rfrench2k's profile

Contributor

 • 

1 Message

Tuesday, January 22nd, 2019 5:26 AM

Router Exposed with addition of Static IP Addresses

I recently joined ATT U-Verse Internet  75 down 20 up.  For years I have been hosting a dynamic DNS website on a server at home and got that working just fine with ATT. In short, I have the ATT modem/router set to passthrough and i am using a Netgear Nighthawk X6 router to  take care of all the port forwarding to my server. 

 

I decided that I wanted to try out having a static IP so that i could use SSL. I had no problem setting that up, but am now concerned about overall security and firewall protections.

 

Problem #1: My first concern is that the ATT BGW210-700 router is now completely visible using the Public Subnet Gateway Address. For whatever reason, this router doesn't seem to require a password to see it. This exposes many settings and actions including the wifi password and "Restart" simply by going to the public gateway IP address. This surprises me because Remote Access isn't even enabled. I've clicked through all the settings and for the life of me cannot figure out a way to secure the router so it isn't exposed. Does anyone have any suggestions? Here are the ATT Router settings that i think are relevant.

Public Subnet Mode = "On"

Allow Inbound Traffic = "Off"

Primary DHCP Pool = "Private"

 

Problem #2: My second concern is that there appear to be firewall settings that you can use that apply to the public subnet, but no matter what i do, it doesn't seem to make a difference. I have a single Public static IP address that i have assigned to my webserver and figured out how to get it working with SSL. But right now my server is completely exposed. Reading the ATT Router Help would lead me to believe that i can use the "Public Subnet Hosts" functionality to set-up rules as to what activity i want to allow through the subnet. I enabled the Public Subnet Hosts and then set-up two rules. One rule for the server IP address TCP for Ports 80-81, and one rule for the server IP address for UDP for Ports 80-81. Since the "Allow Inbound Traffic" is "Off" i thought this would allow normal http (port 80), but disallow https on port 443. This doesn't seem to be the case as i can get to the webserver both ways. I'd really like a way to limit the access to this public IP address to just port 80 and port 443, but if i cannot even keep it from getting to 443, how can i be confident that it isn't getting to other ports? 

 

One other point of set-up that may or may not be relevant.  For now, I have two network cards in my server, one connected to my NetGear Router, and one connected directly to the ATT Router. I do not want to turn off any of the Dynamic DNS activities until i can figure out this security stuff. This means that right now i am able to get to my server website using both the Dynamic DNS Domain and the Domain that i have set-up to use the Static IP Address.  I do not believe that this is causing me to not be able to secure the Static IP Addresses because i did disable the IP Passthrough for a bit to test and see if that made a difference on Problem #1 or Problem #2 and it didn't make a difference.

 

I would very much like to hear from others who may know more about how this router works than me.  I look forward to your thoughts. Thanks in advance for your help.

 

 

 

 

 

Expert

 • 

15K Messages

5 years ago

If you are talking about the att gateway's "home" page, 192.168.1.254, that cannot be seen from the "outside" except if someone has a wifi connection to it.  If no one knows the wifi password, while they can see that page, they can't make any changes if they don't also know the access code and that isn't on that page.

 

The only other way is physical access to the gateway, i.e. wired, but you control that.

 

The fact that none of the att gateways password protect their home page has been discussed numerous times.

 

The rest of your post I can't answer.

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.