Setup Static IP's Router behind RG 5031NV

Got it working.  Others probably already know this but there is a key assumption in "Cascaded Router" mode that I was missing.  You have to make the WAN port on your internal router contain an IP address from the private range given by the 5031NV RG. 

If my public block was 1.2.3.8-15 (.9 - .13 useable) then I would do the following:

Check the "Enable Cascaded Router" box in the Broadband link screen

Network Address = 1.2.3.8

Subnet mask = 255.255.255.248

Router Address = 192.168.1.14 (pick an IP address from the private static range below 192.168.1.33)

On your inside router:

WAN port set to static IP 192.168.1.14

Gateway = 192.168.1.254

Subnet mask = 255.255.255.0

Once this is all set up. The Public Static IP addresses (1.2.3.9-13 in this example) will come through the WAN port on your router without any interference from the 5031NV RG.  With my ZyWALL 50 these addresses can be subject to virtual server mapping or "many 1:1 NET" from WAN to DMZ without any trouble.  It's confusing to have your WAN port be set to a private IP address while sending the public IPs through but it works fine on my router.

Hi cpsavage,

Just wanted to check in with you to see if you were ever able to get your issue resolved. There are different setups to produce the desired result, based off the modem you have. With the static IPs though, are you even able to browse when having one device directly connected?

Let us know how it's going, and if any issues, I am positive this community will be able to help.

-David T

I am having similar problems. I have managed to get ssh working, somehow, but https and mail don't work. It would be very nice if there were a step-by-step howto for setting up static IPs on this device.

I'm trying to open up port 1194, UDP for openvpn. I see this in the 5031NV log:

INF     2013-10-20T17:51:45-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Session Matches User Pinhole, Packet Passed
INF     2013-10-20T17:51:45-05:00       fw,     src=70.234.208.11 dst=50.201.220.162 ipprot=1 icmp_type=3 icmp_code=3 ICMP Dest Unreachable, session terminated
INF     2013-10-20T17:51:53-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Unknown inbound session stopped

So, the firewall says, "Yes, I recognize this request as a valid user pinhole request, and I'm passing the packet on".

Then it says, "What the heck is this?!? Dropping it on the floor..."

I honestly don't know what to make of this. I had Uverse installed last Wednesday (16 Oct. 2013) and am already seriously considering cancelling the service. I called AT&T about this, and got handed off to several different

individuals, none of whom seemed to have any clue what I was trying to tell them. The last person I talked to told me that I was now talking to a "fee-based" tech support team. His English was very difficult to understand, but it

sounded very much like he was reading from a script, and was of no help whatsoever.

AT&T used to have awesome customer support. What happened?

Hi building39,

Without knowing the entire details of how this connection is operating, what it appears is that there is some kind of acknowledgement/negative acknowledgement request happening. It appears that outside connection is sending the information to your device behind our router, which forwards it with no problems, from there, it sends a request back to that destination IP trying to establish a connection, but it gets an unreachable error, causing the inbound session to completely terminate at that point.

So with that, it appears the forwarding rules are working right, but you may need to add a few more to handle this acknowledgement request, or you may need to look into the rules on the other device to see if it is blocking traffic from your U-verse modem.

One thing to try is putting the device in DMZ mode, and seeing if that helps.

To do so, on the Pace 5031

1. Login to http://192.168.1.254
2. Click on Settings
3. Click on Firewall
4. Click on Applications, Pinholes and DMZ
5. Select the device you are trying to pass traffic to
6. Click Allow all applications (DMZ plus mode)
7. Save

Let me know how it goes.

-David T

I'm not sure what to make of the conversation.  As you say, you've got a message incoming from a Comcast served address using UDP which is passed through, but then it (the RG) discovers it doesn't know how to route the packet, so it replies back with that fact (the ICMP message) and closes the connection. 

Something is hosed with the routing setup.  Work with @DavidCS, as he can get the proper information for you.

I'm assuming that you're dealing with a Static IP block, as that is the title of the thread you've posted in.  Have you been to the Settings/Broadband/Link Configuration page and added the suplementary network?

I have an ISA firewall behind my 5031NV. I have assigned all 5 ofv my IP addresses to my ISA Server yet  my 5031NV only recognizes the 1st IP address in the list. I need it to recognize all 5 so that my ISA firewall can handle traffic instead of my modem.