Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Need help with your equipment?
frostcall's profile

Teacher

 • 

3 Messages

Friday, August 23rd, 2013 10:06 PM

How do I put my NVG589 in bridge mode?

Overview

Most people don't need advanced features that personally owned routers offer and will be just fine using the NVG589 and turning off their personally owned router.  But if you're like me (and I know I am!) then you are probably reading this thread because you have ip cameras, personal clouds, photo servers, guest wifi, VPN's, xbox, QOS settings, et al.  I have an ASUS RT-N66U , a VIP2250, and a wireless reciever with a WAP; but your settings should be similar. 

 

The NVG589 does not have a simple 'Bridge mode' setting so you will need to get into weeds to get this working.  I hope you're ready.

 

First Steps

Make sure you have a laptop or a computer that you can connect directly into the NVG589.

Unplug all ethernet cables from the NVG589 except for the one going into the aforementioned laptop.

Write down the MAC address of your personal router (the WAN MAC address if you see different ones for LAN and WAN)

 

Settings on the NVG589

  • Login to your NVG589 by going to 192.168.1.254
  • Go to 'Home Network' then 'Subnets & DHCP'.  Your password is on the side of the modem.
  • If your 'Device IPv4 Address' is the same subnet as your local router, I suggest changing it.  I changed mine to 192.169.2.254 but you can stick with whatever you like / need.  My subnet Mask remains at 255.255.255.0
  • Change 'DHCPv4 Start Address' to 192.169.2.1 (or whatever your above Device IPv4 address is but with a 1 at the end instead of .254)
  • Change 'DHCPv4 End Address' to 192.169.2.5, Just a few more than the Start Address.  We need these for any WAP extenders for wifi TV's.  It's important that you only have the laptop plugged into the ethernet at this point.
  • Click 'SAVE' at the bottom.
  • Go to 'Home Network'  then 'Wireless' and turn wireless off.  You want to use the wifi on your own router right?
  • Go to 'Firewall' then ' 'Packet Filter'.  Disable Packet Filters.  Again, we want our router to do the work.
  • Make sure you don't have any of your own settings turned on in 'NAT/Gaming' (don't worry if you see 1 in there already that you can't delete).
  • Go to 'Firewall' then 'IP Passthrough'.  For 'Default Server Internal Address', select or type in 192.169.2.1.
  • For 'Allocation Mode' select 'Passthrough' (I had to do it in this reverse order to be able to type for some reason)
  • For 'Passthrough Mode', select 'DHCPS-Fixed'
  • Type in the MAC address for your router under 'Manual Entry', lowercase is fine.
  • Click SAVE.  It will tell you that it needs to reboot.  Hang on for a minute.
  • Go to 'Firewall Advanced' at the top and turn everything OFF.
  • Near the top of your screen, you should see an option telling you to reboot the router. Go ahead and do this now. It takes about 2 minutes.

Personal Router Settings.

 

  • Unplug your laptop and plug in your personal router while the NVG589 reboots.  
  • Plug your laptop into your personal router and login to it.  For me, it was 192.168.1.1 (hence why I changed things above)
  • For the ASUS RT-N66U, I had to go to my WAN settings, then 'Internet Connection'.
  • Change 'WAN Connection Type' to 'Automatic IP'.  This will give your personal router the external IP of the NVG589 and is the key to making this whole thing work. Some folks will have to manually enter in an IP and this can be found under the 'Broadband - Status' section of the NVG589 settings.  If you don't have 'automatic IP' then I feel bad for you since you will have to manually change this every time your IP changes.
  • 'Enable WAN', 'Enable NAT' and 'Enable UPnP' is all set to YES for me.  
  • I recomend Setting your own DNS server.  I use Google's but you use whatever you like.  Google's is 8.8.8.8 and 8.8.4.4
  • 'Account Setting - Authentication' is 'None'.
  • There are no Special requirements from ISP at the bottom.
  • Hit APPLY at the bottom and your router will reboot.

I also changed settings in my IPTV under LAN:

  • Profile was None.
  • Choose IPTV STB port, I set to LAN3 & LAN4.  I plugged my U-Verse WAP for the wireless reciver into the NVG589 and I plugged the ethernet cable going to the VIP2250 into LAN3 on my personal router.  I'm really not sure if this was necessary but I'm having 0 issues with this setup.  I initially tried putting the WAP on my personal router but had issues so I stuck it back on the NVG589 and it's fine.  I could probably just plug the VIP2250 into the NVG589 as well but I'm just enjoying the small victory of using my personal router for now.  
  • Hit apply at the bottom, another possible reboot.

At this point, I checked the internet and everything was working great through the router.  I restarted by 2 TV boxes (the VIP and the wifi ones).  Everything is peachy.

 

Your mileage may vary.  Good luck.

 

 

 

 EDIT to update WAP configuration. 

 

Mentor

 • 

51 Messages

10 years ago

 Did you use Passthrough Mode, select DHCPS-Fixed?

 

I know it sounds obvious, but did you save your settings? Did you use your personal router MAC address in the NVG589?  Disable NVG wireless, turn off the firewall, etc? For the MAC address, I only had the PC connected and the NVG589 saw it.

 

You can leave the NVG IP adress the default if that's easier for you.  Just make sure the router is set to 192.168.2.1 for example.

 

I just turned 59 yesterday and am female. So if I can do it, you can too! Woman Very Happy

 

I took my time, printed out the instuctions and it worked the first time I thought. My personal router was not seeing my public WAN IP and was double routing (double NAT). If your personal router is showing 192.168.X.X it's probably doing double NAT.  Not a good thing. Since I also wanted to limit the number of DHCP addresses used I started over.  My router then had the public WAN IP set correctly. 104.0.8.2XX  As you can see, that address is different and is what is displayed on the Internet. The public WAN IP is assigned from Uverse and generally speaking cannot be changed.  Only a Uverse tech will cause it to change when moving your connection to another card for example.  

 

Sometimes is helps to see the steps short and sweet. http://www.dslreports.com/faq/17734

Contributor

 • 

1 Message

10 years ago

Hi guys,

 

I did all of the above but I have a slightly different setup.  My time capsule is not not directly plugged into the ATT modem.  But it is plugged into a Netgear 5 Port Switch with the Uverse box and then into the wall of my living room which routes back to the ATT modem.

 

So I was not able to connect the Time Capsule and ensure the 192.168.10.1 IP address.  So when I set the default internal server it is selecting 107.128.xxx.x which is my external IP address.  

 

This is okay and all works fine except every 24 hours or so the Time Capsule just loses it's network settings and I have to reboot it.  Then all is well for another 24 hours so I suspect a DHCP release problem and that I may need a fixed IP.  Any help appreciated.

 

Thanks

Antony

Mentor

 • 

15 Messages

10 years ago

Probably stupid questions, but here goes:

 

1.  Does this process involve connecting a cable between the NVG589 and the personal router at all even when it's completed?

 

2.  When I'm done with the set-up, can I plug my LAN devices into the ASUS, the NVG589 or could I use both?  

 

3.  Should I reset the NVG589's subnet before even turning the ASUS on because isn't it possible they would conflict right off the bat?

 

4.   The Default Server Internal Address for the NVG589 is grayed out unless you switch to Default Mode for allocation.  I assume it's okay to temporarily do that, save, type in address and then switch back to Passthrough for allocation mode?

 

5.  Is the WAN address for the Asus its LAN MAC Address/Wireles 2.4GHz MAC address?

 

6.  Where do I change the Internet connection type to DHCP on the ASUS?  The LAN tab has a DHCP Server tab which reads "Enable the DHCP Server" which is "on" by default.

 

TIA.

Mentor

 • 

29 Messages

10 years ago

Important fix to frostcall's original post

 

This is a convoluted bridged mode workaround for the NVG589 and I hope AT&T fixes this with a firmware update.  I thought the "Power" tier was supposed to be an upgrade, but this NVG589 firmware is a major downgrade for users with 2nd routers, IP cameras, home automation systems, etc.

 

I couldn't reach the broadband public IP via dynamic DNS services for my security cameras until I made the following fix to the original instructions:

 


 

Personal router settings:

 

Instead of using Automatic IP (DHCP) for your personal router WAN type, give it a static private IP on the same subnet as the NVG589.  For example assign the following:

 

IP: 192.168.2.253

Subnet mask: 255.255.255.0

Default gateway: 192.168.2.254

Primary DNS server: 192.168.2.254

 

Settings on the NVG589:

 

Instead of DHCPS-fixed, select Default Server.

 

After selecting Default Server, you should see 192.168.2.253 filled in automatically in the Default Server Internal Address box.  This also sets the passthrough mode to DHCPS-fixed.  Restart the NVG589.

 



A huge problem remains, the lack of support for NAT loopback.

 

Has anyone figured out a workaround for this?  For example if your security cameras are using a dynamic DNS service to access the cameras from outside home, with port forwarding to route to the correct camera, this won't work while your viewing laptop is connected to the LAN.  In order to access the cameras, the address has to be changed back & forth from the friendly DNS name to the numeric IP address, depending whether you're on the public ISP or local home network.

 

Did AT&T even bother to test the NVG589 with people with 2nd routers and security cameras, home automation, etc. before such a widespread deployment? 

 

If AT&T is reading this, please fix the design flaws in the NVG589 firmware!

Voyager

 • 

1 Message

10 years ago

No matter what I try, I cannot change the subnet / netmask / DHCP range for the NVG589.

 

 

This is very frustrating....   Why can I at least not disable DHCP?     AT&T is crazy annoying with wanting to take over MY internal network settings so I can run on THEIR EXTERNAL network.

 

I've about had it with this and am extremely close to calling TWC up for an install...

 

The error I get on any network config I use is:

 

Address must be on network (192.169.2.0)

 

I get it no matter what I try...

 

I've tried the following:

 

device IPv4 address: 172.21.0.1
DHCPv4 start IP address: 172.21.0.7
DHCPv4 end IP address: 172.21.0.14
Subnet mask: 255.255.255.240

 

device IPv4 address: 10.0.0.1
DHCPv4 start IP address: 10.0.0.2
DHCPv4 end IP address: 10.0.0.5
Subnet mask: 255.255.255.240

 

device IPv4 address: 192.168.2.254
DHCPv4 start IP address: 192.168.2.1
DHCPv4 end IP address: 192.168.2.5
Subnet mask: 255.255.255.240

 

device IPv4 address: 192.169.2.254
DHCPv4 start IP address: 192.169.2.1
DHCPv4 end IP address:  192.169.2.5
Subnet mask: 255.255.255.0

 

(I've tried a subnet mask of 255.255.255.0 as well with all configs and increased the DHCP range.

 

Am I doing something wrong that I'm missing or did  AT&T disable this on my firmware?

 

Here's my sysinfo

 

System Information
Manufacturer Motorola
Model Number NVG589
Serial Number 66206465812288
Software Version 9.1.0h12d19
MAC Address xxxxxxxxx
First Use Date 2014/03/31 20:00:26
Time Since Last Reboot 02:04:51:36
Current Date/Time 2014-06-23T17:45:31Z
Datapump Version A2pv6F038k1.d24h
Legal Disclaimer xxxxx

Mentor

 • 

29 Messages

10 years ago

Since my previous post, I experimented with several different routers.  Some of them work with frostcall's settings (for example Linksys WRT1900AC), others will not work with those settings (for example D-Link DIR-868L) and require my settings instead to route traffic normally.

 

Therefore it appears that the peculiar pseudo-bridged mode on this NVG589 is implemented in some nonstandard way that behaves differently with different routers.  Try both, see which one works for yours.

Mentor

 • 

29 Messages

10 years ago

For the "standard" passthrough setting that works with the Linksys WRT1900AC, I noticed that the DNS is very slow (web pages slow to lookup initially).  When the Linksys fetches its DHCP setting, the primary DNS server is assigned to point to the NVG589 (192.168.2.254).

 

In order to assign my own direct DNS servers, I wrote down all the assigned WAN settings in my Linksys status screen, and then set the Linksys Internet connection to Static using these settings.  I entered my own preferred DNS servers, for example Google DNS 8.8.8.8 and 8.8.4.4.  I changed the firewall passthrough setting on the NVG589 to Manual

 

One step further, I used a free utility called namebench to find the fastest DNS servers, and it found the fastest AT&T DNS servers, so I used those.  Now my browsing tests on the Linksys WRT1900AC are much faster.

Tutor

 • 

4 Messages

10 years ago

I was able to get things working, but like a few others, I'm unable to open any ports to the outside world.  My port forwarding rules are being defined by my router, which is behind the NVG589.  Everything is routed correctly inside my LAN, and I have internet access.

 

Ideally I'd like all ports to be open through the NGV589 to my router and use my router to forward and block.  'm thinking there's an issue with the two routers being on different subnets (192.168.1.* and 192.168.2.*).

 

Has anyone had any luck with this?

ACE - Expert

 • 

35.5K Messages

10 years ago

If you're using your router as a router behind the RG, then you want it to have a different subnet on its LAN side from the RG's subnet.

If you're putting the NVG 589 in IP Passthrough mode, then all Internet traffic to your public address should flow through to your router, and you should set up your port mapping there.

What are you trying to do and how do you test it to know it's not working?

 

Tutor

 • 

4 Messages

10 years ago

Basically, I'm trying to use the NVG589 as a modem only, and handle all my routing with my Linksys router.  The only exception is that I understand my two TV boxes (one wireless) must be connected to the NVG589.

 

Currently I have the NVG589 set as 192.168.2.254 with DHCPv4 192.168.2.1-192.168.2.5 and subnet mask 255.255.255.0.  My Linksys router is set as 192.168.1.1 with subnet mask 255.255.255.0, gateway 0.0.0.0, local DNS 0.0.0.0.  (Note that I've also tried with gateway 192.168.2.254 with the same results)  All port forwarding rules are specified on my Linksys router, and I've disabled all packet filtering and advanced firewall rules on the NVG589.

 

TVs appear to be working fine, and the internet works.  Within the LAN, I can specify my external ip address and port number (i.e. ***.***.**.***:1234) and reach the service running on my server.  If I try to do the same from outside my LAN, I can't see the service.  I've also tested with canyouseeme.org, which also says my port appears closed.

 

Hopefully this makes sense, and thanks in advance for any help.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.