PACE 11.1.0.531418 DMZ Issue

Wow!  After battling with my RG for a while trying to figure out why DMZ+ mode wasn't working, I finally landed on this forum... naturally, I have the Pace 5268AC RG with v11.1.531418.  In my case, with back-to-back testing, I get 0 Mbps in DMZ+ vs. ~950 up and down through NAT on the RG.

I called the AT&T support line, talked to Thomas, and he assures me that, despite having U-verse service, a BGW210 will land on my doorstep tomorrow.  We shall see...

Enjoy your new Pace 5268 RG....

---

@Swerved wrote:

Enjoy your new Pace 5268 RG....

---

Got a good chuckle out of that one.

One question for some of the more technical people.  I am thinking about getting a block of static IPs ... not that I want to give ATT more money - but I think it would be useful for some things that I do and would give me some additional flexibility.   Do y'all think having a block of static IPs and assigning my router one would solve the issues?

As for my short term solution, I just ordered a BGW210-700 off of ebay for $25 - this is much cheaper than the time I would have spent talking to ATT tech support or dealing with a technician visit.  So for me - this is about problem solving - and not thinking for a minute that ATT really cares about me as a customer and would change anything on my account. 

Sure, it is unfortunate that ATT doesn't fix this - but my guess is that not only are we in the very small minority using the pass through / dmz+ feature.  I would also guess the majority of us on this thread (or who have the problem) haven't called in and are either using the double NAT workaround (either on purpose or out of ignorance) or buying routers off of ebay - sorry if this screws everyone else, but fighting the death star technical support is not my idea of fun or productive.  (Or how many people just don't pay attention - it took me about 3 weeks to notice).  It is also unfortunate that ATT doesn't give us the option more like a cable modem - they give us all something that will support their IPTV whether we are going to use it or not.  I switched from Comcast once ATT had fiber in my yard - and I knew the whole DMZ+ from having Uverse several years ago - so I was prepped. 

For me, whether or not we should have to deal with this crap, it is still an economic choice.  The only way to get the best price from either Comcast or ATT is to switch every year.  Before ATT fiber, I'd either have to live with poor speed with Uverse or try to threaten Comcast that I would switch to ATT (which they knew sucked).  Now I really can and will just switch between the 2, getting the new subscriber rates and having to deal with the whatever issues each of them brings to the table (I can tell you, the Craptastic grass is not that much greener - similar story different day/company).

@n2itus, normally the way you configure a public static block with your own router is normally by setting it up with the Cascading Router setup in the Gateway .  This causes the Gateway to pass all traffic for those IPs to that router to handle without interpretation.  Since you probably have more than 5 devices you want to access the Internet behind that router, this configuration probably wouldn't work for you.

However, setting up the Additional Network in the Gateway instead would allow you to configure your router with an "wan-side" address out of the public block and, IIRC, the proper default gateway address for your router would be the block's router address (which I believe the Gateway will advertise on the LAN in response to the Additional Network setup).  I think the traffic between the router with the public IP and the Internet would still be subject to the firewall filter rules, but would not need to be port forwarded, not should NAT occur on the Gateway.

@JefferMC Thanks for the input! - gives me some things to think about - I hadn't thought about how to do it yet.  You are right - I do have more than 5 devices so I'd still need to use my router (with a wan side address) - although I do have a couple things that it would be nice if they had their own IP - but probably still want them behind a firewall that I can control (i.e. not the gateway).  Do you know of any reasonably priced routers that would allow multiple wan connections (i.e. allow me to cascade or use a DMZ for some of the available wan IPs and NAT the rest through 1 wan IP)

@JefferMC after thinking about it - I think I've got it.  Again - thanks for your thoughts.  I had been thinking about installing PFsense anyway so I think this might move me closer.  It would look something like this:

gateway --> layer 2 firewall (e.g. PFsense) --> dumb switch --> devices with wan IPs

Not sure whether I'd still use a router or see how PFsense could NAT (assume it could, but would probably just use my existing router now with WAN IP at first)