Contributor
•
2 Messages
DMZ Mode Impacts Internet Speed
On Pace 5268AC Gateway, I have a Nighthawk router set up as DMZ to essentially put the gateway into bridge mode. After several technical support reps and technicians, it was determined that all of AT&T equipment has firmware that significantly cuts the internet speed to anything in DMZ mode (I get 120mb down and up, but the DMZ router only gets about 40 down while the up stays at 100+). However, today it seems this has changed and now the DMZ router gets ZERO internet. Can AT&T please update the firmware to allow full speed to the DMZ router or any speed at all for that matter?!
Accepted Solution
Official Solution
ATTHelp
Community Support
•
231.4K Messages
5 years ago
We're here to help, @razorbacksfan07.
We are aware of the firmware issue with the Pace 5268AC that causes a speed cap when using DMZ+ on a 3rd party router. Thanks to our community here on the forums, we were able to identify this workaround, which should fix the speed problem.
Let us know if this helps.
John, AT&T Community Specialist
0
tonydi
ACE - Guru
•
9.9K Messages
5 years ago
What's the firmware date on the Pace?
There are a few threads starting in other Internet forums that suggest that AT&T just pushed new firmware to the Pace that, ONCE AGAIN, broke the DMZ+ mode.
Sigh....
0
0
pappydawg
Tutor
•
6 Messages
5 years ago
I'm not OP, but I can verify that 11.3.1.532191-att doesn't slow internet access, it completely severs IPv4 connectivity for DMZPlus mode. IPv6 works perfectly fine. I did numerous packet captures and tried whatever I could to get v4 working again, you can see the traffic go out but literally nothing comes back, ever, at all. It's just SYN, SYN, SYN going out while your devices desperately try to establish connections. ICMP _does_ work.
Ultimately, I just flipped the garbage 5268AC out of DMZPlus and had to make a few specific firewall rules, but IPsec VPNs can _not_ function behind the device in any mode except DMZPlus, so I've lost that connectivity for now (IPsec/L2TP from my phone and laptop back to home systems). I have the appropriate firewall rules added for AH/ESP, UDP 500 & 4500... that was a known issue for me anyhow and is consistent with previous firmware versions, they all break inbound IPsec in any mode that isn't DMZPlus.
0
0
razorbacksfan07
Contributor
•
2 Messages
5 years ago
AT&T's response above seems to work thus far, resulting in open NAT for gaming on multiple consoles through settings on my personal router.
0
0
an39511
Tutor
•
2 Messages
5 years ago
This setting fixes the problem but breaks the Pace 5268AC's VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?
0
an39511
Tutor
•
2 Messages
5 years ago
This setting fixes the problem of the firewall but breaks the Pace 5268AC's VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?
0
h50
Tutor
•
4 Messages
5 years ago
I'm on 11.3 and I can't use DMZ+ at all. No IPv4. Also, the pace doesn't properly hand off the /60 IPv6 so I can't distribute IPv6 addresses. I just asked for a new router, and i specifically requested the Arris. I'm sure they'll send me another Pace.
0
0
tonydi
ACE - Guru
•
9.9K Messages
5 years ago
Maybe not. We've had two reports in the forum over the last week where they were shipped the Arris so maybe AT&T finally got enough inventory. Of course the BGW will currently accept a third party router (using IP Passthrough) so that's a plus but it still isn't all that. And of course with the crack AT&T firmware team lurking, who knows what disaster they'll bring next.
0
pappydawg
Tutor
•
6 Messages
5 years ago
@h50 yup, it's been nearly 2 months since I made my post up there and DMZPlus remains 100% broken if you're on the 11.3 firmware. It's really just shockingly bad that A) they rolled out a broken firmware when less than 10 minutes of testing would have found that it completely kills connectivity for anyone in DMZPlus mode and B) two months later they're _still_ on that broken version and still pushing it out to other people.
Creating the NAT pinholes with the wide port range is a hack but not a fix, you still encounter strange gotchas when not in a true bridged/DMZPlus mode.
0
0
lozersk8er
Contributor
•
1 Message
5 years ago
Same issue for VOIP calls had to put phone on different port on the modem to get voice calls working correct. And move from behind my FW.
0
0