Ideally when you plug into a cable modem, it comes up, and passes your ethernet to the cmts in a bridge, lets one mac address dhcp/arp, and things work.  It learns that one ip/mac, and disallows any other mac.  No security, nat, nothing, just real dumb dhcp + default routing with a public ip.  Routers/firewalls try to NAT you, thus double NAT if using a router behind it.

CL sells you a dsl modem/router that does your local security whether you want it or not, full router/nat/firewall, and probably spyware.  Making it a modem is possible, but takes work, and your firewall has to support PPPoE (not all can/do).  Last time I touched a combo Cox router/modem, I didn't see any way to do so.  I told them to buy a real modem, and that worked with their belkin/cisco/linksys/netgear they had.

If your "modem" mentions wifi, it's a router/firewall, not a modem.  Not all are clear about this, as they dumb it down for consumers, but an important point.

-mb


On Mon, May 4, 2020 at 1:53 PM Stephen Partington via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
I Owned a Nighthawk Router/Modem combo, The way that Netgear handled that is that the modem was hard-wired to a bridge on the router side. and technically you could see it as a separate device in the router configs if you rooted around enough. but the modem side was just a modem.

On Mon, May 4, 2020 at 11:03 AM Michael Butash via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
Cox modems *are* bridges first and foremost typically, unless you get a bundled router/modem, which is only what CenturyLink sells.  If you got a "router/modem" combo, just buy a modem-only device for a dumb bridge and simple ethernet for a public ip.  I recommend staying with an arris cable modem, originally motorola, they basically developed cable modem docsis, and are always the best.

I moved from Cox to CL when Cox started adding a usage cap, and that was new to me to get my Fortinet firewall online with CL and their DSL doing PPPOE.  I've seen the router/cable modem combo boxes later, but never owned one as I always have my own router/firewall.

-mb


On Mon, May 4, 2020 at 8:36 AM Donald Mac McCarthy <mac@oscontext.com> wrote:
Will Cox allow for a bridge/virtual bridge mode? Xfinity does, which allows you to put in a firewall, and use the modem only as a gateway, therefore preventing a double NAT situation. Never lived in a Cox area before, and currently ride CL fiber.

Mac

Michael Butash via PLUG-discuss wrote on 5/3/20 2:00 PM:
Cox modems will learn and allow only 1 mac at a time (unless business is set to allow more, but not on residential).  If switching out firewalls, I 99% of time reboot the modem first and foremost.

-mb

On Sun, May 3, 2020 at 12:08 PM Snyder, Alexander J via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
I got it working. 

I assigned the SFP+ port as my LAN and assigned it the 10.x.x.x/16 network. Then I had to call COX and list the WAN Mac address with them. Upon doing so I was able to reach external sites, and all downstream devices started coming alive!

Thanks for all the suggestions and help!

Thanks,
Alexander

Sent from my Galaxy S10+

On Sun, May 3, 2020, 03:14 Herminio Hernandez, Jr. via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
Can you  login to the FW via the LAN interface? Can you  ping the FW LAN interface? Check the routing and NAT policy on the FW. All outbound traffic should NAT to the FW WAN interface and there should be a default (0.0.0.0/0) route to the internet.

On Sat, May 2, 2020 at 7:27 PM Seabass via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
I'm with Mac, I think it is not the firewall, but if you have the ability to plug it into a display with a keyboard, you can use that for configuration and modify a different device at the same time.

Makes it easier to troubleshoot by giving you the ability to configure your pfSense ports at the same time.


Message: 2
Date: Sat, 2 May 2020 09:04:35 -0700
From: Donald Mac McCarthy <mac@oscontext.com>
To: "Snyder, Alexander J via PLUG-discuss"
<plug-discuss@lists.phxlinux.org>
Subject: Re: pfSense + Ubiquity
Message-ID: <18adfa38-3e72-7b0a-e31a-1ddf175d717f@oscontext.com>
Content-Type: text/plain; charset="utf-8"

I can help - but I am unavailable to do so until tomorrow.

Make sure there are not any thing other than default VLANs on the
interfaces to start with. Ubiquiti is famous for not havinght eSFP+
ports active in the default configuration, and I believe the switch has
all the ports to shutdown on default config as well.

I think it is the switch not passing traffic through - no the firewall.

Mac
Snyder, Alexander J via PLUG-discuss wrote on 5/2/20 8:53 AM:
> Does anyone out there have experience with pfSence and Ubiquity switches?
>
> I have zero with either but that didn't stop me from buying both ....
> how hard could it be?! LOL.
>
> I bought a Negate XG-1537-1U. I bought a Unifi Pro 24 PoE switch.
>
> I can configure the FW immediately after
> firstboot/restore-default-configs, but only if i set the LAN interface
> to be the cable that goes directly to my laptop. That's great, but
> that does shit for the downstream switch.
>
> I have a 10GB SFP+ Port that I want to configure as the downstream
> port to ubiquity, but any configuration other than mentioned above
> fails .... and I'm now on my 12th "Reset To Factory Defaults" ... any
> help on this would be greatly appreciated!
>
> Thanks,
> Alexander
>
> Sent from my Galaxy S10+
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Donald "Mac" McCarthy
Director, Field Operations
Open Source Context
+1.602.584.4445
mac@oscontext.com
https://oscontext.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html>

------------------------------

Subject: Digest Footer

_______________________________________________
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


------------------------------

End of PLUG-discuss Digest, Vol 179, Issue 2
********************************************


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Donald "Mac" McCarthy
Director, Field Operations
Open Source Context
+1.602.584.4445
mac@oscontext.com
https://oscontext.com
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss