Securing the network behind uverse gateway bgw210

We'd love to help you secure your network, @jrf1213.

We recommend taking a look at our network security article for some tips and instructions, as well as downloading our Internet Security Suite Powered by McAfee for added security on your network and devices.

If you're tech savvy and want to ensure your network's security from unknown devices, we recommend enabling MAC Address filtering on your network to ensure that no devices other than the ones you've enabled are accessing the network.

We hope this helps!

John, AT&T Community Specialist

@jrf1213 You will need to get your own router and set the 210 for IP Passthrough.  I was able to get advanced firewall features like Geoblocking by using a pfSense box as my router.

@sportsvoice this is ultimately my goal and i have tried this previously with little success. Everytime i would put the pfsense box behind the 210 gateway i was not able to connect to internet on the lan side of PfSense. Does the gateway need to be a different subnet than the pfsense box. For example does the uverse gateway need to be 192.168.1.XXX and pfsense needs to be 192.168.2.XXX?

@jrf1213  I have my ASUS router on a different subnet like your example. You might want to post here. 

https://www.dslreports.com/forum/uverse

At least one person who posts there uses a pfsense box. 

Hi @jrf1213!

Thank you for reaching back to us here, we're here to help! Are you getting any error message? Have you check your setting to make sure everything is good. To get  access to all the other ports on your modem you would nee to set your modem to pass through mode. You can view this solution on How to put a Router in bridge mode.

You can also view great article on Port Forwarding and let us know if this helps!

Yetty, AT&T Community Specialist

@jrf1213Yes, you will want to put it on a different subnet.  I had U-Verse for a long time and always ran my LAN on a different subnet, generally 192.168.2.x.  Connect LAN side of the gateway to your router's WAN port, and then set IP Passthrough or DMZ+ to point to it. 

I had no issues with IP Passthrough on the BGW210, and eventually got IPv6 working as well.  The only problem is that the gateway wouldn't delegate a prefix bigger than a /64 so I could only have one IPv6 subnet.  As far as IPv4 went, I had no problems there and the 210 would pass through the WAN IP to the pfSense box once the IP Passthrough was set up. 

I believe pfSense defaults to "allow nothing" either direction through the firewall.  Have you configured rules to allow LAN traffic to the WAN?  Otherwise, nothing will be able to connect out.

As a postscript to all this, I canceled my AT&T service a couple months ago and switched to cable.  I did cite how lousy the RG's were as part of the reason for canceling.  It is nice being able to get a proper "bridge mode" connection without having to jump through hoops.