Skip to: Site menu | Main content

Print this page   Generate PDF

Comcast SMC Gateway Bridge Mode

Fast, reliable and affordable!

If you are like me with 1 static address, Comcast assigns you an address range with a /30 netmask (aka You really get two addresses, one for the Comcast-provided router (which they don't directly tell you about, but which is implied by the netmasks and can be verified via testing) and one that is transparently sent through that router to a node with your static address. For example, assume I have 173.YYY.XXX.169 as my static address, then the WAN address of the Comcast-provided router will be 173.YYY.XXX.170. It is a common approach to make the router IP address be the highest one in the address range. The node on the static address can be either a server or another router with NAT, etc.

Setup is quite simple.
You need to go to the SMC firewall setting and check "Disable Firewall for True Static IP Subnet Only".
Then set the WAN address of the router you provide to your static address (with the above netmask), connect it to one of the ethernet ports on the Comcast router and you should be good to go. (BTW, if the router you provide does not provide NAT/firewall functionality, you might want to leave the above setting off and go in to the more complex set up under "True Static IP Port Management" and selectivly allow services through.)

Comcast's approach is kind of cool, since if you just use the facilities of the SCM router (i.e., don't stick a second layer of router in there), you can actually use both addresses. In my actual setup, I use the .169 address for my primary server and use the NAT/port-mapping function on the SMC to port forward to other servers (e.g., remote desktop access or services I am testing out). Any box that uses the NAT function will show up on the Internet with the address of the router, not my static server address. (Also note that you will not be able to forward port 80. This is used by the router for management.)

I had originally wanted to do what you do and reuse my existing router. However after moving the VPN functionality off that router to my server (I use OpenVPN) I decided to go for a simplified setup. The SMC router has all the basic functionality needed for a SOHO or SMB router in my opinion. (Its main lack is good bandwidth monitoring or intrusion detection.)

Finally... Strictly speaking neither of our approaches are actually "bridging" as this is a Layer 2 function and we are both suggesting L3/routing techniques. In your example, you are setting up a multi-layer NAT. I my example, we are just using routing as it was intended to be used.


Visit our ratings pages from these links!

Google Reviews