09-14-2021 10:30 AM - last edited on 09-14-2021 10:42 AM by RogersYasmine
Prior to getting Rogers Ignite Internet XB7 modem, I had a PC wired to my old Hitron modem, with an IP on the 10.0.0.1/24 network and I had a second router wired to 10.0.0.1/24, but acting as a gateway for a 192.168.1.1/24 network. With the Hitron, any PC that was on 192.168.1.1/24 was able to traceroute and SSH to the PC connected to 10.0.0.1/24. Now that I have the XB7, with the same wired connections, this no longer works. I am able to ping the PC on 10.0.0.1/24 from 192.168.1.1/24, but SSH and traceroute are now blocked from 192.168.1.1/24. Is there anyway to make this work? The fact that ping is working means the routing is fine, but I suspect the XB7 is blocking all TCP ports going to anywhere on 10.0.0.1/24. Everything else works fine - devices connected to 192.168.1.1/24 are able to get out to the internet.
On a side note, I was very disappointed to see that the diagnostic tools on the Rogers Ignite Internet modem (XB7) are very dummied down.
**Labels Added**
09-14-2021 11:15 AM
@joebloe2 I'm having trouble picturing your network topology, what IP addressing is being used on which LAN segments, and how they interconnect.
Keep in mind that the Ignite gateways use 10.0.0.0/24 by default for the in-home LAN/WAN. Did you change this or is the problem that you now have an addressing conflict?
09-14-2021 12:13 PM - edited 09-14-2021 12:18 PM
Yes, I understand that - I did not change the network on the XB7, it is still 10.0.0.1/24. I have two devices wired into the ethernet ports of the XB7, a PC and a router/gateway. The router/gateway has a WAN IP on the 10.0.0.1/24 network and hosts a 192.168.1.1/24 on its LAN side. Anything connecting through the 192.168.1.1/24 network (i.e. having a 192.168.1.1/24 IP) can only ping devices on 10.0.0.1/24, but I am unable to SSH from a 192.168.1.1/24 device to the PC connected to 10.0.0.1/24 even though the SSH port is open on the PC. Also, keep in mind that this exact same configuration worked with the Hitron in place of the XB7
09-14-2021 12:28 PM
@joebloe2 wrote:
Yes, I understand that - I did not change the network on the XB7, it is still 10.0.0.1/24. I have two devices wired into the ethernet ports of the XB7, a PC and a router/gateway. The router/gateway has a WAN IP on the 10.0.0.1/24 network and hosts a 192.168.1.1/24 on its LAN side. Anything connecting through the 192.168.1.1/24 network (i.e. having a 192.168.1.1/24 IP) can only ping devices on 10.0.0.1/24, but I am unable to SSH from a 192.168.1.1/24 device to the PC connected to 10.0.0.1/24 even though the SSH port is open on the PC. Also, keep in mind that this exact same configuration worked with the Hitron in place of the XB7
The Ignite gateway should not be blocking any connections or any connectivity between any devices on its internal LAN.
Also, be careful when you write things like10.0.0.1/24. This is how you would write the IP address of a device (10.0.0.1) that is connected to the 10.0.0.0/24 network segment.
09-14-2021 12:31 PM - edited 09-14-2021 12:32 PM
something is being blocked, or it cannot find a route back. As I implied, the only change is the XB7 is now in place of the Hitron. When I had the Hitron it worked, now it does not. It would be nice if I could do a traceroute from the XB7 and actually get to see the output. At least with the Hitron I could
09-14-2021 01:06 PM - edited 09-14-2021 01:22 PM
@joebloe2 wrote:
something is being blocked, or it cannot find a route back. As I implied, the only change is the XB7 is now in place of the Hitron. When I had the Hitron it worked, now it does not. It would be nice if I could do a traceroute from the XB7 and actually get to see the output. At least with the Hitron I could
Okay, so say the network looks something like this:
Internet
|
[Ignite gateway - 10.0.0.1/24]
|
+--------------------------------------------- 10.0.0.0/24 (Anything connected to the XB7 LAN ports will be on this segment)
| ^[Server - 10.0.0.x/24]
|
[Router] (this device should have either a static or a reserved IP address on the 10.0.0.0/24 segment.
|
+--------------------------------------------- 192.168.1.0/24
| ^ Various devices connected to this network segment with a default gateway pointing to Router
If your Router is acting as a firewall/gateway and has NAT enabled, then it should "just work".
However, if your Router is acting as an actual router, not a firewall/gateway, no NAT, then the Server on the 10.0.0.0/24 needs to somehow have a route back to the 192.168.1.0/24 network. Do you have this static route configured on Server? Unfortunately, I'm pretty sure that there is no way configure a static route on the XB6/XB7 gateway, nor is it capable of learning routes that are advertised by a routing protocol.
I don't see why devices on the 192.168.1.0/24 network can ping devices on the 10.0.0.0/24 network but cannot SSH to the Server.
09-14-2021 02:10 PM
I agree, it should work, it worked for the Hitron. As I have indicated, the only change is the introduction of the XB7 in place of the Hitron modem. I did not change the configuration on any of the other devices, so I have to think it is something about the XB7. The router hosting 192.168.1.0/24 is configured as a gateway, just as it was when I had the Hitron. I have not changed any of the config on this router.
The interesting thing is when I try a traceroute, using the XB7 Diagnotic Tools page, to one of the Xi6-T devices connected to the XB7 WiFi, so on the 10.0.0.0/24 network, I get a result of "Status:Error! Traceroute Failed !", even though the Xi6-T device is working fine and activitely streaming content to a TV. If I try the "Check for IPv4 Address Results" (ping??) I get a Connectivity: Error.
09-14-2021 02:29 PM
@joebloe2 wrote:
The interesting thing is when I try a traceroute, using the XB7 Diagnotic Tools page, to one of the Xi6-T devices connected to the XB7 WiFi, so on the 10.0.0.0/24 network, I get a result of "Status:Error! Traceroute Failed !", even though the Xi6-T device is working fine and activitely streaming content to a TV. If I try the "Check for IPv4 Address Results" (ping??) I get a Connectivity: Error.
I'm pretty sure the connectivity tests in Troubleshooting only work for targets on the WAN side. You cannot do a ping or traceroute to a device that is connected to Wi-Fi or the Local IP Network.
09-14-2021 02:42 PM - edited 09-14-2021 02:42 PM
Thanks.
Again I will say that it is very disappointing that the XB7 has limited diagnostic capability or, more likely, Rogers has locked it down to be this way.
09-14-2021 03:48 PM
@joebloe2 wrote:
Again I will say that it is very disappointing that the XB7 has limited diagnostic capability or, more likely, Rogers has locked it down to be this way.
As far as I know, this is not something that Rogers locked down, accidentally or intentionally. The Comcast Xfinity (Rogers Ignite) gateways are really, REALLY simplistic by design, at least from a user-facing perspective. You have no visibility into what's going on with your network and no tools to troubleshoot any weird or complex issues. Even the gateway's logs do not log anything useful when a problem happens.
When Ignite Internet was only available with Ignite TV, many Rogers Internet customers were clamouring to switch from the Hitron CODA to the XB6, and I cautioned users about wanting to make that change because they would end up losing features and configuration options.
As for your connectivity issues, I would suggest connecting your server and router to a LAN switch, and uplinking that switch to your Ignite gateway. With this configuration, the XB7 would not be able to block any LAN traffic between your router and the server. If you are still experiencing connectivity issues, it would be due to some problem with your setup, not the XB7.
09-14-2021 04:35 PM
I am pretty sure it is the XB7 that is causing the issue
09-14-2021 04:50 PM
@joebloe2 wrote:
I am pretty sure it is the XB7 that is causing the issue
What kind of server are you running, Windows or UNIX/Linux? If you are running UNIX/Linux and your server's IP address changed, double-check your sshd_config , specifically the ListenAddress line to ensure that you are not binding to the old IP address.
09-14-2021 05:12 PM
The server's IP address did not change, it is defined as static. The XB7 shows it as connected with the static IP address. As I indicated before, the ONLY change is replacing the Hitron with the XB7. Has to be the behavior or the XB7 that is not allowing it to work.
09-14-2021 08:38 PM
09-14-2021 09:21 PM
@joebloe2 wrote:
The server's IP address did not change, it is defined as static. The XB7 shows it as connected with the static IP address. As I indicated before, the ONLY change is replacing the Hitron with the XB7. Has to be the behavior or the XB7 that is not allowing it to work.
I'm grasping at straws here... is there any chance that this could be DNS-related? Do you have Protected Browsing enabled in the Ignite WiFi Hub? That could certainly break DNS lookups and cause all sorts of weird issues.
09-14-2021 11:28 PM
Not sure what it is, the XB7 is kind of a black box. No, I have not enabled protected browsing
09-16-2021 10:51 AM
Thanks, but I do understand there are alternatives for how to wire things and what they are. I was really only looking to the forum for a way to make the XB7 work using the network wiring I had with the Hitron. I would have thought the answer to that would be yes, but apparently not.
09-16-2021 11:17 AM - edited 09-16-2021 11:31 AM
@joebloe2 wrote:
Thanks, but I do understand there are alternatives for how to wire things and what they are. I was really only looking to the forum for a way to make the XB7 work using the network wiring I had with the Hitron. I would have thought the answer to that would be yes, but apparently not.
Have you tried connecting another device directly to the XB7 via Ethernet to test whether it can connect to the server via SSH over the local LAN, with no other devices in the network path? If it can, that will at least confirm that the XB7 is not preventing SSH from working.
Without more information, we can't help you. I can't think of any reason why the XB7 would be preventing your setup from working. If the XB7 is causing problems, the only way to get that fixed is to obtain a network trace to confirm the problem and send that (or a detailed description of the cause) to Rogers so that they can either fix it themselves (if it's a provisioning issue) or open a ticket with Comcast to get the problem fixed.
09-16-2021 11:32 AM
yes, i have tried connecting other devices to the XB7 with the same result. Pretty sure the XB7 is not allowing the traffic, for what ever reason - it is the only change.
Ideally, I would be able to trace right from the XB7, but that fails when trying to trace to any of the devices connected to the LAN side of the XB7 (e.g. Xi6-T boxes). The XB7 is pretty much a black box, providing little in the way of introspection/diagnostics.
Thanks for trying, but at this point I will pursue an alternative solution.
09-16-2021 01:24 PM
FYI, just successfully logged into an Ethernet-connected test server across my local LAN via SSH. Also successfully logged into a network device that supports SSH access. My XB6 did not do anything remotely weird to block the connection. The XB7 should be functionally equivalent but if Rogers can upgrade my gateway, I would be happy to test with that as well.
12-22-2022 10:29 PM
I think this is due to the firewall security level. I was not able to ping to 8.8.8.8 and I could not login to my aws virtual machine through ssh. Then I logged in to the router and set the firewall security to custom security. Then both of those worked! So, we have select the security level based on our environment and the resource that we need to protect as well as the internet services that we want to avail. But it would have been very helpful if we could keep the security level to the highest one and at the same time we could just allow protocol like ssh, icmp etc.