Uniquely for you. Preorder the new Google Pixel 6.
satch89450's profile
satch89450
#1 Star!
The 5th element!
Helpful 1

Tutor

 • 

10 Messages

Thu, Dec 7, 2017 5:35 AM

Business Internet 100 (Arris BGW210) to connect to my firewall/router/ASA

I'm looking for how to configure the ArrisBGW210 AT&T-provided gateway to forward all packets (ICMP, TCP, UDP, GRE, ESP, AH, and L2TP protocols) for all five of my static IP addresses to a single firewall/router device.  Further, there should be no port filtering for ICMP, TCP and UDP.  My device will do any routing necessary, as well as all providing complete stateful connection monitoring for ICMP, TCP, and UDP.  I'm NOT looking for support for my connected devices, just a feed that looks like what I saw over a T1 leased-line circuit.

 

(In trying to use U-Verse technical support several times, the technicians didn't understand what

 

MY (CASCADED) ROUTER/FIREWALL:
Four Ethernet ports:   eth0: UVerse Gateway,  eth1: Internal LAN,  eth2: Mail server,  eth3: Web server
CentOS 7.4 ,IPTABLES (BGP-38 compliant configuration, mostly closed)
IPv4 method: manually set.
IPv4 address: 192.168.1.253
IPv4 netmask: 255.255.255.0
IPv4 gateway: 192.168.1.254
IPv6: disabled
DNS: 8.8.8.8, 8.8.4.4

UVERSE GATEWAY:
Manufacturer    ARRIS
Model Number    BGW210-700
Device IPv4 Address    192.168.1.254
DHCPv4 Netmask    255.255.255.0
DHCP Server    On
DHCPv4 Start Address    192.168.1.64
DHCPv4 End Address    192.168.1.253
DHCP Leases Available    188
DHCP Leases Allocated    2
DHCP Primary Pool    Private
Secondary Subnet    Enabled
Public Subnet    
Cascaded Router Status    Enabled
Cascaded Router Subnet    76.209.1.160/255.255.255.248
IP Passthrough Status    Off (private IP address)

Port1 through port4:  Auto/Auto

IPv6 OFF
DHCPv6 ON
DHCPv6 Prefix delegation ON
Router Advertisement MTU 1472

Wi-Fi both radios OFF

MAC Filtering all DISABLED/No MACs Found

Private LAN Address/Mask 192.168.1.243/255.255.255.0
DHCP Server Enable ON
Range .64 through .253
DHCP lease is 1:0:0:0
Public Subnet Mode off
Cascaded Router Enable ON
Cascaded Router Address 192.168.1.253
Network Address/Mask 76.209.1.160/255.255.255.248 (/29)

IP Allocation
192.168.1.253 (00:21:9b:87:66:f8) On Fixed-allocation

Firewall Status
Packet Filter OFF
IP Passthrough OFF
NAT Default Server OFF
Firewal Advanced ON
NAT/Gaming NO APPLICATION HOSTING ENTRIES HAVE BEEN DEFINED
Public Subnet Hosts NONE DEFINED

IP Passthrough
 Allocation mode OFF

Firewall Advanced:
  Almost all set to off except Flood, which can't be changed.
  Reflexive ACL ON

 

drbobbyk

Mentor

 • 

33 Messages

4 y ago

Hi!

 

I have a similar setup and it works fine.  I have a /27 block.


Set your own router external interface to a 192.168.1.x address, say 192.168.1.10


Set the modem's cascade router to enabled and set the field in the modem interface for cascade router address to 192.168.1.10.

 

Then, for the subnet network, you give it your CIDR block.  I wouldnt use a dhcp address for your external interface (say .253).  I'd hard code it to .10 or some number outside of the dhcp range.


That setup works for me.


Message me if you have any other questions.

Bobby

satch89450

Tutor

 • 

10 Messages

4 y ago

Are you running a public mail server through this setup?  If so, how are you setting up your MX and A records?  What does http://whatismyip.com reporting as your address?

drbobbyk

Mentor

 • 

33 Messages

4 y ago

Hi!

 

Yes, I am running my own dns, email, web, and pbx servers using my AT&T assigned /27 block of IPv4s.

 

I had to contact ConnTech folks and pay  $50 to get them to unblock port 25.  The regular AT&T tech support (sic) folks can't do it.  They vaguely know about it.  ConnTech folks knew the procedure it took me about an hour to get it done.


For reverse records (you're gonna want to get AT&T to add reverse records for your block), go fill out a DNS request form on http://att.net/dns url and tell them what IP addresses you want to have associated with what FQDNs.

 

Bobby

 

Need help?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.