Let AT&T help you elebrate your dad with Father's Day Gifts that connect us.
Get superfast AT&T Fiber internet
H

New Member

 • 

4 Messages

Wednesday, June 23rd, 2021 10:48 PM

Cascade Instructions (LAN to WAN) for AT&T Fiber BGW320-505 To Second Router With Public Static IP Block

I'd like to cascade the BGW320 into my other router that's set up behind it, including managing a block of public static IPs I got. My understanding of what I'm trying to accomplish is to make the BGW320 as hands-off as possible so that the UDMP can manage the firewall and all traffic. I can find instructions for IP passthrough and other bits and pieces of things I need to consider. But I think the public static IP block adds a layer of complication. I've read that I should NOT do IP Passthrough and instead do the cascading thing. Again, I'm not sure and nothing walks me through the entire process that I can follow. I'm new to this stuff and I'm hoping someone can dumb it down enough for me to understand.

Here's what my setup looks like right now:

AT&T Fiber Internet --> BGW320-505 --> Unifi Dream Machine Pro (UDMP) <-- All other devices

  • Nothing else is connected to the BGW320 aside from the UDMP (LAN to WAN). That is, an RJ-45 cable is plugged into one of the BGW320's ethernet ports, and the other end is plugged into the "internet" port of the UDMP.
  • The only adjustments I made so far is to disable the BGW320 wifi so as to not interfere with the UDMP wifi access points.
  • As mentioned, I bought a block of 5 usable static public IPs from AT&T. But I'm not sure how to utilize these. The info the AT&T tech provided looks like:
    • Gateway IP XX.XX.XX.206
    • Subnet Mask XXX.XXX.XXX.XXX
    • IP Range XX.XX.XX.201 --> XX.XX.XX.205

If your network is working fine why do you want to do any of this?

I'm going down this road because I was trying to set up a Plex server. I ran into a "double NAT" issue and nobody outside my home network can access my Plex server. I think the double NAT issue will be resolved by cascading the routers.

Why did you buy public static IPs?

Also because of the Plex server. I thought these were needed to facilitate connecting to the server and that one of these static IPs would be assigned to it. Clearly I'm confused about this. I got it in my head that the UDMP would get one of the public static IPs and then the Plex server gets another one? Or maybe I'm supposed to assign static public IPs to all three devices in question (BGW320, UDMP, Plex server)? I'm really not sure. Currently the Plex server is connected to the UDMP like any other device.

What is your Plex server?

I bought a Synology DS920+ NAS. It has a built in OS that can install Plex onto itself. Setting up the hardware was fairly easy. And like I said, devices within my network have no problems streaming from the Plex server right now. External connections -- say, a friend with the Plex app on their TV -- can see my Plex libraries on their side but cannot stream anything. Ultimately this is what I'm hoping to resolve.

Thanks in advance for any help offered. Let me know if there's any other info or screenshots or pictures I can provide. I'm outside my comfort zone here but am very excited to learn how to do all this.

New Member

 • 

8 Messages

3 years ago

I got the static for my wife working from home. Thought it better stable with her vpn. 

New Member

 • 

8 Messages

3 years ago

Also these Xbox’s keep having issues with the double Nat

ACE - Expert

 • 

35.8K Messages

3 years ago

Okay, @PCE , so you have multiple XBOXes (but fewer than 5) that you want to all be on the network at the same time, correct?   You want all these XBOXes to connect to your router (not the Gateway)?  What other devices do you need to connect to the router (and work)?

Are you willing to consider connecting the XBOXes directly to the Gateway instead of your router?  Perhaps by Ethernet?


EDIT: how does your wife use VPN?  Does she connect a client from her PC to a VPN server somewhere else?

(edited)

New Member

 • 

8 Messages

3 years ago

Client to vpn somewhere. It’s for Apple. I have 4 routers. My first is att bgw320-505, then  ax11000, then one in ap mode, and one in media mode. The last two go thru ax11000. I have 67 devices. I need the internet to pass thru att to ax11000. I have a static. Also two switches. A lot of hard wiring. 

ACE - Expert

 • 

35.8K Messages

3 years ago

@PCE there are basically two different ways to set up a public static block, and the questions I'm asking are intended to try to figure out which one of these two will suit you best.  In a nutshell:

1) The Gateway can have 5 different MAC addresses assigned to the 5 different public static IP addresses and handle them for you.  This would take care of your multiple XBOXen wanting to play simultaneously on public static addresses.  Your router can take care of everything else via NAT.  

2) The Gateway can be set to expect that another router that is directly connected to it will handle the 5 public static addresses.  That router will own the router address for the public static block.  The problem here is that most routers cannot do this and do what most people expect that a router behind the gateway will do, i.e. perform NAT for a bunch of random devices.  So you'd need two routers, one to handle the XBOX and their public static, and the other router in IP Passthrough mode to handle all your other Internet requirements.

The switches, the Access Points, and even the Media Bridge are not all that important to the conversation at this point: they're all operating as layer 2 devices just getting the IP traffic to the endpoints after its been routed.

New Member

 • 

8 Messages

3 years ago

I’m trying to achieve #2. 

New Member

 • 

8 Messages

3 years ago

I really appreciate your help and time. 

ACE - Expert

 • 

35.8K Messages

3 years ago

Okay, your ASUS router is a fancy and powerful home router.  However, the UI won't give you the capability (at least that I know of) to simultaneously be able to do NAT for some clients (most of your devices) and not for others (your XBOXes and your PC running the VPN client).  It's probably possible to do with some poking under the hood, given the architecture, but I'm going to have to beg off on how you would do so.  Maybe someone at the Small Network Builders forum (https://www.snbforums.com/) can help there.

If you had two of these, then you could dedicate one to the Xboxes to handle the public static subnet (which is Cascaded Router), and the other could use the public dynamic address and do NAT for your other traffic (which is a normal, basic IP Passthrough configuration).  If you really want the VPN client to have the public static, then it would have to be attached to the XBOXes' router.

(edited)

New Member

 • 

1 Message

2 years ago

@JefferMC I truly appreciate your thoroughness, here. I'm interested in using the second option you described for PCE - it seems like that would be the "cascaded router(CR from here on out)" option. 

If it is, could you point me to documentation that details how it works generally and how to implement it on the BGW320-500? I actually enjoy the RTFM and can't find anything that resembles a thorough admin guide. Else, any knowledge you can unload would be appreciated... From what I gathered, CR seems like it's merely pointing routes to the gateway defined but because I don't understand what's fundamentally happening I'm wary of implementing it. And it leads to more questions like: why the sparse instructions indicate that it'd prefer I specify a default route if using passthrough mode or... how does it interact with passthrough mode? Is an RFC1918 address space required in the CR config? Could I simply assign the public address space to the firewalls behind the BGW320? 

As for environment details: I have a couple of enterprise grade firewalls that I'd prefer own the static block I purchased and host several environments behind them. So they're equipped to handle janky NAT's and then some. 

ACE - Expert

 • 

35.8K Messages

2 years ago

Manual?  Manual?  We don't need to give the customers no stinkin' manual.

Setting up Cascaded Router causes the Gateway to set up a static route to the local IP given for all traffic to the public static block.  All traffic that comes in gets forwarded to that local address.  And, of course, all traffic from there gets sent to the Internet without NAT.  Filtering rules and flags still apply.  The Gateway is still a hop, but a very inobtrusive hop.  The customer router then has a "regular LAN" IP address from the Gateway as its WAN IP and needs to adopt the router address of the public static subnet as its LAN IP.  It can either give out the 5 IPs via DHCP or you can statically assign them as you desire.

It is possible in the Gateway to use the IP Passthrough router as the Cascaded Router as well, you just specify 0.0.0.0 as the address of the Cascaded Router.   However, most consumer routers have no idea how to deal with this situation.  If you're using something like ASUSWRT-Merlin and can do addons behind the scenes, it should be possible.  But you have to convince it to handle both a private subnet and provide NAT for it, and handle the public subnet and not provide NAT for it (which is exactly what the Gateway does in the non-cascaded router configuration).  The customer router GUIs do not contemplate such a thing.

(edited)

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.