BGW320-500 Routing, ISP Gateway, and "192.168.254.254" secret interface
I have been attempting to get my BGW320-500 to work with pfSense, and came across the following in the process of troubleshooting.
I first enabled IP Passthrough on the BGW320, and entered the appropriate MAC address for DHCP. I connected my pfSense WAN interface to LAN1 and it received the public IP. I was able to ping my ISP gateway as is listed on the broadband details page of the BGW320. I could not however reach any host on the internet ie 18.104.22.168 or otherwise.
As I have a 192.168.1.0/24 network behind pfSense I went back to change the ATT device/subnet to 192.168.0.254.
After extensive checking/rechecking all settings within pfSense. Firewall rules, gateways, routing, everything. Rebooted both devices a few times.
I reconnect to the wifi provided by the BGW320 and start to investigate the NAT/state table. A private address pops out at me (192.168.254.254) as there is nothing that should be in this range. I investigate with traceroute and it shows as 1 hop away, same as my BGW320 @ 192.168.0.254.
I point a web browser at it and lo and behold it is the same as 192.168.0.254. All info the same. Even the section showing device MAC and IP.
I turn back to the state table and see a number of udp/dns entries and a single TCP established entry to 51.x.x.x: 5222.
I traceroute to this address and it shows as host down.
I retry the traceroute with the -Pn flag on zenmap/nmap as suggested.
I then do a SYN scan of the one port, 5222, and traceroute again. This time it shows the host as up.
So, what is going on here? Here's a SYN scan with all TCP ports targeted, showing same results except port on the "real" gateway 51010/tcp is filtered.