The Horror That Is Comcast Business Internet With Static IPs

This story chronicles my recent frustration with Comcast Business Internet, primarily due to their lack of clarity on how they provide their service when included with Static IP Addresses.

I decided (probably foolishly, but I have no regrets) to lease my own office “for my company” on Massachusetts Ave in Cambridge as part of my plan to dominate the world and keep all my projects and geek toys in a separate location to my regular apartment. The space is two rooms, a front room and a rear closet, with power and HVAC included at $350/month. (Muahahaha)

So logically I decided to offer to a few of my friends to see if they were interested in sharing the space/hosting a server there. My friend Ross, of course, took the bait and soon I had leased a beautiful man cave, furnished it, and the time came to order business internet.


Nope. Not available. Tried begging. Not happening.

We even tossed in the possibility of running a microwave bridge from a location with FiOS to the office. Still a possibility but we’re in the basement. Will require more thought, and probably a location that costs more than $350/month.

Comcast Business

It was to be, sadly, our only option. But I’ve had good results with Comcast in the past. I simply separate church and state: I buy my own modem, I use my own router and handle everything from the point that DOCSIS ends forward. I assumed I’d be able to do the same with the business class service…wrong. My one complaint has always been the terrible upload speed, and I knew I’d be running servers where upload is the more important side of the two.

So I filled out a quote and was shortly contacted by a rep from Comcast’s Business Sales Team or whatever who got me set up with an acceptable plan (75/10). I told him I wanted static IPs and he said that would be fine. He also managed to upsell me on a $5/month TV add on that would give me a few channels to the man cave but also give me a $300 prepaid incentive card. I took the bait (mostly because this is a tax free way to get equity out of the company).

The first signs of trouble

I got the whole 2 year contract I had to sign (which was scary, but he said both that we can scale the service down and stay within the terms or we can get out of the contract if we move to a place in which the service isn’t available). The grand total with the “Business Gateway” was $156/month.

The contract listed 5 Static IPs and “Business WiFi.” (!)

Business WiFi

First of all, WiFi (as the term) has sort of been embraced by Comcast as a term that can be trumpeted and sold to customers. Everyone understands what WiFi is…at least sort of. They no longer sell you “Internet” or “IPv4 connectivity,” they sell you “WiFi.”

But WiFi is a bridge of layer 2 ethernet that allows computers to connect without cables. That term is used primarily when describing your services to technological idiots. It’s the same as selling a computer based upon heavy marketing of the peripherals. So why was it listed on a business contract as some service that they were rendering?

Any network technician can spot the confusion: where does the “WiFi” fit into 5 static IP addresses? Getting just Business Internet with Static IP addresses gives you this vision that your setup will be literally a bridge and a layer 2 subnet of IP addresses. No DHCP, no local router, no nothing. WRONG!

The “Business Private WiFi” basically tells you that a whole host of garbage that I thought I was going to take care of myself was included: the router, switch, access point. And from personal experience with the consumer equivalent, the “Comcast WiFi Gateways” are the network engineer’s worst nightmare. They suck, they crash, they perform intermittently so as to inspire the wrath of even the frat brothers who don’t understand that it’s causing the problem, they don’t support local DNS properly, and you can’t even disable the WiFi without calling customer support (just to name a few of the problems).

Basically “Nick’s principle of why you ought not to use DOCSIS Router McWiFi access points” is that any time you start combining devices like that, the performance suffers. The target market shifts lower in the technological IQ range, and they cut corners. For example, Ubiquiti makes a line of exceedingly high performance routers for under $100, and cheap wall-mountable WiFi APs for around $50 that can run on astandard but usable 24V PoE. That system runs like a tank, to the point that I will not install or service non-Ubiquiti systems for my family and other engagements. The amount of times various cheap Amazon ARM router + access points have given me inexplicable trouble is very high. I’ve never had a real dedicated router crap out (except when I misconfigure the firewall to not accept any TCP connections).

So I asked the sales rep and got a nonanswer: but I was told that once I had the service I could “work with the customer care representatives to transfer my static IP addresses onto my own hardware.”

That statement was patently false. I called up another support technician that likewise claimed the exact same thing. They’re both wrong. A Comcast Business customer desiring static IP addresses must lease this “Business Gateway,” because the only supported configuration is to locate the customer’s router within that gateway. They do not support a bridged configuration where you may bring your own router and connect it to a standard DOCSIS modem.

Confused? Read on.

The Comcast Setup

You’re going to laugh when you hear this.

They came in and set up this “Business Gateway.” A few fun facts:

  1. WiFi is already set up. Yipee.
  2. By default, you’re now running an Xfinity WiFi Hotspot. Surprise!
  3. Any computer plugged into the ethernet ports or connected to the WiFi gets DHCPed a RFC1918 “NAT” IP in the subnet.
  4. There’s a firewall with lots of options. Which is confusing because NAT doesn’t need a firewall to begin with because it’s impossible to route into a NAT. The firewall also has settings which clearly refer to the real Static IPs.
  5. Setting reverse DNS requires contacting support, but is possible!
  6. Comcast refers to your real IPs as “true static IPs” because they assume nobody knows what RFC1918 is.
  7. The whole thing is basically undocumented, except for a PDF that refers to an old business gateway from 2006 with different configuration options.

Where are the static IPs? How do I connect to them?

What is the mysterious setup?

Basically, the Business Gateway acts as a router. It is the gateway for your static IP subnet, and is placed at the top of your static IP subnet. We have a /29 subnet, which means that we have 5 usable IPv4 addresses and a 6th that is assigned to our gateway. We can use this 6th address by setting up a IPv4 DMZ, the same disastrous setup that home server operators have been dealing with for eons. To use any static address (once the firewall is disabled in the Business Gateway for “true static IP addresses”), all one needs to do is manually set the IP, subnet, and gateway on your computer and it will route. Easy as that.

Now here’s where it gets funky: it is also a standard NAT router. The same layer 2 network also has a DHCP server which will issue NAT addresses. So by default, any computer connected with DHCP enabled gets a NAT address.

So the not-so-obvious pro of this situation is that you can have two addresses assigned to a computer:

  1. Primary public and static IP (configured as default gateway)
  2. Secondary internal static IP (just local traffic)

Both on the same interface. Both will route, allowing you to contact LAN devices and but maintain a primary external IP on the same computer.

To confuse you further, there’s a setting which allows you to “Map” external IP addresses to internal NAT addresses. That’s cool I guess, but it’s very unclear what’s going on or even that the aforementioned configuration is a possibility.

What’s the problem?

First, I’m stuck leasing a hellbox. They didn’t bother to even invent a more sane configuration.

Second, any yahoo who manages to get access to your WiFi network can just change their IP settings and start using your external IPs as their own.

Third, while this configuration may be advantageous to some, it’s not, by any standards, a standard networking setup. Nowhere is this clearly laid out in any of the documentation. And their technicians and phone support haven’t the faintest clue how to explain to you that you’re running a bastardized IP network (much less much else about networking…but they do seem to enjoy using tremendously untechnical terms and conflating the word modem and router constantly).

What’s the solution?

Comcast points out, and rightfully so, that if you disable the DHCP server and WiFi you basically have what they “sold you.” But you’re still stuck leasing the hellbox, and the hellbox is still running a NAT router underneath the hood. Maybe that’s fine, I still don’t like it.

Granted, I cannot compare this to business-class FiOS because I’ve never owned it.

I think what this basically means is that Comcast Business service should really be branded Comcast’s “really small business service for those without any technical expertise.” This setup pretty clearly implies that that’s what they were going for. And to an extent they probably succeeded.

Realistically, I would be a hell of a lot more satisfied if there existed “Comcast’s Technical Guide to Static IP for Business Service” which explained everything detailed in this article and was provided along with the literature when I originally signed the contract. I would prefer if their technicians were entirely educated about this more advanced service, because they clearly aren’t (basically every time I call I can get half a dozen false answers to these simple questions).

Fastest Ways to Break Linux: chown of death

Have you ever wondered how to break Linux real fast? Here is a great example:

I mounted an external drive where you usually do (actually just /mnt … I was lazy). Also, I had previously used that EXT4 volume with my ParagonEXTFS driver on OSX (which, by the way, is terrible). To rectify the permissions, I wanted to do a recursive chown because naturally, everything on the drive should be owned by me. Continue reading Fastest Ways to Break Linux: chown of death

DC 12V UPS for your whole house – 12V Socket!

So there’s a reason (or several) why your house isn’t wired for DC electrical operation. But there are a variety of situations in which you may want to add DC capability to your house — for example, off grid situations or if you want a house-wide 12V UPS backup.

A 12V DC NEMAish plug with receptacle.
A 12V DC NEMAish plug with receptacle.

Continue reading DC 12V UPS for your whole house – 12V Socket!

SDSL Bridging with the ZyXEL 782R G.SHDSL Router

You may have wondered, how do I bridge DSL modems? I can’t be the only one…

A great copper span of several feet
A great copper span of several feet

When you go to your friendly neighborhood cable office or phone company to acquire DSL or DOCSIS services, the box that your ISP gives you is referred to in the industry as CPE or Customer Premises Equipment. Most Internet Service Provider technologies are asymmetric, which means that the upload and download rates are different (in addition to being on different frequencies).
Continue reading SDSL Bridging with the ZyXEL 782R G.SHDSL Router

OwnCloud Review plus Installation + Configuration Tutorial for Debian

File listing in Web GUI
File listing in Web GUI

I’ve just installed OwnCloud on my Debian server, and I’d like to take a few minutes to review its functionality and performance. For those who read my blog, you’ll know that I hate the word “Cloud.” However, OwnCloud has actually used the term properly, so they are forgiven.

OwnCloud is basically an open source Google Drive. Currently, it provides a similar level of functionality as DropBox, with several key differences. First, the payment structure is obviously fundamentally different. While an enterprise version and various subscriptions are available, the cost for the open source version is $0. The Desktop sync apps are based on open source libraries and are also available for free. The mobile apps for Android and iOS respectively cost $0.99, which I deem a very appropriate cost to offset the development costs and the “App Store Fees.” The extent of the cost you have to pay is for storage capacity, computers, and $1.98 for mobile apps. Continue reading OwnCloud Review plus Installation + Configuration Tutorial for Debian

BLU Samba W (Q170W) Quad Band GSM Phone Review

Continuing on my cheap GSM phone binge, I’ve acquired a BLU Samba W.

The Samba W
The Samba W

There is very little information on the Samba W out there (of which some of the information is just downright incorrect) so I’ll try to start from the ground up. Even BLU’s website displays the phone but doesn’t let you click on it, nor does it appear to have a similarly named page as its other phones that you can’t guess the URL. Continue reading BLU Samba W (Q170W) Quad Band GSM Phone Review

Aiek M3 Credit Card Sized GSM Phone Review

Freshly arrived from it’s Chinese eBay padded mailer, behold the Aiek M3


The Aiek M3 is a quad band GSM phone which is exactly the same size as a credit card (but significantly thicker). It is the next generation following the older “real button” versions (M1 and M2) and instead uses some sort of capacitive touch key design. Continue reading Aiek M3 Credit Card Sized GSM Phone Review

Utilite Pro Review

My Utilite Pro has finally arrived! Admittedly it sat at my Mom’s house for a week before I finally booted it today, but I’m now ready to give my first impressions, plugged into a single ASUS 1920×1080 monitor.


  • Freescale i.MX6 Cortex-A9 1.2 GHz Quad Core
  • 2 GB DDR3 1066 MHz RAM
  • 32GB mSATA SSD
  • 2x GBE
  • 2x HDMI
  • 4x USB
  • S/PDIF
  • uSD slot
  • Hardware Serial (with external adapter to DB-9)

Pretty cool. Performance marginally better than an ARM Chromebook of similar cost.

It ships with Ubuntu 12.04 with XFCE (Does that make it Xubuntu?). Most notable issues are a bit of instability (random crash notifications) and media issues associated with it being ARMv7. For example, Google Chrome is not available for ARM and it ships instead with the open source Chromium browser (the open source Flash-less cousin of the Google version).

Trying to get YouTube to work:

  • No Flash
  • Can’t install Flash or Chrome (not availble for ARM)
  • YouTube has a HTML5 fallback, but presents a prominent “missing plugin” announcement and doesn’t load HTML5 player
  • Plugins, opting in to the HTML5 trial, etc do not change this
  • Somehow it now loads the video and then presents an “This video is currently unavailable.” message

If anyone has had success with getting this to work let me know. I’ll update this as I continue to use it.