Get superfast AT&T Fiber internet
J1veman's profile

9 Messages

Tuesday, February 27th, 2024 5:56 AM

BGW320 DHCP Disable with external firewall

Posting this a second time since my first post got deleted without explanation and banned my account for (I'm GUESSING posting a link to a bridge creation help article) using the tools provided in this wysiwyg editor. I can't even get to the post anymore to see how I worded that which is pretty annoying. If the forum doesn't allow external links why not just state that on the new post form and remove the LINK button?

Environment: BGW320-500 with IP Passthrough and DHCP disabled.

My goal is to use the BGW320's wifi to host my devices but have another firewall filter the traffic. I've enabled the guest wifi for devices that strictly need internet access only. However there is something inherently dangerous about leaving devices unchecked access to the internet. I've been searching for solutions, but keep running into dead-ends as the BGW doesn't have a real firewall capable of filtering 100k CIDRs. It doesn't provide SSH access, nor ability to add static routes or even set your own DNS servers in DHCP. Yes, I have my own router behind the BGW320, but I'm trying to use the BGW's wifi to host devices that I don't necessarily want on my main LAN (echo devices, robot vacuum cleaners etc..). Though I want to be able to filter the traffic.

I tried creating two bridges (br0 - main lan, br3 - iot devices lan) and assigned a physical interface complete with it's own DHCP service on my own router.  If I connect my laptop to the ethernet port it receives an IP in that range and internet works. But when I connect to the BGW, it seems to create some sort of loop. I did also set STP on the bridge interfaces. I also found out that even the guest wifi's DHCP gets killed, yet there doesn't seem to be a way to get DHCP running externally on the guest wifi. So I don't understand why the BGW offers this setting at all.

Is there some sort of advanced/technician expert settings hidden administration settings section somewhere I'm not seeing? Is there some other way of getting this done? I started reading about cascading routers but that seems like it's for making a second router hand out public IPs VS NAT addresses. Appreciate any help with this.

Accepted Solution

ACE - Expert

 • 

34.9K Messages

2 months ago

There is no SSH.  There are no hidden menus.  The BGW320 is a consumer device for the 99% of the users who don't want to do anything fancy.  The best thing for you is to set up IP Passthrough and pass all traffic to your router.  Then use your router for everything; guest networks, etc. and just pass the traffic through the BGW320.

9 Messages

1 month ago

@JefferMC. So that's definitely an option, though a wasteful one. 

ACE - Expert

 • 

34.9K Messages

1 month ago

AT&T requires the Gateway so that they have a device they can manage.  They don't want you managing it outside a few limited choices.  I, on the other hand, don't want to surrender access to my internal network to my ISP (AT&T or anyone else).

9 Messages

1 month ago

I mean I get that they don't want to deal with complex network issues on a residential modem. However they need to provide the tools to properly secure their own equipment. For instance, WPS comes pre-enabled on their BGW devices, which is highly insecure. On top of this (I personally disabled it) and much to my surprise a few months later they re-enabled it. They can't keep their own equipment secure but opt to not give us the tools to fix it ourselves. 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.