jrf1213's profile

Contributor

 • 

2 Messages

Tue, Apr 2, 2019 10:20 PM

Securing the network behind uverse gateway bgw210

How does AT&T recommend securing the network behind a uverse gateway. (A better password on the gateway is not an acceptable answer)

The firmware that is currently installed is garbage IMHO, with little to no features for security, IDS or IPS features.

How does one setup Geo blocks for incoming connections?

ATTHelp

Community Support

 • 

195.2K Messages

Il y a 3 y

We'd love to help you secure your network, @jrf1213.

We recommend taking a look at our network security article for some tips and instructions, as well as downloading our Internet Security Suite Powered by McAfee for added security on your network and devices.

If you're tech savvy and want to ensure your network's security from unknown devices, we recommend enabling MAC Address filtering on your network to ensure that no devices other than the ones you've enabled are accessing the network.

We hope this helps!

John, AT&T Community Specialist

Mentor

 • 

36 Messages

Il y a 3 y

@jrf1213 You will need to get your own router and set the 210 for IP Passthrough.  I was able to get advanced firewall features like Geoblocking by using a pfSense box as my router.

Contributor

 • 

2 Messages

Il y a 3 y

@sportsvoice this is ultimately my goal and i have tried this previously with little success. Everytime i would put the pfsense box behind the 210 gateway i was not able to connect to internet on the lan side of PfSense. Does the gateway need to be a different subnet than the pfsense box. For example does the uverse gateway need to be 192.168.1.XXX and pfsense needs to be 192.168.2.XXX?

browndk26

ACE - Professor

 • 

4.7K Messages

Il y a 3 y

@jrf1213  I have my ASUS router on a different subnet like your example. You might want to post here. 

 

https://www.dslreports.com/forum/uverse

 

At least one person who posts there uses a pfsense box. 

ATTHelp

Community Support

 • 

195.2K Messages

Il y a 3 y

Hi @jrf1213!

Thank you for reaching back to us here, we're here to help! Are you getting any error message? Have you check your setting to make sure everything is good. To get  access to all the other ports on your modem you would nee to set your modem to pass through mode. You can view this solution on How to put a Router in bridge mode.

You can also view great article on Port Forwarding and let us know if this helps!

Yetty, AT&T Community Specialist

 

Mentor

 • 

36 Messages

Il y a 3 y

@jrf1213Yes, you will want to put it on a different subnet.  I had U-Verse for a long time and always ran my LAN on a different subnet, generally 192.168.2.x.  Connect LAN side of the gateway to your router's WAN port, and then set IP Passthrough or DMZ+ to point to it. 

I had no issues with IP Passthrough on the BGW210, and eventually got IPv6 working as well.  The only problem is that the gateway wouldn't delegate a prefix bigger than a /64 so I could only have one IPv6 subnet.  As far as IPv4 went, I had no problems there and the 210 would pass through the WAN IP to the pfSense box once the IP Passthrough was set up. 

I believe pfSense defaults to "allow nothing" either direction through the firewall.  Have you configured rules to allow LAN traffic to the WAN?  Otherwise, nothing will be able to connect out.

 

As a postscript to all this, I canceled my AT&T service a couple months ago and switched to cable.  I did cite how lousy the RG's were as part of the reason for canceling.  It is nice being able to get a proper "bridge mode" connection without having to jump through hoops.

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.