Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
ATTHelpForums's profile
Community Support

Community Support


2.6K Messages

Fri, Oct 20, 2017 5:34 PM

Bridge-mode vs IP Pass-through - Info from the AT&T Community

Learn how to set up your own router


The Arris BGW210-700 BGW320 is an advanced residential gateway that supports VoIP, IPv6, video delivery, security firewall, and extensive remote management features. 


The BGW210-700 Broadband Gateway delivers robust video, primary line telephony, and high-speed data over broadband networks via high-speed Internet connectivity.


The four Gigabit Ethernet ports can be separated into different services allowing the configuration of dedicated ports for data. It is designed for advanced DSL network service deployments and supports Quality of Service (QoS) and IP Passthrough.

Heads up: MAC Filtering has been disabled on the 5268AC. If you are in need of a modem that requires MAC Filtering, please reach out to us in the AT&T Community


Determining the Business Need

You may need your gateway configured or placed into a Bridged Mode. The internet architecture does not allow for bride mode, but you can setup IP Passthrough, which should allow for most of the same things. 


IP Passthrough means the AT&T supported CPE device terminates the DSL, authenticates with the network (Receives a WAN IP) and shares that IP address with a single device connected to the AT&T supported CPE equipment. This configuration is often times suitable for a business customer desiring to connect third party equipment to AT&T supported equipment. The IP Passthrough configuration still allows AT&T support groups to access the AT&T supported equipment while allowing end-users to connect third party equipment in a configuration they desire. The IP Passthrough configuration will only allow one connection to AT&T supported equipment to be "unfiltered" or pingable from the WAN or internet side of the AT&T equipment (does not support multiple pingable connections).


The IP Passthrough feature allows a single PC on the LAN to have the AT&T Gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet.

Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.


Note: Remember to make a copy of all current IP settings before proceeding.


Configuring IP Passthrough

Run your Web browser application, such as Firefox and Chrome, from the computer connected to the Arris BGW210-700 and BGW320. 

  • Enter in the Location text box. 

  • Click the IP Passthrough tab and configure your settings. 

Dynamic host configuration protocol (DHCP) address serving can automatically serve the WAN IP address to a LAN computer.


When DHCP is used for addressing the designated IP Passthrough computer, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single servable address subnet, and reserve the address for the configured PC's MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.


  • The two DHCP modes assign the needed WAN IP information to the client automatically.

    • You can select the MAC address of the computer you want to be the IP Passthrough client with fixed mode or with first-come-first-served dynamic. The first client to renew its address will be assigned the WAN IP.


  • Manual mode is like statically configuring your connected computer. With Manual mode, you configure the TCP/IP Properties of the LAN client computer you want to be the IP Passthrough client. You then manually enter the WAN IP address, gateway address, and so on that matches the WAN IP address information of your AT&T device. This mode works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still able to access the AT&T BGW210 device and other LAN clients on the 192.168.1.x network.

  • DHCP Lease: By default, the IP Passthrough host's DHCP leases will be shortened to two minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the IP Passthrough host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting. 

  • Click Save. Changes take effect upon restart.


Note: IP Passthrough Restriction

Since both the BGW210 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW210. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.


Jared, AT&T Community Specialist


AT&T Help

Need help with an account specific question?  Post a new question here on the forums by clicking the "Ask a Question" button.
For additional support, please visit us at our AT&T services hub.

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.

Still need help? Ask a question! Our 1.4 million members typically respond within 1 hour.

4 Attachments



2 Messages


I just got ATT Gigfiber and a BGW320-505. I would like to be able to ssh into a Mac with a wired connection to the BGW320-505. 

Do I need to use a separate router to get full speed as someone a few messages earlier said? If not, is there some documentation on how to get IP Passthrough to assign a public IP address to this MAC in a secure manner with no loss of speed. Riight now I'm getting over 950 MB up and down and would like to keep it that way.

New Member


1 Message


Is there a way to configure the BGW320-505 modem/router to use multiple ports, one for passthru to my pfSense router and another for a separate wifi router?  It works fine today using one port in passthru mode connected to my pfSense box giving it the ATT WAN IP (which I do need for my pfSense VPN). 

I'd like to connect a wifi router to another port on the BGW320-505 for my IOT stuff and insure that my IOT stuff has absolutely no access to anything behind the pfSense box. 

Yeah, I know the pfSense box can do lots of cool stuff like this but if I can keep it simple and just plug in an old ASUS wifi router to another port on the ATT modem I'd like to take the low road.

Is this possible?


ACE - Expert


29.9K Messages


@gordonshumway , you could, but you'd have to get a block of public static IP addresses from AT&T (for $15/month) so you could assign one of those addresses to the second rounter.



31 Messages


My internal router is running OPNSense firmware.  I wanted to know if there are any WAN interface settings I need to make on the internal router once it is connected to BGW in passthrough mode?  Do I need to input the BGW MAC address or Gateway IPv4 Address?  Or, will just plugging in the OPNSense WAN to the BGW LAN interface will do the trick?


ACE - Expert


29.9K Messages


Assuming the OPNSense comes configured for Dynamic IP configuration, just plug the OPNSense WAN into the BGW LAN.  Then go to the IP Passthrough screen an choose DHCP-Fixed and select the OPNSense in the dropdown.  Once you've saved it, reboot both.  

Also note that you should have different LAN subnets on the two routers.




31 Messages


Yes, thank you.  I set the BGW to and the OPNsense router to  Followed the instructions, and the OPNsense router came up perfectly.

Note for anyone attempting this with OPNsense firmware:  Do NOT plug in the OPNsense router until you have completed all changes on the BGW router and re-booted it.  I know this presents a problem when trying to set the Passthrough Fixed MAC Address, but if you can get it in advance and enter it manually, that would be best.  The problem (I ran into) is that when you bring up the OPNsense router the first time, it configures the WAN and LAN based upon the BGW (assuming it's connected). 

Because I did this before I had changed the BGW subnet, the initial setup was incorrect and I ended up having to reset the firmware to factory default and start over.  And, another note on factory default reset: In my case (installing OPNsense firmware on a mini pc), after reset, the "installer" login name no longer works.  You must use root | opensense.  Took me a while to figure that one out.  Not documented anywhere I can find.

So, by connecting and running the OPNsense install AFTER setting BGW to passthrough mode and changing it's subnet, the firmware configured the WAN interface perfectly.  

Huge thanks to everyone who has contributed here.

New Member


27 Messages


i think this might be similar conversation to what i need as well


Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.