Damon Register wrote:
In another post I commented that I had trouble yesterday with what seems to be Comcast blocking ports 21 and 80 so I couldn't serve ftp or http. I mentioned this to my brother who said he remembers reading somewhere that Comcast is "going after people running NAT" but he didn't remember any more. Has anyone else heard this? How would NAT be detected with SuSEfirewall2 on 9.0?
Damon Register
They can't tell; I've been running, or was until I got my DSL, a Cisco 2611 router facing them, and they were clueless. They came out and installed the service on my PC, installed tons of crap that I'd never use, and left. I promptly disconnected the PC, wiped it out, and spoofed the PC's NIC mac address onto the router ethernet address facing Comcast..... they were none the wiser. Even the router's access list makes the connection look just like a PC. The way most people get caught is when Comcast comes to their house to repair something, and the user forgets to revert the connection to the PC and Comcast sees the router. Otherwise, they'll never know. The Cisco router (can't say for the little SOHO units) spoofs the MAC address for all internal requests and keeps a PAT/NAT table listing that makes all transactions appear as it it comes from the one PC. If you were desperate, you can even spoof http and ftp ports onto non-standard port numbers and get by the blocking of 21 and 80 by using some unregistered high numbered port. -Jeff
participants (1)
-
Jeff Bankston