Pace 4111N in bridge mode - no inbound traffic seen

[Greg]

Hello,

I recently signed up for Fusion and have my modem in bridge mode, with an enterprise firewall that has a port with my static IP assigned. My firewall is handling all NAT/PAT rules, DHCP server, etc.

My outbound access is working fine (posting from the sonic connection now), but nothing comes inbound. The modem or something upstream is being blocked. When I traceroute from my cell phone to my static IP, I get roughly the following: (sorry for the odd formatting)

Code: Select all

Hop	Hostname (IP)	Round-trip times
 1	69.42.85.82	1.450 ms		1.448 ms	1.446 ms 
 2	173.239.0.53	14.564 ms	14.652 ms	14.673 ms 
 3	173.239.0.29	15.455 ms	15.466 ms	15.612 ms 
 4	208.178.245.149	28.282 ms	28.376 ms	28.443 ms 
 5	67.16.142.49	15.310 ms	15.399 ms 
 6	67.16.142.53	15.394 ms 
 7	67.17.105.2	97.563 ms 
 8	67.17.67.210	88.178 ms
 9	67.17.105.2	96.995 ms 
10	69.22.153.205	89.925 ms	89.268 ms	89.349 ms 
11	69.22.143.170	93.804 ms	93.693 ms	98.272 ms 
12	69.22.153.17	96.619 ms	91.076 ms	90.972 ms 
13	69.22.130.86	98.286 ms	103.718 ms	104.631 ms 
14	69.12.211.2	92.264 ms	90.597 ms	89.778 ms 
15	70.36.243.130	100.421 ms	101.794 ms	99.929 ms 
16	 * 	 * 		 
17	 * 	 * 		 
18	 * 	 * 		 

hop 15 resolves to a Sonic.Net address.

It is dying before it gets to my IP (in the 50.0.17.0/24 subnet). Sonic support (understandably) is unable to help as this is an unsupported configuration.

I have tried to disable the firewall, on the modem, but when I try to do so it gives a completely blank error. This is under "Settings > LAN > IP Address Allocation". I see my personal firewall connected with a status of "Connected Static IP", but when I try to disable the Firewall it gives:

Code: Select all

!Errors

Nothing more. I have no other options in any of that device's drop-down options.

When I try to choose my personal firewall under Settings > Firewall > Applications, Pinholes and DMZ; then allow all (or any) applications through, I get:

Code: Select all

! Errors
The application may not be mapped until a broadband connection is established.

But I have a broadband connection established right now.

I can't actually access the modem at gateway.sonic.net (192.168.42.1) unless I attach another IP (192.168.42.2) to my firewall's connected port. The wiki has very little information about this, and I haven't found a solution searching in these forums.

I'm completely at a loss. I know the modem is blocking the inbound traffic, but it seems there may be some sort of checks that don't let you bridge before disabling it. I had to call Sonic to get them to bridge it to begin with, but now that it's bridged they can't help because they won't be able to access the modem to do diagnostics.

Any help is greatly appreciated.

Thanks in advance,
Greg

[gregwesson]

This is the same Greg, now I actually logged in so I can edit my post if needed.

If it helps, here is a simplified network diagram showing the setup:



I wonder if the modem will let me disable the firewall in static IP mode, and stay disabled if I switch to bridged. I'll try that tonight and update with the results.

-Greg

[gregwesson]

To close this one out:

I managed to solve it with the help of Sonic.net support. Duncan helped tremendously.

I had given up, and was going to route things via a private IP in the 192.168.42.0/24 range, but ran into trouble with the firewall part of the modem again. So I called up, and Duncan told me that it should work fine as a bridge. So we re-enabled the bridge and confirmed that he saw my firewall's MAC address binding on their side. Still the same problem, so he asked me to grab a PC and give it my public IP.

When I did that and ran a python web server ("$ python -m SimpleHTTPServer" - this is awesome for a simple web server listening on port 8000. Even works in cygwin), he was able to connect in.

After all was said and done, I had some policies on my firewall that I was using for staging. I was directing my own traffic out the sonic.net connection while the rest of my network was still using Comcast. After I disabled that policy and set my default route to the sonic gateway, everything connected.

Thanks for the help Duncan & Sonic!
-Greg

[dane]

After all was said and done, I had some policies on my firewall that I was using for staging. I was directing my own traffic out the sonic.net connection while the rest of my network was still using Comcast. After I disabled that policy and set my default route to the sonic gateway, everything connected.

Thanks for posting the follow up, and glad to hear you worked it out!