Announcements
You Could WIN A Year Of Wireless Service – Learn More!
lisfolks

Mentor

 • 

40 Messages

Tue, Oct 4, 2011 2:28 PM

NVG510 Bridge Mode???

Just switched from DSL (Motorola 2210) to UVerse (Motorola NVG510). I set the 2210 into bridge mode and ran my home network from an Apple Airport Extreme Base Station (AEBS). I have some complex configurations on my network and figured I'd be able to do the same thing with the NVG510. However, it seems the NVG510 uses different terminology than I am used to.

 

Under Firewall/IP Passthrough, I set:

Allocation Mode to 'Passthrough'

Passthrough Mode to 'DHCPS-Fixed'

Passthrough Fixed MAC Address to the AEBS' MAC address

And, I left the Lease at the default 10 minutes.

 

On the AEBS, under Internet/Internet Connection, I switched from 'PPPoE' to 'Ethernet'. I left the Ethernet WAN Port value at 'Automatic (Default)'. And Connection Sharing is set to 'Share a public IP address'.

 

This apparently is not enough, though. The AEBS reports that the "Wi-Fi base station does not have a valid IP address", and that there is a "Conflicting DHCP Range".

 

How do I turn off the DHCP on the NVG510? And, what are the correct settings to put the NVG510 into bridged mode?

Responses

Contributor

 • 

2 Messages

9 years ago

Same problem here. 

 

I just got service 2 days ago, switching from comcast so this is a brandnew setup.  Internet works fine directly from the NVG510, but passthru not working to 3rd party router (I'm using a Netgear WNR2000)

 

Based on the information in this thread here's what I did in my setup to get it to work:

1. On the NVG510, I turned on IP Passthru, DHCPS-Fixed, using the MAC address of my Netgear router WAN port

2. On the Netgear router, I could see that it properly received the public IP address & gateway from the NVG510, but the subnet mask was set to 255.255.255.255.  (I think this is wrong.) 

3. In order to change the subnet mask, I had to turn off the WAN port's DHCP client, and I manually changed the subnet mask to 255.255.255.0.  I kept IP address and gateway as initially assigned by DHCP.

4. I also changed the DNS servers to use one from ATT, 99.99.99.53, but as a secondary I put in Google's Public DNS (8.8.8.8).

 

I also noticed that IPv6 is still turned on, and the Diagnostic test for IPv6 Continuity is failing.  In spite of that, my network is still working.  The OP seemed to require turning that off to get his to work, but mine is fine for right now. 

 

I also confirmed that this is a known bug with ATT techsupoort.  They told me that this is expected to be fixed in a patch due by the end of December (but at least 2 weeks out).  He told me it was priority #3, but he wouldn't tell me what the other top 2 were.  But I suspect alot of people have this very issue.

 

Tutor

 • 

4 Messages

9 years ago

good job becuase there is no such thing as bridge mode in uverse

only version of it under uverse is ip passthrough.

Tutor

 • 

4 Messages

9 years ago

lease in the nvg is no biggie i dont think it even works.

you are right with no leased static ip from att for an extra $15 a month

wan ip will change at a random point

Tutor

 • 

4 Messages

9 years ago

this is normal. and it will change until you pay the extra to get static from att

Tutor

 • 

4 Messages

9 years ago

uverse is not dsl there is no bridge mode

closest you will get is getting a 2nd router and using ip passthrough

Contributor

 • 

3 Messages

9 years ago

@listfolks - woo hoo!  Thanks.  That whole IPv6 thing did the trick.  I'm back to using my router with the NVG510 acting as 'bridge' using the suggested set up here.

 

Now - here's a trick question.

 

I have a machine (virtual) running on my network in bridged mode (gets its own IP direct on the local network.)  I have this machine reporting my Broadband IP address to a dynamic dns service.  (tklapp.com)

 

I also have my internal router (LinkSys E2000) forwarding port 80 to this same virtual machine.  I can access the web site running on my internal webserver (this virtual machine) NO PROBLEMS!  It's live to the world.

 

However this same web server has some SECURE site (HTTPS) applications running on it.  I can access those secure sites using the correct port when using the local IP address.  However - if I use either the Broadband IP address or the dynamic DNS domain name with the same port - the sites don't come up - browser says it's just a dead end.

 

I have port 443 forwarding to this same machine's IP address.

 

What could be going on here?

 

Thanks.

lisfolks

Mentor

 • 

40 Messages

9 years ago

Hmm, thinking this through, drosengarden...

 

First, were your HTTPS sites ever working since you got the NVG510? (Trying to figure out where/when they actually stopped working...)

 

Next, the IP Passthrough should be allowing all traffic to go through to your Linksys E2000. Therefore, your port forwarding schemes (80 and 443) should, theoretically, work correctly.

 

So, the next thoughts that come to mind are certificates and MAC address. Your NVG510 has a different MAC address than the gateway you had previously. The VM has some virtual MAC address being assigned to it. Is that MAC address the same as it has always been? Is there anything in your setup that depends on either of these MAC addresses?

 

Is there anything in your certificate(s) that needs to be re-generated since you have a new configuration (new public IP address?, new MAC address?)

 

And, finally, exactly which HTTP error means "it's just a dead end"? 😉 404 - page not found, 500 - internal server error, ...???

 

I'm thinking this issue may deserve a thread of its own. You could start a new one and link to it here...

Contributor

 • 

1 Message

9 years ago

The posting by lisfolks above is simply excellent and works. A bit of clarification for those with limited experience....

 

 1) Many routers use 192.168.1.1 as the router address so in the NVG510:

             instead set the DHCPv4 Start  Address to 192.168.1.253

             and set the DHCPv4 End  Address to 192.168.1.253  (...yes they are both set to  192.168.1.253)

Be sure and set the range of IP addresses that your router/gateway DHCP server can assign to not greater than 192.168.1.252    ....OR....

 Just make sure that any IP addresses assigned by your router/gateway DHCP server are never used anywhere else.

 

2) The router/gateway that you connect to the NVG510 must be set for Manual or Fixed IP. The ATT Broadband IPv4 Address and Gateway IPv4 Address can be found on the NVG510 Status page. They must be set as the Fixed IP and Gateway addresses and yes...the subnet 255.255.0.0 is correct.

 

3) Some routers will need to have the Primary DNS and Secondary DNS IP address manually set as well. These also can be found on the NVG510 Status page.

>>>An option is to instead use Google's public DNS servers. Their Primary DNS IP address is 8.8.8.8 and their Secondary DNS IP address is 8.8.4.4

 

4) Be sure that IPV6 is set ot OFF on the NVG510 Home Network / Configure page.

 

Observations:  The basic ATT internet service is Dynamic IP which means that ATT can change your public IP address whenever they want to. With the above configuration your internet connection will be instantly dead if ATT changes your public IP address.

The fact that the NVG510 passthrough mode works as it does may be a legitimate bug but I suspect otherwise. It could be the sort of bug built into cell phone firmware intended to keep you you from activating a cell phone bought from one carrier with a different carrier. ATT sells Fixed IP addresses in minimum blocks of five addresses for an additional ~ $15 per month. Without this feature/bug in the NVG510... A Fixed IP is completely unnecessary unless you simply must have one.   It's a business decision....Follow the money!!!!

 

mccwam01

Explorer

 • 

7 Messages

9 years ago


drosengarden wrote:

However this same web server has some SECURE site (HTTPS) applications running on it.  I can access those secure sites using the correct port when using the local IP address.  However - if I use either the Broadband IP address or the dynamic DNS domain name with the same port - the sites don't come up - browser says it's just a dead end.

 

I have port 443 forwarding to this same machine's IP address.


Are you sure your E2000 supports WAN IP address on your intranet?

 

I posted this same question elsewhere on this forum (no repsonse) but I think the NVG510 doesn't support local access of port forwarded servers using the WAN IP. A couple of years ago I was using a a Netgear VPN router with the ATT 2701 set in bridge mode just to get VPN remote access (no port forwarded then).

 

Then last year I switched out the ATT 2701 and used a BritePort 8201 modem configured in bridge mode connected to a Cisco RVS4000 VPN router to do what I think you're doing (Homeseer and HSTouch?). The RVS4000 allows local access to WAN addressed servers. This allows me to loop back test my HTTP webpages and use the same URL on my tablets when I'm inside my house or accessing my websites from internet hotspots.

 

Reading from this list, it doesn't look like I'll have a hands-off self repairing network (and yes, dynamic IP addresses change or they wouldn't call them dynamic) until we have a way for our third-party routers to work as they are designed. The NVG510 seems okay for the simple household (mine took 3 factory resets before it started behaving). 

 

Gone are the days when a household family had one computer and one printer attached to the computer. Even my mother-in-law has a computer, laptop, tablet and a network printer. When I described my setup to ATT Tech support they commented that I sound like a business not a household.  

 

lisfolks

Mentor

 • 

40 Messages

9 years ago

mccwam01 wrote:

 

"Reading from this list, it doesn't look like I'll have a hands-off self repairing network (and yes, dynamic IP addresses change or they wouldn't call them dynamic) ..."

 

A self-proclaimed AT&T employee responded earlier in this thread that the IP address won't change unless they swap you to a different port or change something up the line.

 

I agree this is against the idea of "dynamic" IP addresses, but think about it. AT&T is automatically turning on IPv6 on these devices. If they're going to start using IPv6, then everyone will have "static" IP addresses - that's a given with IPv6. When the IPv6 transition is complete, every device will have its own unique IP address. We'll no longer be using the 192.168 or 10.0 style IP (IPv4) addresses.

 

So, AT&T may be going away from dynamic IP addresses in their IP-DSL setup, since they're going to have to change their system anyway. Right now they have to keep the IPv4 addresses to tunnel the IPv6 through for devices/sites that can't use IPv6 yet. However, the IPv6 changes are moving along fairly quickly, so within the next couple of years, we may ALL have static IP addresses on each of our devices! (Now, how we'll be charged is an interesting question... by device and device type, perhaps? Say, every computer's access costs $x per month, each printer costs $y per month, and how much for those tablets and smartphones? Or, will our devices be registered to our account and they'll charge us strictly for bandwidth usage for all the devices on a given account, maybe?)

 

x0rg

Teacher

 • 

24 Messages

8 years ago

I guess many problems would disappear if a switch behind the NVG510 would be used instead of using another router behind that router, which is not a good idea at all. Below is my network layout where VPN is working fine, but MicroCell is not working.

 

Network Map

MicroCell is more important for me, so I switched to the second configuration, where IP Passthrough is turned OFF, MicroCell is connected to the modem directly and working fine, DIR-655 is connected to the modem. My computer was connected to DIR-655 and now is connected directly to the modem. VPN (PPTP) didn't work in both cases and I saw "GRE blocked" on the DIR-655, when my computer was connected to it.

x0rg

Teacher

 • 

24 Messages

8 years ago

I don't even see VPN requests from my home computer to the router at work (router's logs), which means the VPN stops on my modem at home, right? But when the modem is in Passthrough configuration - the VPN is working fine. This is weird.

x0rg

Teacher

 • 

24 Messages

8 years ago

OK, as I was told by AT&T tech, there is no PPTP passthrough in NVG510. Let's hope they fix it in the next firmware update.

mccwam01

Explorer

 • 

7 Messages

8 years ago

I was able to get my setup working using pass-through on the NVG510. My Cisco router supports loopback so I don't have to change anything when I take my laptop outside my intranet. The router also forwards the right ports to each (different) servers.  The MicroCell seems to work (cellphone clarity is very good). The Netgear WPN824 was my router (some time ago) but I've repurposed it as an access point (only) now.

 

My laptop can also VPN back into my intranet using Cisco's QuickVPN Client software.

 

For clarity I chose not show all my network attached devices   

 

 

 

 

 

 

House.png

brianb_1

Teacher

 • 

14 Messages

8 years ago

If you still need a solution, I've got one. Just did this myself. Took all bleepin' week before I got it worked out. If you have a block of public static addresses DO NOT bother trying to get "passthrough" mode to work, it is not necessary.

 

Simply do the following:

 

On the NVG510, go to Home Network tab, then Subnets and DHCP under that.  Go to Public Subnet Enable, and turn it On.

 

Place the last available address in your static public subnet in the "Public IPv4 Address" field. This is now the router's address in your public subnet block. Set the Subnet Mask appropriately (I have 5 usable in a subnet of 8, so I put 255.255.255.248). You can put the range of addresses in, not sure if it is necessary or not. I set the primary DHCP Pool to Public, but in hindsight that is most likely unnecessary, and perhaps even a bad idea. The KEY thing is that you turned it ON and set the IP address of the router... This lets the router know what the public address block is, and allows traffic to flow to devices on the LAN side that are assigned (by DHCP or statically) addresses in that block. I think if you leave that "Primary DHCP Pool" at private, you could leave the wireless option ON and devices could then get to the internet that way, but be given addresses from the "private" DHCP pool. They won't really be on your real private network, though, because that's setup on your other "real" router... And this NVG510 has NO static routing capability, at least none that you are allowed to set, so you cannot send traffic from its wireless clients back to your other router... But I digress...

 

Now, I have a Cisco 877, and I plugged FastEthernet0 port into the back of the NVG510 router. I then manually configured a vian with the rest of the addresses in my public block, and set the default route to the address you put into the NVG510's "Public IPv4 Address" field. Well, here are the details, including the fact that I had a site-to-site VPN setup (crypto map), and that is indeed working once again with the new default address of vlan2 below. For demonstration purposes, assume my public IP block is the 1.1.2.56 255.255.255.248 block...

 

Here are the relevant sections of my configuration:

crypto map myMapKey local-address Vlan2

!

...

interface FastEthernet0

switchport access vlan 2

no cdp enable

!

...

interface Vlan2

 description internet

 ip address 1.1.2.57 255.255.255.248

ip address 1.1.2.58 255.255.255.248 secondary

ip address 1.1.2.59 255.255.255.248 secondary

ip address 1.1.2.60 255.255.255.248 secondary

ip address 1.1.2.61 255.255.255.248 secondary

ip nat outside

ip virtual-reassembly

crypto map myMapKey

!

...

ip route 0.0.0.0 0.0.0.0 1.1.2.62

...

ip nat inside source list 110 interface Vlan2 overload

ip nat inside source static tcp 192.168.1.10 80 1.1.2.57 80 extendable

ip nat inside source static tcp 192.168.1.20 80 1.1.2.58 80 extendable

ip nat inside source static tcp 192.168.1.30 80 1.1.2.59 80 extendable

 

You'll have to figure out how to do this similarly with your router, I don't know anything about that one... Hopefully this is relevant and useful for setting that router up as well...