Get superfast AT&T Fiber internet
H

New Member

 • 

4 Messages

Wed, Jun 23, 2021 10:48 PM

Cascade Instructions (LAN to WAN) for AT&T Fiber BGW320-505 To Second Router With Public Static IP Block

I'd like to cascade the BGW320 into my other router that's set up behind it, including managing a block of public static IPs I got. My understanding of what I'm trying to accomplish is to make the BGW320 as hands-off as possible so that the UDMP can manage the firewall and all traffic. I can find instructions for IP passthrough and other bits and pieces of things I need to consider. But I think the public static IP block adds a layer of complication. I've read that I should NOT do IP Passthrough and instead do the cascading thing. Again, I'm not sure and nothing walks me through the entire process that I can follow. I'm new to this stuff and I'm hoping someone can dumb it down enough for me to understand.

Here's what my setup looks like right now:

AT&T Fiber Internet --> BGW320-505 --> Unifi Dream Machine Pro (UDMP) <-- All other devices

  • Nothing else is connected to the BGW320 aside from the UDMP (LAN to WAN). That is, an RJ-45 cable is plugged into one of the BGW320's ethernet ports, and the other end is plugged into the "internet" port of the UDMP.
  • The only adjustments I made so far is to disable the BGW320 wifi so as to not interfere with the UDMP wifi access points.
  • As mentioned, I bought a block of 5 usable static public IPs from AT&T. But I'm not sure how to utilize these. The info the AT&T tech provided looks like:
    • Gateway IP XX.XX.XX.206
    • Subnet Mask XXX.XXX.XXX.XXX
    • IP Range XX.XX.XX.201 --> XX.XX.XX.205

If your network is working fine why do you want to do any of this?

I'm going down this road because I was trying to set up a Plex server. I ran into a "double NAT" issue and nobody outside my home network can access my Plex server. I think the double NAT issue will be resolved by cascading the routers.

Why did you buy public static IPs?

Also because of the Plex server. I thought these were needed to facilitate connecting to the server and that one of these static IPs would be assigned to it. Clearly I'm confused about this. I got it in my head that the UDMP would get one of the public static IPs and then the Plex server gets another one? Or maybe I'm supposed to assign static public IPs to all three devices in question (BGW320, UDMP, Plex server)? I'm really not sure. Currently the Plex server is connected to the UDMP like any other device.

What is your Plex server?

I bought a Synology DS920+ NAS. It has a built in OS that can install Plex onto itself. Setting up the hardware was fairly easy. And like I said, devices within my network have no problems streaming from the Plex server right now. External connections -- say, a friend with the Plex app on their TV -- can see my Plex libraries on their side but cannot stream anything. Ultimately this is what I'm hoping to resolve.

Thanks in advance for any help offered. Let me know if there's any other info or screenshots or pictures I can provide. I'm outside my comfort zone here but am very excited to learn how to do all this.

Accepted Solution

Official Solution

JefferMC

ACE - Expert

 • 

26.7K Messages

7 m ago

That's fairly easy.  AT&T's standard spiel is here:

Configuring IP Passthrough and DMZplus - AT&T Internet Support

You want to:

  1. Connect via cable as you have described
  2. Ensure that the UDMP and the Gateway don't use the same subnet for their LAN (if both at 192.168.1.0/24, move one off to 192.168.2.0/24 or something else).
  3. Set up IP Passthrough mode with DHCP-Fixed to the UDMP.
  4. Turn off any additional filters you don't want the Gateway doing in Firewall > Advanced
  5. Reboot the Gateway and the UDMP.
  6. Turn off Wi-Fi on the Gateway
  7. Set up the desired port forwarding in the UDMP.
JefferMC

ACE - Expert

 • 

26.7K Messages

7 m ago

Before I tell you how to set this up, I want to talk this out with you.  After trying to help people set up what they thought they wanted and us both getting frustrated as our stories change, I've learned to gather more data up front. :-)

You could give WAN side of your UDMP one of your 5 public IP addresses and let it handle the world behind it.  It can perform NAT from its private side to the WAN address.  You can do port forwarding in the UDMP.  

What you could not do in that configuration is have the UDMP perform NAT from private addresses to one public address and ALSO have it handle a different public address directly to an internal host.  So you can't have the UDMP handle all your clients and then map a Public IP to the Plex and/or a public IP to the Synology (assuming they're different, because you can install Plex on the Synology, or a Raspberry PI, or a Windows desktop).

You should be able to give all five of the public IPs to the UDMP to handle all five of them.  You could then have a Plex server, a separate Synology server, and 3 more, all behind the UDMP.  But then it couldn't do NAT for those addresses, or the public dynamic address.  It would only be handling your public static block.

You could decide to give back the Public Block (and keep $15/month) and just use the Public Dynamic address that you get and do IP Passthrough to the UDMP and do Port Forwarding and NAT with the Public Dynamic address.  The AT&T Public Dynamic address is remarkably static (you will probably keep the same address for years, in fact you'll have a hard time changing it if you wanted to).  It's stable enough to give your brother and not worry it'll change soon.  If you were running a business website, you might not want to publish a DNS entry to it.

Which of these sounds closer to what you want to do? Feel free to ask more specifics.  

(edited)

New Member

 • 

4 Messages

7 m ago

Thank you very much for spelling out the can/can't-do's in each scenario. That actually cleared up a lot of misconceptions I had. For my situation, I'd like to go with:

give back the Public Block (and keep $15/month) and just use the Public Dynamic address that you get and do IP Passthrough to the UDMP and do Port Forwarding and NAT with the Public Dynamic address.

New Member

 • 

4 Messages

7 m ago

I'll give this a try and report back. Thank you very much!

New Member

 • 

4 Messages

7 m ago

Just wanted to let the thread know I was indeed able to get everything working the way I wanted. Many thanks to JefferMC for the help.

New Member

 • 

8 Messages

2 m ago

I have a double-nat. I’m trying to set my router up like this. I have a bgw320-505 —> GAt-ax11000. 

JefferMC

ACE - Expert

 • 

26.7K Messages

2 m ago

So, PCE, what do you want to do?

New Member

 • 

8 Messages

2 m ago

I’m trying to clear the double Nat. I been reading that I can’t bridge the att router. I need it to pass thru and let my router be the main. I have a large number of devices. 

New Member

 • 

8 Messages

2 m ago

I have same set up but I don’t know my static ip. I know I had it they changed my equipment. 

JefferMC

ACE - Expert

 • 

26.7K Messages

2 m ago

If you don't know your static IP block, you can't do much of anything.  You should be able to find it in the Gateway on the Home Networks > Subnets & DHCP tab, most likely under Public Subnet: Public Gateway Address.

And, "getting rid of Double-NAT" may be an objective.  But how do you want your network configured?  Why do you have a public static block?

(edited)

New Member

 • 

8 Messages

2 m ago

I got the static for my wife working from home. Thought it better stable with her vpn. 

New Member

 • 

8 Messages

2 m ago

Also these Xbox’s keep having issues with the double Nat

JefferMC

ACE - Expert

 • 

26.7K Messages

2 m ago

Okay, @PCE , so you have multiple XBOXes (but fewer than 5) that you want to all be on the network at the same time, correct?   You want all these XBOXes to connect to your router (not the Gateway)?  What other devices do you need to connect to the router (and work)?

Are you willing to consider connecting the XBOXes directly to the Gateway instead of your router?  Perhaps by Ethernet?


EDIT: how does your wife use VPN?  Does she connect a client from her PC to a VPN server somewhere else?

(edited)

New Member

 • 

8 Messages

2 m ago

Client to vpn somewhere. It’s for Apple. I have 4 routers. My first is att bgw320-505, then  ax11000, then one in ap mode, and one in media mode. The last two go thru ax11000. I have 67 devices. I need the internet to pass thru att to ax11000. I have a static. Also two switches. A lot of hard wiring. 

JefferMC

ACE - Expert

 • 

26.7K Messages

2 m ago

@PCE there are basically two different ways to set up a public static block, and the questions I'm asking are intended to try to figure out which one of these two will suit you best.  In a nutshell:

1) The Gateway can have 5 different MAC addresses assigned to the 5 different public static IP addresses and handle them for you.  This would take care of your multiple XBOXen wanting to play simultaneously on public static addresses.  Your router can take care of everything else via NAT.  

2) The Gateway can be set to expect that another router that is directly connected to it will handle the 5 public static addresses.  That router will own the router address for the public static block.  The problem here is that most routers cannot do this and do what most people expect that a router behind the gateway will do, i.e. perform NAT for a bunch of random devices.  So you'd need two routers, one to handle the XBOX and their public static, and the other router in IP Passthrough mode to handle all your other Internet requirements.

The switches, the Access Points, and even the Media Bridge are not all that important to the conversation at this point: they're all operating as layer 2 devices just getting the IP traffic to the endpoints after its been routed.

Need help?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.