Avoiding 'Double NAT' issue with Comcast cable modem



  • Hi,

    I just wanted to run some ideas by some people to see if they are grounded in reality.  I have fairly limited networking knowledge, but I know enough to get myself into trouble.

    I have an Arris TG862G cable modem / gateway for use with Comcast (personally owned, but Xfinity firmware)

    I used to run pfsense with ESXi using the gateway in bridge mode.  This worked great for a while until one day without altering settings my UPNP discovery wasn't working properly - I have an HDHomerun Prime cablecard tuner that I use to watch TV.  I didn't really have time to troubleshoot it, so I reset the cable gateway to default settings and disconnected the pfsense VM.

    Now I'm thinking about running pfsense again, but I'm wondering if I can set up a fall-back for the cable gateway in case I end up having similar issues.  Here's what I was thinking:

    192.168.1.1 Gateway –> 192.168.1.5 pfsense DMZ --> 192.168.1.6 switch

    I noticed these settings in the Gateway admin page - I can disable UPNP and Zero conf.  Will disabling these help when using UPNP in pfsense?

    I could also disable UPNP in pfsense and use it on the Gateway, but I am afraid this will basically eliminate firewall functionality in pfsense ... (is that correct?)

    I do need to have UPNP enabled on one of the devices for my HDHomerun Prime.

    I don't see any option to disable NAT in the Gateway.  Is it possible I'm I missing something?

    Any help would be much appreciated!  Thanks
    Avery



  • I would just set the Comcast gateway to bridge mode and disable its internal firewall (or setup a rule to pass all if it can't be disabled). That way you just have pfSense manage everything.


Log in to reply