your changes.
- Port Forwarding: Disable all Port Forwarding rules : Checked
- Port Triggering: Disable all Port Triggering rules : Checked
- Port Blocking: Disable all Port Blocking rules : Checked
- True Static IP Port Management : Disable all rules and allow all inbound traffic through : Checked Note: When “Disable Firewall for True Static IP Subnet Only” is checked (see the previous screen) it will automatically disable True Static IP Port Management if running the newer firmware versions.
- Firewall → Web Site Blocking: Enable Web Site Blocking: Unchecked
- Firewall → DMZ: Enable DMZ Host: Unchecked
- Firewall → 1-to-1 NAT: Disable All: Checked Disabling the 1-to-1 NAT is the critical setting for pseudo-bridge mode.
NETGEAR CG3000DCR LAN Settings:
Take care to disable the LAN DCHP option last because it will reset/reboot the gateway!
- LAN → IPv6 : No changes. All settings should be blank or “NA” except “Enable EUI-64 Addressing” is enabled by default.
- LAN → Static Routing : No entries, all fields blank.
- LAN → Filtering: Enable Access Filter : Unchecked
- LAN → Switch Controls : Keep the default settings unless you have reason to disable or configure Ethernet port options.
- Enable LAN DCHP : Unchecked This is a critical setting for pseudo-bridge mode to prevent the Comcast IP Gateway from assigning a 10.0.1.x private IP address to your router’s WAN interface.
- Assign DNS Manually: Don’t care because the DNS server settings will be provided by your LAN router DNS feature. It was checked by default and I left it alone.
- Click the apply button to save your changes. The Comcast Gateway will now reboot.
Note: DHCP and DNS services will be configured in the Linksys WRT router.
The NETGEAR CG3000DCR will reboot after DHCP is disabled and the apply button is clicked:
Linksys Router Static IP Address Configuration
The Comcast provided static IP address, subnet mask and gateway must be configured on the Linksys WRT router to enable Internet access. The configuration is simple by flipping the Internet Connection Type from DHCP to Static IP through these steps:
- Log into the Admin page of the Linksys WiFi router at: http://192.168.1.1 Note: I changed the Linksys Router IP from the factory default 192.168. 1 .1 to 192.168. 2 .1 as a minor security enhancement to make it a little harder for someone searching for the default 192.168.1.x subnet. This is strictly optional.
- Go to the Setup → Basic Setup menu.
- Select Static IP in the Internet Connection Type choice box.
- Fill in the Internet IP Address, Subnet Mask, Default Gateway with the parameters specified in the e-mail from Comcast. e.g. Static 173.xxx.yy.185 (Static IP address for my Linksys router) Gateway 173.xxx.yy.186 (Static IP address of the CG3000DCR gateway) Subnet Mask: 255.255.255.252
- Enter your favorite DNS service IP address values or use the Comcast DNS IPs. I used 184.108.40.206 and 220.127.116.11 for Google DNS and 18.104.22.168 for OpenDNS .
- Click Save Settings .
Linksys Router Dynamic DNS Settings
DDNS isn’t necessary with a static IP address but it does provide a way to configure an easy to remember host name to reach simple LAN clients like an IP camera. If you’re setting up a web server for a domain name you’ll want to subscribe to a DNS service and create DNS Zone records for your Comcast Static IP’s.
This next step assumes you have already created a DDNS Account with Dyn Remote Access and have a DDNS host configured .
Navigate to the Setup → DDNS menu in the Linksys WRT WiFi router. Input your DDNS account user name, password and host name. Click Save Settings and check the DDNS update status which should be “DDNS is updated successfully.” The DDNS service will register the Comcast Static IP address 172.xxx.yyy.185 .
Remote Internet Access to LAN Clients
Port forwarding maps Internet requests from the static IP address to a private LAN IP address to access LAN clients (computers, cameras, etc.) via the DDNS host name and port, e.g. https://myhost.homedns.org:443 or directly with the static WAN IP address of the Linksys router, e.g. https://173.xxx.yyy.185:443. For port forwarding configuration instructions, see this project .
An example port forwarding configuration where unused ports are assigned to the LAN clients to avoid conflicts with other network services:
NETGEAR CG3000DCR Admin GUI Access
In the future if you want to log in to the CG3000DCR (or older SMC8014) gateway:
- Connect your computer to the Linksys router LAN network via WiFi or wired Ethernet cable connection.
- Point your web browser to http://10.1.10.1 to access the CG30000DCR admin page.
Comcast IP Gateway: Configure 10.1.10.x Static IP Address for Windows 7 PC
Note that you will not be able to access the CG3000DCR Admin GUI if your computer is plugged directly into a LAN port on the CG3000DCR (or the older SMC8014) when DHCP is disabled on the Comcast IP gateway because your computer won’t receive a DHCP 10.1.10.x IP address. What you need to do is temporarily assign a 10.1.10.x static IP address to your computer. This is only needed if you can’t connect through the Linksys router.
For Windows 7 the computer private static IP configuration steps are:
- Control Panel → Network and Internet
- Network and Sharing Center
- Change Adapter Settings
- Local Area Connection → (right click menu) Properties
- Internet Protocol Version 4 (TCP/IPv4) → Properties
- Enter 10.1.10.2 or any unused IP address in the 10.1.10.2 to .254 range.
- Subnet mask: 255.255.255.0
- Default Gateway: 10.1.10.1
- Click OK and OK again on both dialog boxes.
You can now point your web browser to http://10.1.10.1 to log into the Comcast IP gateway when DHCP is disabled for pseudo-bridge mode and your PC is connected to a gateway Ethernet LAN port. When you’re finished remember to go back and change your IPv4 properties back to select “ Obtain an IP address automatically “.
Small Office/Home Office (SOHO) Network
See the Ubiquiti EdgeRouter Lite SOHO Network Design project for a small business or advanced home office network complete with firewall, VLANs, WiFi Access Point and OpenVPN remote access.
Domain Names/Static IP
Thursday, July 20th, 2017 8:00 AM
Assigning static IP addresses
6 years ago
Gold Problem solver
- Business Internet
- Business Phone
- Business TV
- Cloud Solutions
- Help & Support
- Why Comcast
- Our Network
- Press Releases
- Comcast Business Promise
- Comcast Diversity Equity & Inclusion
- Solution Providers
- Authorized Connectors
- Your Privacy Choices
- Notice At Collection
- Visitor Agreement
- Terms & Conditions
- Open Source
- Comcast RISE
Stack Exchange Network
Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Use static IPv6 addresses on a router behind a Comcast Business IP Gateway
I recently got set up with Comcast Business Class internet. Previously, I was using DSL with another provider and had a single static IPv4 address (VyOS). Now I want to get Comcast set up.
I purchased a static IP address delegation from Comcast. I have five static IPv4 addresses (96.x.x.168/29, of which 168 and 175 are reserved and 174 is the gateway, so I can only use 169-173, or five addresses) and a static /56 of IPv6 addresses (2603:xxxx:xxxx:8700::/56 with a static gateway of 2603:xxxx:xxxx:8700:7454:7dff:feb1:d391 [link local fe80::7454:7dff:feb1:d391], so I should have full use of 2603:xxxx:xxxx:8700::1 through 2603:xxxx:xxxx:87ff:ffff:ffff:ffff:ffff). You'll notice that the static gateway is within the /56 and, indeed, is within the first /64 prefix of the /56 ... I don't know whether that is important or causing me any problems. IMPORTANT NOTE: Since this is Comcast, and they can't do anything simply, we are not allowed to put the modem/router in "bridge mode." Static IP addresses can only work if the router is in normal mode (but you can turn all of the unneeded DHCP, firewall, WiFi, etc. off, which I did). If I put the modem/router in "bridge mode," it forces me into a single DHCP address, and that is as expected per Comcast documentation. The Comcast equipment is a Cisco type-BWG model-DPC3939B Business IP Gateway. It's readouts show the IPv4 and IPv6 static delegations.
I'm using VyOS as the routing software on my router/firewall (which is plugged in to one of the LAN ports on the BIP Gateway). It's an OSS fork of Vyatta, parallel to Brocade or Ubiquiti.
I had no problem using my static IPv4 addresses. I set up 169 as the outgoing interface for all of my private traffic (no destination NAT, just source nat using 169 as the outdoing address). I set up 170-173 using 1:1 NAT for various public-facing servers behind my firewall. It all works perfectly.
IPv6 has been a disaster. I can't get much to work. If I do the following (pretty simple), I can ping Google (2607:f8b0:4002:c07::66) from VyOS:
This results in:
I can also ping 2603:xxxx:xxxx:8700::1 from a remote server I have access to with known working IPv6. So that's nice, but that is literally the extent of what I can get to work. I can't get IPv6 onto any other machine on the network. I tried interface addresses ending in /56, /60, and /64 with no better results in any of the following scenarios:
As a first example, the address 2603:xxxx:xxxx:8700::1/60 should put everything 2603:xxxx:xxxx:8700::1 through 2603:xxxx:xxxx:870f:ffff:ffff:ffff:ffff in scope of my interface. The default route falls within that range. However, I can only ping Google (and can only ping the address from my remote server) if my address is 2603:xxxx:xxxx:8700::anything/60. 2603:xxxx:xxxx:8700::2/60 works, 2603:xxxx:xxxx:8700::feed/60 works, 2603:xxxx:xxxx:8700:1::1/60 works ... but 2603:xxxx:xxxx:8701::1/60 doesn't work. As soon as I try that, ip -6 route and ping6 tell me that the gateway is "unreachable" and that Google is "unreachable," even though all of those addresses (including the last one) are within the same subnet and as each other and the gateway.
As a second example, I tried setting two addresses on the interface:
This yielded interesting results. ip -6 route says I have a route out through 2603:xxxx:xxxx:8701::1 via 2603:xxxx:xxxx:8700:7454:7dff:feb1:d391 and ping6 no longer says "unreachable," but I never get ping responses. It was easy to determine why. I can ping 2603:xxxx:xxxx:8700::1 from my remote server, but not 2603:xxxx:xxxx:8701::1. Since the route from VyOS to Google is out through 2603:xxxx:xxxx:8701::1, the responses can't route back. Weirdly, if I delete both addresses, commit, and then add them back in reverse order, it magically works:
Now ip -6 route says I have a route out through 2603:xxxx:xxxx:8700::1 via 2603:xxxx:xxxx:8700:7454:7dff:feb1:d391 and, since my pings go out through 2603:xxxx:xxxx:8700::1, ping6 to Google results in successful responses. Great. But 2603:xxxx:xxxx:8701::1 still can't be pinged from the outside world, so I still haven't succeeded in using all of my addresses.
As a third example, since I can at least ping Google from VyOS, I want to assign some static addresses to my internal, publicly-facing servers. I start by adding the address 2603:xxxx:xxxx:8700:92::1/64 to bond0.900 , the interface facing my servers (this prefix should cover everything from 2603:xxxx:xxxx:8700:: to 2603:xxxx:xxxx:8700:ffff:ffff:ffff:ffff). Then I add 2603:xxxx:xxxx:8700:92::173/64 to the interface on one of my servers and set its default gateway to 2603:xxxx:xxxx:8700:92::1. Now, from my server, I can ping 2603:xxxx:xxxx:8700:92::1. Great! But I can't even ping 2603:xxxx:xxxx:8700::1, which is just one step away on the router, and I for sure can't ping Google. If I use monitor interfaces, I can see that the pings to Google are at least making it out of eth1, and I'm just not getting any responses. No surprise there, I suppose, given my troubles above. But I don't even see the pings to 2603:xxxx:xxxx:8700::1 getting to VyOS. But that's not really how I intended to use it, I just thought I had to since I couldn't get anything beyond :8700 to work.
So I tried setting eth1 to 2603:xxxx:xxxx:8700::1/64 (still works for pinging Google from VyOS), setting bond0.900 to 2603:xxxx:xxxx:8792::1/64, and setting the server to 2603:xxxx:xxxx:8792::170/64. Now, the server can ping 2603:xxxx:xxxx:8792::1 AND 2603:xxxx:xxxx:8700::1! This is an improvement! However, I can't ping the gateway (2603:xxxx:xxxx:8700:7454:7dff:feb1:d391) or Google from the server. monitor interfaces shows the traffic going out, but nothing comes back in.
And this is just the beginning of what I need to do. I eventually want to carve out two /64 prefixes for stateless configuration on two private LANs/WLANs, but I'm not even getting to that yet. One thing at a time, I can't even get static IPv6 fully working, or working at all past the first /64 of the static /56 delegated to me. Clearly I'm doing something wrong here, but this also smells bad. Why is this so hard?
- 1 You have not bashed your Comcast account rep over the head with that awful modem they require you to use. I'm a bit surprised that if they are going to mandate you use the equipment that they haven't provided a working configuration. – Michael Hampton Jan 17, 2018 at 9:12
- Yeah, after much research (and reading many posts like this one: forums.businesshelp.comcast.com/t5/IPV6/… ), It sounds like most of the modems they provide actually don't support IPv6 fully (including the brand new one they gave me in November), and that you have to specially request a modem that isn't on their list to get IPv6 support. (1/2) – Nick Williams Jan 17, 2018 at 13:12
- It also sounds like NOBODY in Tier 1 support has a clue what IPv6 even is, and I don't feel like spending hours on the phone to then wait days to be called back. So I posted for support help here: forums.businesshelp.comcast.com/t5/IPV6/… – Nick Williams Jan 17, 2018 at 13:14
You must log in to answer this question.
Browse other questions tagged ipv6 static-ip vyatta brocade vyos ..
- The Overflow Blog
- CEO update: Giving thanks and building upon our product & engineering foundation
- The AI assistant trained on your company’s data
- Featured on Meta
- Update: New Colors Launched
- Incident update and uptime reporting
Hot Network Questions
- Regular user is able to modify a file owned by root
- What are some good references on the history of ethics in statistics?
- What's going on with the bonkers derailleur?
- how to be a connoisseur of piano performances
- a Gutter or Sewer?
- Manga where the main character has a luck special power. Uses it to get rich
- Can a device that causes memory loss be created with near-modern technology?
- Would it be possible to make a brass/wind instrument with a jet engine as the source of airflow?
- Pattern matching vs. condition in a function
- (How) would the water deluge system impact Starship superheavy captures?
- Has there been any significant pro-Palestinian protest critical of Hamas?
- Does n have to equal infinity?
- Length and align left margin of longtable
- Front Fork Or Seat Post Suspension
- Is "it is looking good" slang?
- Is the mass of Satellite + Earth system less than their individual masses?
- Add linux tree command output in listing
- Is there equivalent for "I'm starving to death" in Portuguese?
- Does a proof by induction have to explicitly refer to the principle of mathematical induction?
- Maya Bending in Blender, is it possible?
- Did Starship Ship 25 burn up on re-entry?
- Who is the U.S. official with the highest position within the U.S. government who has dual citizenship?
- What does "solid four" mean?
- Decode the date in Christmas Eve format
404 Not found
Configure Comcast static IP on WAN
- Oldest to Newest
- Newest to Oldest
- Reply as topic
Our Comcast Business static IP and the pfSense WAN do not like each other. When we use DHCP, comcast assigns us an IP which connects to the internet. When I try configuring it to the static address, our internet connection fails. Here's what I'm doing.
Desired static IP: 50.a.b.49 Gateway: 50.a.b.50 Subnet mask: 255.255.255.252
In pfSense I go to Interfaces -> WAN and make these changes:
IPv4 Configuration Type: Static IPv4.
IPv6 Configuration Type: Leave it DHCP6
IPv4 Address: 50.a.b.49 /30
Click Add New Gateway
Gateway IPv4: 50.a.b.50
I don't change anything else. I save the change and reboot pfSense device. When it finishes, I cannot connect to the internet.
What am I doing wrong?
Maybe related to https://redmine.pfsense.org/issues/12632 ?
It could be that although the ticket suggest setting via the gui works OK.
Why are you trying to set it statically to the same IP the DHCP server is giving you though? Are you sure it's not a static lease and needs to be assigned via DHCP in order to route traffic to you?
@stephenw10 The DHCP IP that Comcast assigns us is different, 73.c.d.51.
Ah OK, and they have instructed you to just set it? It's not an IP they route to you via the DHCP IP?
If so set it again then run ifconfig against the WAN interface from the command line to check it's actually set correctly. Then check Diag > Routes to be sure it's using the new gateway correctly.
If those things are in place though it can only be that Comcast is not routing the traffic to you.
I also have a Comcast static IP, so I'm guessing the setup is similar to mine.
The things that come to mind are...
For IPv6 Type, I have "None". You might want to set that for now, just to get IPv4 working.
After your gateway is created, go back to the Interfaces -> WAN page and make sure that the new gateway is actually set in the "IPv4 Upgrade Gateway" option in the Static IPv4 Configuration setction.
How are you testing if you have Internet access? Are you using a web browser on a PC? Do you have DNS setup correctly? You can verify internet access from the pfSense box by going to Diagnostics -> Ping and trying to ping 22.214.171.124 (Don't ping a hostname, use an IP address, just to validate it's working without relying on DNS.)
@serbus I have the latest prod release Netgate pfSense Plus 21.05.2-RELEASE (arm64). How does that relate to pfSense 2.5.2 mentioned in the article?
@accidentalit can you connect with a rj45 cable directly to the Comcast router with a laptop that is set to dhcp and run ipconfig in dos/Windows or ifconfig if you use Unix/Linux. Just to see if it can issue ip addresses to devices in ipv6 or ipv4 if you get 169 it's not handing out IP addresses. Is this modem a all in one? What model Comcast modem are you using?
Make sure to upvote
- I've set IPv6 to None. On the LAN side I've also turned off IPv4 and IPv6 DHCP server. Our domain controller handles DHCP.
- If I try saving the new gateway in System > Routing > Gateways before trying to switch the WAN IP to static, I get an error that the gateway address 126.96.36.199 does not lie within one of the chosen interface's subnets.
- I'm testing from a client trying to browse to google and pinging 188.8.131.52.
This morning, after doing the above, tried changing the WAN to static, creating the gateway during the creation. When it was saved, I could not reach the internet from a browser or using ping on a client. I did not try doing the ping from within pfSense. Interestingly enough, Windows 10 network icon claimed that I did have internet access, but nothing that I did could reach the internet, google.com or 184.108.40.206. Windows on several of our computers claimed it had internet access, but nothing worked.
Now if Comcast has assigned us these static IP's:
- Static IP Range: 220.127.116.11 - 18.104.22.168
- CIDR Block Number: 22.214.171.124/30
- Gateway IP Address: 126.96.36.199
- Subnet Mask IP Address: 255.255.255.252
Should I be able to ping any of them when I still have not gotten the static IP assigned to my WAN port? None of them ping for me. Could this be related to my problem?
Can anyone recommend a pfSense guru in the south Seattle area that we could hire to get this thing working? For this project I'm merely a volunteer that only marginally knows what I'm doing.
I apologize My day job is Friday thru Tuesday and doesn't leave me a lot of time to have fun with computers.
@accidentalit hello don't get discouraged, you should try some YouTube videos on doing configuration on this. Netgate also has a support number. I love my Netgate I just got the URL blacklist running today amazing technology.
Network address translation NAT might be what you need to research more on. Lan side should be handing out private IP addresses with DHCP however they need to be NATed over to the public IP (Comcast IP) so they can communicate.
Side note, This link below is one of my favorite guides for the proxy side. There is another one for Squidguard.
It-monkey. Configure pfSense as HTTPS \ SSL Proxy filter using Squid and SquidGuard! (n.d.). Retrieved January 7, 2022, from https://forum.it-monkey.net/index.php?topic=23.0
Tech glossary. Computer Dictionary of Information Technology. (n.d.). Retrieved January 7, 2022, from https://www.computer-dictionary-online.org/glossary.html
Tech glossary might help you I don't know your experience level, if you want to understand some terms better. pfSense has everything in it a glossary is handy sometimes. It's like any profession it has it's own language at times.
In my case, I am able to ping my modem (the 188.8.131.52 address in your case). I did have to log into my modems web page and disable all the firewalls check the options for "true static IP". It's basically puts the modem in as close to bridge mode as Comcast will allow for a static IP configuration. It might help if you post some screen shots of the modem setup and also the pfSense WAN and Gateway setup pages. (You can blur out the first 3 octets if you don't want to show the real IP's.)
@accidentalit said in Configure Comcast static IP on WAN :
Static IP Range: 184.108.40.206 - 220.127.116.11 CIDR Block Number: 18.104.22.168/30 Gateway IP Address: 22.214.171.124 Subnet Mask IP Address: 255.255.255.252
If they have assigned you those IPs you should just be able to enter them in pfSense and it will work. There's nothing else you can do in pfSense to make that work. If it's not working it's with the Comcast modem that isn't configured to use it or Comcast is not routing that subnet to you.
It sounds like your connection is configured for a dynamic IP and hasn't been reconfigured as static yet.
- First post Last post Go to my next post
Your Home Network
Wednesday, March 23rd, 2022 8:00 PM
Static IP on Xfinity residential gateway
Looking for guidance on how to set up a static IP for one of my connected devices on my residential gateway
2 years ago
@user_92d590 Thanks for the post! Sadly, residential accounts are unable to have static IPs. We only provide them to Business customers.
FWIW. You are talking about the public / WAN IP address that the Comcast DHCP server assigns to the routers and the combo gateway devices. They are talking about the private / LAN IP addresses that the routers and the gateway device's built-in DHCP servers assign to the individual home network clients..
Best way to do is by setting up a reserved IP on the gateway itself, otherwise just configure the device manually using an IP within the LAN's range.
I've always had my own routers and cable modems. This is my 1st rental from comcast. So where is the WAN control where I can reserve IP addresses? I want to setup my Wired HP printer with a static IP address. Also, one of my wireless devices keeps getting knocked off (approx once per day) and I have to sign in to wireless network again. Where can I go and authorize that device or all deveice for unlimited access, without timed renewals?
Thank you for joining us on the Xfinity Forums @macman218! We don't currently offer the option for a Static IP through residential. However, it would be available through Comcast Business services! They can be reached by calling 1-800-391-3000. For the device that's disconnecting, that definitely shouldn't happen! Our team can help right here with checking into this further for you. What type of device is this happening with? Have you tried any troubleshooting steps so far to check into this connection issue?
I no longer work for Comcast.
Did you happen to see my post three post's back ?;
They want LAN / private static IP's, not WAN / public...
"We don't currently offer the option for a Static IP through residential" That's just awful!
Please create a new topic of your own here on this board detailing your issue. Thanks. The original poster has not returned. 2-month-old dead thread is now being closed.