08-19-2013 04:03:44 AM
same subnet? Based on that I got 5 static IP's is it possible to use one
more with a second router the same way?
08-19-2013 11:15:46 AM
1. What is your goal for your network that is not solved in the standard U-Verse setup?
2. Do you have static IPs?
3. What (private) subnet is assigned to the LAN of the 2Wire and what is the 2Wire's LAN IP address?
4. What (private) subnet is assigned to the LAN side of your Linksys and what is the Linksys's LAN IP address?
5. What steps/procedures in this thread have you already done? (Post 2? Post 13?)
08-19-2013 12:53:44 PM
Whether they should be on different subnets depends on how you have things
hooked up and what you're trying to do, which I have not been able to
deduce from your posts because you're not giving much information. Please
answer the following questions:
1. What is your goal for your network that is not solved in the standard
I have a windows 2012 domain and all of my servers are using static IP's. I
am running an Exchange 2013 server that I want to open ports 25 and 443 on.
That is best run with a static IP
2. Do you have static IPs?
Yes on Exchange 2013 and my 2 Server 2012 DC's
3. What (private) subnet is assigned to the LAN of the 2Wire and what is
the 2Wire's LAN IP address?
The private subnet assigned to the 2wire is 172.16.15.x,
4. What (private) subnet is assigned to the LAN side of your Linksys and
what is the Linksys's LAN IP address?
172.16.16.x router is 172.16.16.254
5. What steps/procedures in this thread have you already done? (Post 2?
I am using post 2. I rebooted the router after last nights post and it
assigned via DHCP with the IP assigned it. I am running 2 VMware servers. I
have 2 domain controllers, one of which is running server 2012 Essentials
and I would like to open port 443 on that if I could.
On the Exchange 2013 I added a 2nd NIC with the IP 172.16.16.12 same as the
first NIC which is 172.16.15.12 which allows Exchange to semi function. 443
is open but not 25. I am in the LInksys router using port forwarding for
172.16.16.12 (the Exchange server) for port 25 and 443.
I used to have Comcast prior to moving and had a static IP with the Linksys
router and was able to forward those ports and had Exchange fully
functional. i was using log me in to get to everything externally but it
was a trial. I moved here from Utah in June but didn't get things up and
running till later July and got busy and am just now getting to this, been
using Go Daddy for email.
If I can assign say 172.16.16.253 to the Linksys and use that for my
Exchange server that is easy I may have spent too much time reading too
I purchased 5 public IP's from AT&T. Is it possible to use a second router
with a 2nd IP using post 2. Just curious at this point.
That is what I am trying to do, I hope it makes sense.
Thank You for all of your help. I should get in to routing at this point in
08-19-2013 02:59:35 PM
1. You will have to have all of your servers and systems on private IP addresses (172.16.16.x) behind your Linksys router, and use NAT/PAT on the Linksys to accept inbound connections on various ports (25 and 443) to allow your servers to function.
2. Eliminate the Linksys and use the Internet-routable static IP addresses directly on your servers, and connect your servers directly to the 2Wire.
I recommend choice 1.
To do that, make sure of the following:
1. Make sure your 2Wire is set up for your static IP addresses. They usually give you a block of 8. The first and last are not usable. The second-to-last should be assigned to the 2Wire. This is configured in the 2Wire router under Settings -> Broadband -> Link Configuration. Check the "Add Additional Network", put the 2nd-to-last address of your static IP block into the Router Address field, and put 255.255.255.248 into the Subnet Mask block, then click Save.
2. The Linksys WAN IP address needs to be one of your static IP addresses (one of the remaining 5 in the block). You can assign this statically on the Linksys (recommended), or you can leave the Linksys to use DHCP on the WAN interface, and control the handout from the 2Wire to be one of the IP addresses in the static block. Configure this on the 2Wire via Settings -> LAN -> IP Address Allocation. Find the Linksys in the list, and choose Firewall: Disabled, Address Assignment: Public (Select WAN IP Mapping), WAN IP Mapping: Public Fixed: x.x.x.x.
3. Open ports 25 and 443 for inbound connections on your Linksys, to be sent to the Exchange server's private IP address of 172.16.16.x.
4. Call AT&T and pay their $25 charge to open outbound port 25 for you. This port is blocked in the outbound direction by default for spam control. For your mail server to be able to send mail, this block needs to be removed, and AT&T forces you to pay for it.
5. Change any DNS records (A, MX) for your domain that your mail server will receive mail on to point to the static IP address you assigned to the Linksys in step 2. Mail should begin flowing in.
08-19-2013 06:08:44 PM
the 2wire. I am guessing it is the easiest to create a short range for DHCP?
08-19-2013 07:34:28 PM
08-20-2013 04:23:44 AM
it just a hit or miss with the main number?
08-20-2013 02:03:59 PM
08-27-2013 05:06:39 PM
This also seems to work for AT&T's latest abomination, the Pace 5031NV. Our router is a Sonicwall TZ200W, but Joe's instructions were so good that I got connected on the first try. I've thanked him before, but this time: WHATEVER THEY'RE PAYING JOE IS NOT ENOUGH!!!
Thanks again, Joe,
08-28-2013 07:25:54 PM
... WHATEVER THEY'RE PAYING JOE IS NOT ENOUGH!!!
Ain't that the truth. But they don't pay him. Except in mythical steak knives.
08-31-2013 03:36:42 PM
Thanks for all the help provided in this post. It got me much further than I was able to on my own.
Moved from Boston (Verizon Fios) to San Antonio (AT&T UVerse)
Upgraded my router to EA6500 Smart Wi-Fi router so I could use their little wireless->lan devices to get internet to rooms without wireless and not run wires throughout the entire new house we bought.
Followed your instructions on the 2nd post and everything works. It all worked initially just fine by running the linksys wizard as well.
Ok long story short, I can't get my actual ip address forwarded with either setup so far. Everything is working, internet/lan, etc. No matter how I forward the port 80 though I can't connect to my web server using my actual ip address (from phone on 3G as a real test). I can access it typing in the local ip (I used range 192.168.100.1-so it was 192.168.100.52). That connects fine.
I forwarded that to port 80 on the linksys to that ip in order to access it from outside my netowrk, but no luck. My setup is currently setup still using your instructions on the 2nd post down. What could I be doing wrong? Thanks again for the help.
08-31-2013 05:16:47 PM
Also check the Linksys status page to make sure the WAN IP address is the public IP address (make sure it hasn't picked up a 192.168 address from the RG instead).
Lastly, check your web server, make sure it is configured to answer requests to any IP address, not just the local LAN. If your web server has a firewall on it, you will also have to configure that for port 80 inbound requests.
08-31-2013 07:03:52 PM
I followed a tutorial to forward port 80 to the correct IP (for my specific router since it is new to me EA6500)
The linksys page does indeed have my internet IP as my "whatismyip" address lol
I will test the web server coming directly from the AT&T modem I think next. The windows firewall is off for the webserver so don't think thats it. Maybe there is a webserver setting that I need to change for my new internet provider that I am forgetting? It worked before w/my old ISP and different router, so its kinda confusing me lol. Thanks for the help, anything else you can think of to try I will give it my best shot.
08-31-2013 07:11:17 PM - edited 09-01-2013 05:16:57 AM
Added note from some tests. I did a port forwarding check tester from a google search. It says my port 80 is open already. I even disabled it from the linksys and it still says its open lol. Then just for the heck of it checked another random port and it was closed. Went over to the linksys and opened it and nothing, website still says its closed. Seems like I still have something screwed up w/the routers.
And one more test with even more confusing results.
So if I open and close 3389 (remote desktop) it shows on this port forwarding tester that it is open/closed when it is supposed to.
Now if I open a port for Minecraft 25565 it says closed no matter what.
Lastly port 80 shows as open even when not forwarded, yet I can't connect to me real IP address from even another computer on my network. The other compters on the network can connect to it with it's local ip address though... My brain is about to explode lol...
Ok so I unplugged the linksys, plugged directly in to the UVerse router. Forwarded the port 80 & it worked first try. I can connect to my IP and domain name now from my phone on 3G. Going to reset the linksys and try again using your tutorial and see if that helps. At least I know my server is setup correctly now and that it is indeed a router configuration error. Really need that linksys to be the main router though for parental controls and my wireless to lan boxes setup...
09-01-2013 08:06:05 AM
After my spam of replies I have fixed my problem. I had to set the router to static and type in the gateway, dns servers, etc that is listed on the uverse box. Port forwarding works fine now on the linksys. Yay!
09-01-2013 05:53:57 PM
09-01-2013 06:10:31 PM
09-23-2013 08:27:55 PM
i recently moved from the country where the only available static IP was a very expensive T1 line. Now in the city I had two choices, AT&T or Time Warner. After much discussion with AT&T representatives that uVerse would provide me with the same capability to manage my block of 32 static IP addresses, I pulled the plug and moved my equipment to the new location, expecting at one or two day outage. That was a week ago. WIth the end on the month approaching and no access to my accounting system (LegerSMB), I am running out of time. i have poured through the forums looking for a solution, but it has eluded me. Here is my setup.
I run my own, DNS (named), DHCP, sendmail MTA, bacula, ejabberd, Mailman servers, CalDav, and apache servers from behind my fire wall. Some of the servers are physical, some are KVM hosted, some are apache virtual web hosts. The only connection to the 3801 is my linux based (centos) firewall that manages the connection to the internet. It has all of the active static IP addresses set up as eth0, eth0:1, eth0:2, etc. The 3801 recognizes the eth0 static IP address 22.214.171.124, passing traffic both directions. 126.96.36.199:80 is correctly NAT'ed to the apache server behing the fire wall, for example. Everything from inside the firewall is working correctly with data passng to and from the internet. We can send mail internally or externally and can receive mail, from inside the firwall, for example. I am willing to change the configuration anywhere in my system, provided it does not change the presentation to the end users either on the local net or the internet.
Here is the question. Can this be made to work and how, or should I move to Time Warner Cable? I am concerned that I'd be moving from the frying pan to the fire. I asusmed an internet company would be better prepaerd than a cable company. :-)
Any Help, much appreciated.
09-24-2013 06:23:12 AM
09-24-2013 09:53:00 AM
Sorry, too much superfluous information, I suspect. My problem is, except for 188.8.131.52, the internet cannot see any of my static ip addresses, including my dns servers on 184.108.40.206 and 125. So no DNS lookup is occurring. Even if that worked and pointed to my web server on 98, for example, the 3801 does not pass the 98 traffic to my firewall. So you can go to the web server on 97 (but not by name) but cannot get to any of the other servers or services on 98 through 125 by ip or name.
I am hoping there is a change I can make in my firewall as a workaround or a change to the 3801.
09-24-2013 02:25:50 PM - edited 09-24-2013 02:29:34 PM
What you're running into is a limitation of the 2Wire gateway in that it is hard coded to expect a 1-to-1 relationship between IP addresses and MAC addresses. Each static IP address you're using must appear to the 2Wire gateway to be coming from a different MAC address. I suspect that your Linux router is answering the 2Wire with the same MAC address for all IP addresses, which will not work.
If your Linux router can assign different MAC addresses to eth0:1, eth0:2, etc. then that should solve the problem.
If not, there is another potential workaround if your 2Wire gateway is running the very latest firmware (220.127.116.11). Can you log into the 2Wire and check to see what firmware version it's running?
09-24-2013 02:40:24 PM
The FW level is 18.104.22.168-enh.tm. The eth1:X is more like an iP alias. All of the :X's share the eth1 mac address. More over putting MACADDR= or HWADDR in the X's is ignored and the eth1 mac address is inserted.
09-24-2013 03:36:22 PM - edited 09-24-2013 03:37:57 PM
OK, I have not tested this because it is so new. But you are a good candidate for the cascaded router option in the new firmware. Follow these steps:
- Remove all of the eth0:X addresses from your Linux router.
- eth0 will be the "outside" interface of your Linux router. You will assign it a private IP address within the same private subnet that the 2Wire 3801 uses. By default, the 2Wire uses 192.168.1.0/24, with the 2Wire itself at 192.168.1.254. Give your Linux router a private address in this range, but outside the DHCP range that the 2Wire is issuing. By default, the 2Wire issues 192.168.1.64 through 192.168.1.253. Pick an address below .64, for example 192.168.1.20.
- eth0 will be 192.168.1.20, subnet mask 255.255.255.0, gateway 192.168.1.254.
- eth1 will be the "inside" interface of your Linux router, you will assign it an address from your static range. For example, use 22.214.171.124. You can then assign 126.96.36.199 through 188.8.131.52 to your servers and devices.
- On the 2Wire router, go to Settings -> Broadband -> Link Configuration. Uncheck the "Add Additional Network" checkbox and click the Save button. This removes the static IP addresses from the 2Wire's LAN network.
- Verify you can now reach the Internet from the Linux box.
- Now on the 2Wire router, again go to Settings -> Broadband -> Link Configuration. Check the "Add Cascaded Router" checkbox, and use 184.108.40.206 for the network address, 255.255.255.224 for the subnet mask, and then choose your Linux router's outside IP address (192.168.1.20) for the "router that will host the secondary subnet", and click Save.
- Configure your servers and other devices with the remainder of the static IP addresses. Example: 220.127.116.11 for the IP address, 255.255.255.224 for the subnet mask, 18.104.22.168 for the default gateway. All of these servers should be connected to the network segment that is connected to eth1 on the Linux router.
Those servers should now be able to reach the internet, and you can configure the firewall on the Linux router as you want. Some other notes:
- Even though the Linux router's outside IP address is a private IP, there is no NAT/masquerade going on here. Packets are routed over the private 192.168.1.x network, but no address from your static block is ever translated.
- Yes, I know that having a private IP on the "outside" and a public IP on the "inside" looks backwards, but this is correct routing for this setup.
- No need to configure the firewall on the 2Wire, since it is now acting as a pure router for your static IPs.
- Some protocols may still not work due to upstream AT&T interference. IP protocol 41 (IPv6 in IPv4) is currently blocked by this version of the 2Wire firmware.
- I have not tested this configuration at all (I intend to as soon as I get back from a business trip), so no guarantees.
09-24-2013 03:51:40 PM
Thanks, SomeJoe7777. I too am on a business trip. Since this requres taking the interface down with the potential of it not coming back up, I'll try it when I get home. After you described the problem for me, I was able to find a potential way to get my firewall to present a different mac address for each ip by using the bridge function and taps. If I get that to work, I'll post the solution.
10-05-2013 10:06:26 PM
I'm not sure if this is still an active post, but i'm trying to figure out a couple things in your config or really just wanted to double check.. what does the address 192.168.160.20 belong to? My first thought was an attach switch from your router connect to int fa0/0 on the switch.
I'm trying to figure out how to get my 2600 cisco router to play nice with my AT&T router. I have followed the instructions that you have provided, well the best that i can anyways..
my setup is like this:
Port 2 on the AT&T router is connect to the Cisco 2600 router on port fa0/1
Cisco 2600 port fa0/0 is connect to 2950 layer 2 switch on port 23
Host machine is connected to port 1 on the 2950 switch
this setup allows me to ping the outside world like google, yahoo etc from the my host machine but does not allow me to use an internet browser to browse to the site. it just keeps loading with no results. I believe this has something todo with my acl or routing. I was wondering if you or anyone could please take a look at my configs and suggest anything that might help..
is setup as a bridge per your instructions (DMZplus mode)
Current configuration : 1047 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
enable password password
no aaa new-model
ip name-server 22.214.171.124
ip name-server 126.96.36.199
ip dhcp pool TEST_CLIENTS
network 192.168.2.0 255.255.255.0
dns-server 188.8.131.52 184.108.40.206
description Internal LAN
ip address 192.168.2.254 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
arp timeout 600
ip address dhcp (this recieves the public IP address)
no ip redirects
no ip proxy-arp
ip nat outside
no cdp enable
ip nat inside source list 101 interface FastEthernet0/1 overload
no ip http server
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
line con 0
line aux 0
line vty 0 4
SWITCH 2950 CONFIGS
ip name-server 220.127.116.11
ip name-server 18.104.22.168
ip ssh time-out 120
ip ssh authentication-retries 3
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
ip address 192.168.2.2 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.254
ip http server
10-06-2013 08:57:42 AM
show ip int f0/1
show ip route
10-07-2013 06:48:43 PM
Thanks you for the responce, below is the information that you requested.
Gateway of last resort is 22.214.171.124 to network 0.0.0.0
126.96.36.199/22 is subnetted, 1 subnets
C 188.8.131.52 is directly connected, FastEthernet0/1
192.168.1.0/32 is subnetted, 1 subnets
S 192.168.1.254 [254/0] via 184.108.40.206, FastEthernet0/1
C 192.168.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [254/0] via 220.127.116.11
FastEthernet0/1 is up, line protocol is up
Internet address is 99.109.100.xxx/22 (my public IP address I X'ed the last octet hope thats ok, but it is my public IP address)
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
And sorry about the late responce
10-08-2013 05:44:35 PM
Do the following:
show dhcp lease
In that output, there should be a default gateway listed. Using that IP insert the following two lines:
ip route 0.0.0.0 0.0.0.0 <gateway IP address>
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
See if this makes a difference.
10-09-2013 01:44:12 AM
After 3 weeks of effort, with support from 3 levels of AT&T tech support as well as this forum, I have concluded that the AT&T router is incapable of supporting my environment. I installed Time Warner Cable Business Internet last Friday and had my environment running in less than 3 hours. (The only reason it took 3 hours, was that TWC had messed up a routing table which caused the routing to go into an infinite loop resulting in a timeout. Bottom lline, the TWC router worked just like the T1 router, passing everything down the pipe.
I want to thank SomeJoe for his effort in trying to get this to work. Another week of work may have yielded sucess, but I ran out of time.