Avoiding 'Double NAT' issue with Comcast cable modem
I just wanted to run some ideas by some people to see if they are grounded in reality. I have fairly limited networking knowledge, but I know enough to get myself into trouble.
I have an Arris TG862G cable modem / gateway for use with Comcast (personally owned, but Xfinity firmware)
I used to run pfsense with ESXi using the gateway in bridge mode. This worked great for a while until one day without altering settings my UPNP discovery wasn't working properly - I have an HDHomerun Prime cablecard tuner that I use to watch TV. I didn't really have time to troubleshoot it, so I reset the cable gateway to default settings and disconnected the pfsense VM.
Now I'm thinking about running pfsense again, but I'm wondering if I can set up a fall-back for the cable gateway in case I end up having similar issues. Here's what I was thinking:
192.168.1.1 Gateway –> 192.168.1.5 pfsense DMZ --> 192.168.1.6 switch
I noticed these settings in the Gateway admin page - I can disable UPNP and Zero conf. Will disabling these help when using UPNP in pfsense?
I could also disable UPNP in pfsense and use it on the Gateway, but I am afraid this will basically eliminate firewall functionality in pfsense ... (is that correct?)
I do need to have UPNP enabled on one of the devices for my HDHomerun Prime.
I don't see any option to disable NAT in the Gateway. Is it possible I'm I missing something?
Any help would be much appreciated! Thanks
I would just set the Comcast gateway to bridge mode and disable its internal firewall (or setup a rule to pass all if it can't be disabled). That way you just have pfSense manage everything.