[PLUG] Comcast "CDV" device & firewalls

JP Vossen on 1 Oct 2009 15:12:33 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Comcast "CDV" device & firewalls

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: [PLUG] Comcast "CDV" device & firewalls

Date: Thu, 01 Oct 2009 18:12:25 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

My Mom just had Comcast switch her over to "Comcast Digital Voice" among other things. (I assume "Triple-play" but don't know for sure.) She lives 2 hours away so I was trying to talk to the tech over the phone. He was trying to be helpful, but he just didn't have much of a clue. He removed the old cable modem and installed a device he calls the "CDV" which is some kind of combined bridge & VoIP device. At least, it has coax in and RJ-11 phone + RJ-45 Ethernet out. But, of course, there are some problems. First, we plugged an Ubuntu laptop directly into the CDV and Internet works, AND I was able to directly SSH into the laptop on port 22 from outside. That's very surprising, for obvious security reasons. Second, when we replaced the laptop with the firewall, the Internet doesn't work again (can't be more specific than that):. I suspect that something has grabbed the MAC address of the laptop and is expecting that. (I *hate* that.) I could spoof the laptop MAC on the FW, but doing that over the phone is tough and the tech had to leave. "Internet" was "working" so... And in his defense he did spend a good amount of his own time trying to help. I have the old cable modem/bridge, so I can put that back on and what I'd really like to do is what I have at my house with FiOS: [Bridge] <--> [Firewall] <--> LAN ^--> Phone segment So the problems are: 1) The tech had no idea what incoming FW rules are needed (I have an any/any/any outgoing rule for that segment for now). 2) I get the impression that they are doing something "tricky" and that the phone part of the CDV doesn't work like my Vonage adapter does. 2.1) Related to that, why was I able to SSH in? Is there no FW/NAT built in to the CDV? If it was truly a bridge, that would be perfect as far as I am concerned. But then how does the CDV get an IPA if it's not shared and NAT'ed? And that leaves gapping security holes that I can't believe even Comcast would be oblivious to. So what the heck? 3) The memorized MAC address. Anyone else have a CDV and this kind of setup and can shed some light? Thanks! JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Comcast "CDV" device & firewalls
From: Lincoln Fessenden <linc@thelinuxlink.net>

Re: [PLUG] Comcast "CDV" device & firewalls
From: Carl Johnson <cjohnson19791979@gmail.com>

Prev by Date: Re: [PLUG] POSIX shell equivalents of pushd and popd

Next by Date: Re: [PLUG] Comcast "CDV" device & firewalls

Previous by thread: Re: [PLUG] POSIX shell equivalents of pushd and popd

Next by thread: Re: [PLUG] Comcast "CDV" device & firewalls

Index(es):

Date

Thread