Cablemodem (SBG6580) firewall denying some outbound traffic? Why? Not configured












0















I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...



2014-05-30 21:59:02     Local0.Alert    192.168.111.1   May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack


...and that's great. (Sad, but great.)



But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:



2014-05-30 16:30:10 Local0.Alert    192.168.111.1   May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request


...and




  1. Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),

  2. I have no restrictions configured in the modem; I don't see why it should be blocking anything.


Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)



I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)



Thanks.










share|improve this question













migrated from serverfault.com May 31 '14 at 19:24


This question came from our site for system and network administrators.























    0















    I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...



    2014-05-30 21:59:02     Local0.Alert    192.168.111.1   May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
    2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
    2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
    2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
    2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
    2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack


    ...and that's great. (Sad, but great.)



    But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:



    2014-05-30 16:30:10 Local0.Alert    192.168.111.1   May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 
    2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
    2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
    2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
    2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
    2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request


    ...and




    1. Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),

    2. I have no restrictions configured in the modem; I don't see why it should be blocking anything.


    Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)



    I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)



    Thanks.










    share|improve this question













    migrated from serverfault.com May 31 '14 at 19:24


    This question came from our site for system and network administrators.





















      0












      0








      0








      I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...



      2014-05-30 21:59:02     Local0.Alert    192.168.111.1   May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack


      ...and that's great. (Sad, but great.)



      But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:



      2014-05-30 16:30:10 Local0.Alert    192.168.111.1   May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request


      ...and




      1. Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),

      2. I have no restrictions configured in the modem; I don't see why it should be blocking anything.


      Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)



      I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)



      Thanks.










      share|improve this question














      I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked...



      2014-05-30 21:59:02     Local0.Alert    192.168.111.1   May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack
      2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack


      ...and that's great. (Sad, but great.)



      But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity:



      2014-05-30 16:30:10 Local0.Alert    192.168.111.1   May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request
      2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request


      ...and




      1. Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.),

      2. I have no restrictions configured in the modem; I don't see why it should be blocking anything.


      Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.)



      I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.)



      Thanks.







      networking firewall router syslog






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 31 '14 at 19:20









      lairdblairdb

      111




      111




      migrated from serverfault.com May 31 '14 at 19:24


      This question came from our site for system and network administrators.









      migrated from serverfault.com May 31 '14 at 19:24


      This question came from our site for system and network administrators.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          I googled about motorola modem firewall.. Try to configure or disable the firewall.



          If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)



          Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)



          There is a user guide for your device here



          http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf



          Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)



          http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941



          If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.



          Further, this post



          http://community.callofduty.com/thread/100463756

          "Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."



          You could experiment with checking one and not the other.



          It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.



          http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm



          enter image description here






          share|improve this answer


























          • It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

            – lairdb
            May 31 '14 at 21:46











          • @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

            – barlop
            May 31 '14 at 23:47













          • @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

            – barlop
            May 31 '14 at 23:50













          • I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

            – lairdb
            Jun 3 '14 at 0:37











          • There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

            – lairdb
            Jun 3 '14 at 0:41














          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762109%2fcablemodem-sbg6580-firewall-denying-some-outbound-traffic-why-not-configured%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          I googled about motorola modem firewall.. Try to configure or disable the firewall.



          If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)



          Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)



          There is a user guide for your device here



          http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf



          Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)



          http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941



          If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.



          Further, this post



          http://community.callofduty.com/thread/100463756

          "Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."



          You could experiment with checking one and not the other.



          It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.



          http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm



          enter image description here






          share|improve this answer


























          • It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

            – lairdb
            May 31 '14 at 21:46











          • @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

            – barlop
            May 31 '14 at 23:47













          • @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

            – barlop
            May 31 '14 at 23:50













          • I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

            – lairdb
            Jun 3 '14 at 0:37











          • There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

            – lairdb
            Jun 3 '14 at 0:41


















          0














          I googled about motorola modem firewall.. Try to configure or disable the firewall.



          If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)



          Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)



          There is a user guide for your device here



          http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf



          Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)



          http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941



          If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.



          Further, this post



          http://community.callofduty.com/thread/100463756

          "Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."



          You could experiment with checking one and not the other.



          It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.



          http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm



          enter image description here






          share|improve this answer


























          • It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

            – lairdb
            May 31 '14 at 21:46











          • @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

            – barlop
            May 31 '14 at 23:47













          • @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

            – barlop
            May 31 '14 at 23:50













          • I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

            – lairdb
            Jun 3 '14 at 0:37











          • There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

            – lairdb
            Jun 3 '14 at 0:41
















          0












          0








          0







          I googled about motorola modem firewall.. Try to configure or disable the firewall.



          If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)



          Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)



          There is a user guide for your device here



          http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf



          Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)



          http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941



          If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.



          Further, this post



          http://community.callofduty.com/thread/100463756

          "Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."



          You could experiment with checking one and not the other.



          It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.



          http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm



          enter image description here






          share|improve this answer















          I googled about motorola modem firewall.. Try to configure or disable the firewall.



          If it does NAPT then should still have NAPT there as a protection. If not then if you have another NAPT device you'll have NAPT as protection! (with your OS software firewall and if you have another hardware firewall then you'll have that)



          Those inbound attacks would be blocked at that device, by NAPT anyway even without a firewall. (where there's no port forwarding on the ports they attack)



          There is a user guide for your device here



          http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf



          Perhaps also see if you can telnet or ssh to it and use iptables and configure it that way. one person here mentions iptables and a similar model number device (apparently comcast is apparently ISP that bought motorola modems and use them and this link mentions iptables in the context of an SB6141, though it's not clear from that whether it does use it)



          http://forums.comcast.com/t5/Basic-Internet-Connectivity-And/Motorola-SB6141-Not-Receiving-New-Configuration-Boot-File/td-p/1818941



          If it does use iptables then run the command iptables -L and see if you see any rules there that might be a culprit.



          Further, this post



          http://community.callofduty.com/thread/100463756

          "Under the firewall settings, by default the only thing checked was IP flood detection and firewall protection. I unchecked both."



          You could experiment with checking one and not the other.



          It is accessed by local ip of 192.168.0.1 and does DHCP, and even has a firewall, so i'm confidently assuming that if you do ipconfig it'll show you gateway of 192.168.0.1 or whatever the local ip is, so clearly does NAT. So disabling the firewall should be ok. That link above concurs.



          http://portforward.com/english/routers/firewalling/Motorola/SBG6580/defaultguide.htm



          enter image description here







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 31 '14 at 23:49

























          answered May 31 '14 at 19:35









          barlopbarlop

          15.7k2590150




          15.7k2590150













          • It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

            – lairdb
            May 31 '14 at 21:46











          • @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

            – barlop
            May 31 '14 at 23:47













          • @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

            – barlop
            May 31 '14 at 23:50













          • I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

            – lairdb
            Jun 3 '14 at 0:37











          • There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

            – lairdb
            Jun 3 '14 at 0:41





















          • It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

            – lairdb
            May 31 '14 at 21:46











          • @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

            – barlop
            May 31 '14 at 23:47













          • @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

            – barlop
            May 31 '14 at 23:50













          • I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

            – lairdb
            Jun 3 '14 at 0:37











          • There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

            – lairdb
            Jun 3 '14 at 0:41



















          It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

          – lairdb
          May 31 '14 at 21:46





          It's in a NAT/PAT role, and I actually have a second NAT/PAT router between it and most of the infrastructure -- but I'd really like to understand why it's denying inside-to-outside traffic. (Manual is, unfortunately, very consumer-grade; doesn't even discuss the firewall configuration, syslog, etc.)

          – lairdb
          May 31 '14 at 21:46













          @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

          – barlop
          May 31 '14 at 23:47







          @lairdb a post at the callofduty link mentioned a firewall settings section and an "IP flood detection" and "firewall protection" option, I guess you don't see those. Unfortunately, the closest I see in the manual is parental block. Have you tried seeing if you can telnet or ssh to it? what ports it has open(scan with nmap)

          – barlop
          May 31 '14 at 23:47















          @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

          – barlop
          May 31 '14 at 23:50







          @lairdb let the people know if you can SSH or telnet to it, it' be interesting, you could perhaps then see the output of iptables -L. And also i've added a pic from portforward.com relating to the firewall on that model. Look at the top of the window it says status, basic, advanced, FIREWALL , parental control, wireless, vpn, logout. See Firewall there? On your device? That is for that model.

          – barlop
          May 31 '14 at 23:50















          I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

          – lairdb
          Jun 3 '14 at 0:37





          I nmapped it, and 22 and 23 come back as filtered -- there may be some incantation to get to them, but not directly.

          – lairdb
          Jun 3 '14 at 0:37













          There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

          – lairdb
          Jun 3 '14 at 0:41







          There do seem to be quite a few versions of the firmware -- my header menu is a little simpler: !header. I have turned off the "firewall" (since this is the outer of two routers) and the syslog "DENY" messages have stopped. !off (Hmm -- no embedded images in comments? Sorry; click through.)

          – lairdb
          Jun 3 '14 at 0:41




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762109%2fcablemodem-sbg6580-firewall-denying-some-outbound-traffic-why-not-configured%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

          Alcedinidae

          Origin of the phrase “under your belt”?