Our Community Forums will be closing on June 27, 2024. Please visit att.com/support for all your support needs.
Get superfast AT&T Fiber internet
R

New Member

 • 

10 Messages

Tuesday, August 10th, 2021 11:34 PM

BGW-320 devices with static IPs

Hello,

So due to issues I'm having with port forwarding to my Plex Media Server when using IP Passthrough I've decided to try assigning the container running PMS an AT&T provided static IP.  Here is my configuration:

<<INTERNET>> ------ <<BGW-320>>  ------ <<OPNsense firewall>>----<<cisco managed switch>>----<<LAN DEVICES>>

with the IP Passthrough OPNSense gets the first routable public IP of my /29 (that normally would be attached to the BGW-320).  My question is if I wanted my Synology (which runs my docker containers) to have the next static IP I was planning on assigned the IP to one of the spare network adapters on the unit and connecting that to my cisco switch (setting this up so that the traffic goes through the OPNsense.  But I'm thinking that I may need to connect this directly to the 320?  

Can I just connect this to the switch and in the Synology just configure the gateway to be my AT&T gateway IP instead of the OPNsense box (which is what everything on my LAN uses)? 

My concern with a direct run to the 320 is that this port would then not have any firewall protection on it.  If I do add a second static IP device can I still run the 320 in IP passthrough or need to make any changes to it?

Accepted Solution

Official Solution

ACE - Expert

 • 

35.9K Messages

3 years ago

IF you're trying to pass your DYNAMIC Public IP address through, then IP Passthrough is the right thing to do.  But once you start mixing in the Public Static block into the picture, you usually want to turn it off, because it changes the LAN IP of the "cascaded" router to the Dynamic Public IP and that complicates your efforts (really prevents) you from setting it up with a Static Public IP.

You should have been able to get rid of Double NAT without Public Static; not sure why you didn't. I have a BGW Gateway, with a router behind it, and a Plex server on that and it all works fine without double-NAT.  But that's neither here nor there now; you want to get a Public Static working.

So, set up the Public Static block in the Gateway (Public Subnet section of Home Network > Subnets & DHCP).  Do not play in the Cascaded Router section.  Turn off IP Passthrough.  Manually configure your router to have a WAN address of whichever of the 5 usable Public IP addresses you've chosen, with a subnet mask of 255.255.255.248 and a default gateway of the router address for your subnet (the 6th one in the block); the Gateway will be listening on this address as a result of the Public Subnet setup.

ACE - Expert

 • 

35.9K Messages

3 years ago

with the IP Passthrough OPNSense gets the first routable public IP

IP Passthrough shouldn't be doing that.

So due to issues I'm having with port forwarding to my Plex Media Server when using IP Passthrough

What issues did you have that led you to the $15/month sledgehammer of the public static block?

Once you start throwing containers into this mix, I'm not sure how to guide you.  My recommendation on public statics is to manually assign them on the device's interface.  

You could turn off IP Passthrough and just give the OP Sense a public address and do NAT/Port Forwarding behind it (if for some reason that would be better than IP Passthrough... maybe if I understood why you're going the public static route I'd understand).

New Member

 • 

10 Messages

3 years ago

I was under the impression that if you did not want to use the 320 as your router you needed to be in bridge mode or ip passthrough (I do not use the 320's routing or wifi features)  The 320 doesn't seem to have a transparent bridge mode so I went with ip passthrough.  I though what that did was take the 320 WAN IP address and "give it" to the selected LAN device (by MAC address) in this case the opensense fw/router (which is my gateway device on my network).

Before I purchased the dedicated IP's I was getting a double NAT not matter what I tried (opensense, PA-220 or Unifi USG).  Then static IP's are cheap and I don't have to worry about my DDNS not getting updated for some reason.  

All I really want to do is keep using my opnsense fw and assign one of my 4 remaining static IP's to my plex server (it can be virtual or bare metal as I can use a dedicated box).  But it seems like I would have to bypass my opnsense router and connect the plex server directly to the 320.

(edited)

New Member

 • 

10 Messages

3 years ago

@JefferMC

Thank you!  I'm going to give that a try and report back.

New Member

 • 

10 Messages

3 years ago

Ok not sure what is going on but once I turned off passthrough I have internet if I'm connected directly to the 320 but nothing from opnsense (and I tried my Orbi as the router).    I tried it with allow inbound traffic off (was the default) and on.  Here are my settings in the 320:  

I setup the WAN interface on opnsense like this:

New Member

 • 

10 Messages

3 years ago

switched back to passthrough and internet is back up and running.  Going to have to take my time with this and see (Edited per community guidelines) is going on.

(edited)

New Member

 • 

10 Messages

3 years ago

Tried this one more time and it's working.  IP Passthrough is turned off (allocation mode = off), no public subnet and my opnsense is just using one of the static block.  Thank you!  Now to figure out why remote access into my Plex isn't working.

ACE - Expert

 • 

35.9K Messages

3 years ago

Don't forget to set up Port Forwarding in your router, since right now you're using a private IP behind it for the Plex (right)?

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.