Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
Get superfast AT&T Fiber internet
R

New Member

 • 

2 Messages

Fri, Nov 12, 2021 2:42 PM

BGW320-500 in front of firewall

I do NOT have any external IPs. I do have my own internal DHCP.

I was able to put the BGW320-500 in Passthrough and that is all good. Everything works fine. 

However, the only way this works is if the WAN side of my firewall pulls internal DHCP from the BGW320-500. 

Is there no way, to have the BGW320-500 internal DHCP disabled and still have my firewall pull the external from the BGW320-500 modem? 

I have configured it, however, with the BGW320-500 internal DHCP disabled this is what happens:

My firewall will pull an external ATT IP. 

Everything will work for a bit, then when the firewall renews it pulls zero IP and everything goes down.

I then have to plug my laptop into the modem and re-enable DHCP so the firewall will pull an internal IP from the BGW320-500

Just out of security I don't want some to plug into the modem and get on the internet.  Of course, they won't be able to reach my LAN. It's just the fact of it at this point. 

Accepted Solution

Official Solution

JefferMC

ACE - Expert

 • 

29.9K Messages

1 عام مضت

There is no way to do this.  If someone has physical access to your Gateway, then they can do whatever they want, including factory resetting it to bypass any protections you may have applied.

IP Passthrough is the mechanism, unperfect as it is, to pass (partial) control of your connection to another router.  The Gateway still functions.

New Member

 • 

2 Messages

1 عام مضت

Side note - The only way I can think to make this possible is to configure my firewall like we use to do in the DSL days , with PPPOe or similar

ATTHelp

Community Support

 • 

200.3K Messages

1 عام مضت

We are here to help with your gateway, rhinoman1!

 

We recommend that you use our Tech 360 service for more help with your networking questions.

 

They will help you set up your network properly and give you all the answers that you need.

 

If you have any other questions or concerns, feel free to reach back out.

 

Thank you for choosing AT&T.

 

Marc, AT&T Community Specialist

 

 

JefferMC

ACE - Expert

 • 

29.9K Messages

1 عام مضت

I see no reason to contact Tech 360 in this situation.  There's nothing they can do, and they charge for their service.

New Member

 • 

2 Messages

9 m مضت

port forwarding if set on the Humax bgw320-500 latest modem in 2022 allows all ip addresses in the world through on that port. All other modems allow you to specify for each port forwarding rule: source ip address or range source port, destination LAN address(reserved in modem or static), destination port. This essentially only allows that source IP address to whitelist port froward versus the whole world. This modem is greatly reduced in functionality even for the most simplest tasks. So if you set up a custom Nat/gaming rule, it has only source port, and destination port and name. One would have to set up a packet filter rule ehivh id not the same as port forwarding since it does not allow the destination IP to be st.  This modem is junk and built for kindergarten gamers only

JefferMC

ACE - Expert

 • 

29.9K Messages

9 m مضت

Port Forwarding, by itself, routes traffic that arrives at the public address on a port (or range of ports) to a particular device inside the network, optionally remapping that port.  The Packet Filter feature continues to function on the BGW320, even when port forwarding is used, which can be used to limit what external users have access to that forwarded port.  

Please do not repeat the same information in multiple threads.  It is against community guidelines.

(edited)

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.