Tutor
•
10 Messages
Business Internet 100 (Arris BGW210) to connect to my firewall/router/ASA
I'm looking for how to configure the ArrisBGW210 AT&T-provided gateway to forward all packets (ICMP, TCP, UDP, GRE, ESP, AH, and L2TP protocols) for all five of my static IP addresses to a single firewall/router device. Further, there should be no port filtering for ICMP, TCP and UDP. My device will do any routing necessary, as well as all providing complete stateful connection monitoring for ICMP, TCP, and UDP. I'm NOT looking for support for my connected devices, just a feed that looks like what I saw over a T1 leased-line circuit.
(In trying to use U-Verse technical support several times, the technicians didn't understand what
MY (CASCADED) ROUTER/FIREWALL:
Four Ethernet ports: eth0: UVerse Gateway, eth1: Internal LAN, eth2: Mail server, eth3: Web server
CentOS 7.4 ,IPTABLES (BGP-38 compliant configuration, mostly closed)
IPv4 method: manually set.
IPv4 address: 192.168.1.253
IPv4 netmask: 255.255.255.0
IPv4 gateway: 192.168.1.254
IPv6: disabled
DNS: 8.8.8.8, 8.8.4.4
UVERSE GATEWAY:
Manufacturer ARRIS
Model Number BGW210-700
Device IPv4 Address 192.168.1.254
DHCPv4 Netmask 255.255.255.0
DHCP Server On
DHCPv4 Start Address 192.168.1.64
DHCPv4 End Address 192.168.1.253
DHCP Leases Available 188
DHCP Leases Allocated 2
DHCP Primary Pool Private
Secondary Subnet Enabled
Public Subnet
Cascaded Router Status Enabled
Cascaded Router Subnet 76.209.1.160/255.255.255.248
IP Passthrough Status Off (private IP address)
Port1 through port4: Auto/Auto
IPv6 OFF
DHCPv6 ON
DHCPv6 Prefix delegation ON
Router Advertisement MTU 1472
Wi-Fi both radios OFF
MAC Filtering all DISABLED/No MACs Found
Private LAN Address/Mask 192.168.1.243/255.255.255.0
DHCP Server Enable ON
Range .64 through .253
DHCP lease is 1:0:0:0
Public Subnet Mode off
Cascaded Router Enable ON
Cascaded Router Address 192.168.1.253
Network Address/Mask 76.209.1.160/255.255.255.248 (/29)
IP Allocation
192.168.1.253 (00:21:9b:87:66:f8) On Fixed-allocation
Firewall Status
Packet Filter OFF
IP Passthrough OFF
NAT Default Server OFF
Firewal Advanced ON
NAT/Gaming NO APPLICATION HOSTING ENTRIES HAVE BEEN DEFINED
Public Subnet Hosts NONE DEFINED
IP Passthrough
Allocation mode OFF
Firewall Advanced:
Almost all set to off except Flood, which can't be changed.
Reflexive ACL ON
drbobbyk
Mentor
•
48 Messages
6 years ago
Hi!
I have a similar setup and it works fine. I have a /27 block.
Set your own router external interface to a 192.168.1.x address, say 192.168.1.10
Set the modem's cascade router to enabled and set the field in the modem interface for cascade router address to 192.168.1.10.
Then, for the subnet network, you give it your CIDR block. I wouldnt use a dhcp address for your external interface (say .253). I'd hard code it to .10 or some number outside of the dhcp range.
That setup works for me.
Message me if you have any other questions.
Bobby
0
0
satch89450
Tutor
•
10 Messages
6 years ago
Are you running a public mail server through this setup? If so, how are you setting up your MX and A records? What does http://whatismyip.com reporting as your address?
0
0
drbobbyk
Mentor
•
48 Messages
6 years ago
Hi!
Yes, I am running my own dns, email, web, and pbx servers using my AT&T assigned /27 block of IPv4s.
I had to contact ConnTech folks and pay $50 to get them to unblock port 25. The regular AT&T tech support (sic) folks can't do it. They vaguely know about it. ConnTech folks knew the procedure it took me about an hour to get it done.
For reverse records (you're gonna want to get AT&T to add reverse records for your block), go fill out a DNS request form on http://att.net/dns url and tell them what IP addresses you want to have associated with what FQDNs.
Bobby
0
0