NOTE: A lot of people have gotten to this post by searching for the SMC8014′s default login information; the username and password are cusadmin and highspeed respectively.
Holy shit, fuck Comcast’s customer service. In a study done, they were rated lower than the IRS’s service, and now I can see why. The reps are (mostly) nice people, and are generally pretty good about providing you with at least semi-correct answers in a somewhat timely manner, but the overall service is just appalling – take a look at “Service’s Sorry State” to see what I mean. How, you ask? Well, let me tell you.
Let’s see, three Saturdays ago (May 31 as it were) I stopped receiving E-mail, for some reason. I wasn’t really sure why, at first I just talked it up to a slow Saturday evening, but then I realized I wasn’t even getting any spam. And, while my spam filters are good, they’re not perfect. Then, pretty soon, I realized I was only getting my Logwatch, crontab, and other locally-supplied E-mails (such as notifications of pingbacks on this blog).
So, come Tuesday or so, I realized there was in fact a major issue. I called up Comcast, and they told me they had blocked port 25, incoming and outgoing – which I had surmised on my own using some fancy (or, rather, very basic)
nmap work. The first (and, of course, most obvious) proposal was that there is spam being sent out of my network by some spyware/adware. This is, of course, impossible, due to my lack of Microshaft and even Apple products, but they told me I could switch my outgoing port to 587 on the relay and the system would pick up on my lack of attempts to send out spam within a couple days and unblock me. I was fine with this, I figured a couple days wasn’t bad, and I could still send an E-mail to all my customers, telling them I couldn’t receive and to call me with any issues they had.
Well, a couple days went by. And it wasn’t fixing itself. So I called them up again and got a much more helpful tech – he said that I was receiving too high a volume of E-mail for residential service, so port 25 was blocked. I naturally requested a manual unblock, which they said was impossible. Long story short here, they roped me into upgrading to business class – actually a pretty good deal, $12 more per month for 24/7 priority tech support, free house calls, no blocks, and doubled upstream bandwidth. Yes, doubled upstream.
So they told me I’d have to upgrade to a business-class modem, which had a built-in router. I was alright with this, I figured I’d just put it in front of my normal WRT54G (v8, yay dd-wrt) and either do a global TCP/UDP port forward or just throw it in the DMZ. Seems simple, right? Well, let’s see, first they came out and didn’t knock loud enough, then (when I called back a few days later) claimed to have left a message on the landline telling me to reschedule. They did not, however, leave that message – apparently I was just supposed to pull this information out of the ether using my necromantic divining powers.
Anyway, I rescheduled, and figured all was well. They set me up with an emergency appointment and whatnot the next morning, since I hadn’t gotten E-mail in about two and a half weeks. Nobody shows up. They had specific instructions to call my cell phone number when in the area, but I didn’t get a call, nobody showed up, nothing. So I call them up again that afternoon, even more pissed off than before, and as it turns out they never assigned the job to a field agent. Hey, that’s cool, how about you give me one now asshole. They were real swamped and “couldn’t get anyone out till the next morning”, so he gave me an appointment for 0700-0900.
Well, he (a little old Asian dude who’s been here before – very cool guy) finally shows up at like 1530. I don’t need him to install it, of course, just to drop it off and call in to activate it. All goes well, the guy drops off an SMC8014, and I get it up and running one I make a call to activate it (had to do it myself, no big deal), so I decide to do a little poking and prodding to find out the default admin username/password (cusadmin/highspeed in case you’re looking for it) so I can do the port forwarding/DMZ deal.
Well, I find it, and try to take care of it, but it won’t do the forwarding properly. Or the DMZ. And for some reason, my internal router (the WRT54G) won’t show up in the “list of connected computers”. WTF, right? Well, I find out that the box you want to forward to has to have a static IP – and that for it to show up in the list, I’d have to set the thing to stop ignoring ICMP – forgot I’d had it set to, and it makes sense, so I did both of those. The SMC8014 defaults to a class C 10.1.10.0/255.255.255.0 network (lolwut? 10.* is supposed to be class A personal address space), with a DHCP range of .10-.199. So, I gave the router .200, figuring that would be fine, the extra space was reserved for static IPs or VPNs or something.
It didn’t work. I tried going below the DHCP range, expanding the DHCP range (which returned an error saying I was overlapping the VPN range, which was completely hidden, more on this later), and going at the top and bottom (inclusive) of the DHCP range. None of it worked. No matter what I did, this damn thing just wouldn’t do double NAT forwarding – and the DMZ was just completely nonfunctional. So I called up the 24/7 number. Again. And after running some tests, he figures the SMC8014 is probably malfunctioning. So they arrange to send out another one. Set me up with an appointment and everything.
Mind you, now my server is completely down. Websites aren’t available. DNS isn’t available. FTP isn’t even available. And, in addition, during this process they log into my new router. Yes, they have a higher-level administrative password for it. No, you don’t have complete control over the router running in your own home or office. And no, you can’t find the superuser login. Period. If you can find it, I commend you. This secret is better-guarded than the fucking holy grail, I swear.
Well, once again, no call, no show. So I call in…again. And set up an appointment…again. The guy comes and swaps it out, tells me the new one is a tech support one – another SMC8014, but they use it for diagnosis, so it should work fine, and it’s already activated. I get an IP address, and all goes well, so I try the port forwarding again. No luck. So now I figure I’ll just try putting the server behind the SMC rather than both routers. I didn’t want to do this – I wanted guests’ boxen to connect to the SMC and have myself still protected by the Linksys in case of spyware/etc. But I figured I had no choice now.
It still doesn’t forward. Port forwarding, DMZ, static routing, you name it – none of it works. So now I call them up and tell them I want a standalone modem. I don’t give a rat’s ass if it doesn’t protect me. I’m a fucking technician, I have other firewalls and security in place. So they arrange to come out today. This morning, in fact, another 0700-0900 dropoff. Well, they show up, and they tried to call the landline again. Even though I can clearly see on the receipt they left on the door, it said to call my cell phone, and included the number. So I call up again and tell them I want a fucking dropoff. Today. This is ridiculous.
They give me a 1300-1700 dropoff. The techs arrived around 1630, within the bounds, and recommended that I not do a self-install because the time I’ll spend on the phone activating it could potentially be quite horrendous. They said having them stay and activate it wouldn’t be any charge to me, so I was fine with it. Ironic, though, that they suggested activating it themselves – and you’ll see why in a minute.
They come upstairs, I give them the standard “watch your head, it’s a midget house, hey watch your head again” spiel, and as soon as they walk in my bedroom they’re moderately awed – one of them said “hey, this is my kind of room”, and the other said “hey, this looks like my room”. I lulz’d. So I hooked up the new modem, which supports both the phone service and the 16Mbps service, so my Comcast-supplied hardware won’t have to change any time in the foreseeable future. And then they call in to activate it.
For 45 minutes we sat there and shot the shit about hardware, games, you name it – again, very cool techs – while the one guy was on hold. It was, in fact, horrendous. Finally, he had the other guy call in through the front end (the same number I’d call) and 10 minutes later it was registered to my account and all I had to do was call in to do some MAC authentication so they could leave. I can’t blame them for wanting to leave, Christ, a simple dropoff turned into an hour-long ordeal.
So I called in and activated it, all went smoothly, and now I’m finally back up and running. Finally. Twenty-four fucking days without E-mail. About a week without any server capabilities at all. And that, my friends, is why I say, fuck Comcast’s customer service.