|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Comcast "CDV" device & firewalls
|
JP Vossen wrote:
> My Mom just had Comcast switch her over to "Comcast Digital Voice" among
> other things. (I assume "Triple-play" but don't know for sure.) She
> lives 2 hours away so I was trying to talk to the tech over the phone.
> He was trying to be helpful, but he just didn't have much of a clue.
>
> He removed the old cable modem and installed a device he calls the "CDV"
> which is some kind of combined bridge & VoIP device. At least, it has
> coax in and RJ-11 phone + RJ-45 Ethernet out.
>
> But, of course, there are some problems.
>
> First, we plugged an Ubuntu laptop directly into the CDV and Internet
> works, AND I was able to directly SSH into the laptop on port 22 from
> outside. That's very surprising, for obvious security reasons.
>
> Second, when we replaced the laptop with the firewall, the Internet
> doesn't work again (can't be more specific than that):. I suspect that
> something has grabbed the MAC address of the laptop and is expecting
> that. (I *hate* that.) I could spoof the laptop MAC on the FW, but
> doing that over the phone is tough and the tech had to leave.
> "Internet" was "working" so... And in his defense he did spend a good
> amount of his own time trying to help.
>
> I have the old cable modem/bridge, so I can put that back on and what
> I'd really like to do is what I have at my house with FiOS:
>
> [Bridge] <--> [Firewall] <--> LAN
> ^--> Phone segment
>
> So the problems are:
>
> 1) The tech had no idea what incoming FW rules are needed (I have an
> any/any/any outgoing rule for that segment for now).
> 2) I get the impression that they are doing something "tricky" and that
> the phone part of the CDV doesn't work like my Vonage adapter does.
> 2.1) Related to that, why was I able to SSH in? Is there no FW/NAT
> built in to the CDV? If it was truly a bridge, that would be perfect as
> far as I am concerned. But then how does the CDV get an IPA if it's not
> shared and NAT'ed? And that leaves gapping security holes that I can't
> believe even Comcast would be oblivious to. So what the heck?
> 3) The memorized MAC address.
>
> Anyone else have a CDV and this kind of setup and can shed some light?
>
> Thanks!
> JP
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP |:::======| http://bashcookbook.com/
> My Account, My Opinions |=========| http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's Law.
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
Not quite the same but I can tell you my cable modem does the same thing
by "memorizing" the mac and only talking to that device. A simple modem
reset (unplug power / wait / plug back in) fixes it every time.
--
-Linc Fessenden
In the Beginning there was nothing, which exploded - Yeah right...
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|