07-17-2019 9:01 PM
On Pace 5268AC Gateway, I have a Nighthawk router set up as DMZ to essentially put the gateway into bridge mode. After several technical support reps and technicians, it was determined that all of AT&T equipment has firmware that significantly cuts the internet speed to anything in DMZ mode (I get 120mb down and up, but the DMZ router only gets about 40 down while the up stays at 100+). However, today it seems this has changed and now the DMZ router gets ZERO internet. Can AT&T please update the firmware to allow full speed to the DMZ router or any speed at all for that matter?!
Solved by: Go to Solution.
07-19-2019 6:12 AM
We're here to help, @razorbacksfan07.
We are aware of the firmware issue with the Pace 5268AC that causes a speed cap when using DMZ+ on a 3rd party router. Thanks to our community here on the forums, we were able to identify this workaround, which should fix the speed problem.
Let us know if this helps.
John, AT&T Community Specialist
07-19-2019 1:57 PM
What's the firmware date on the Pace?
There are a few threads starting in other Internet forums that suggest that AT&T just pushed new firmware to the Pace that, ONCE AGAIN, broke the DMZ+ mode.
07-19-2019 2:31 PM
I'm not OP, but I can verify that 188.8.131.522191-att doesn't slow internet access, it completely severs IPv4 connectivity for DMZPlus mode. IPv6 works perfectly fine. I did numerous packet captures and tried whatever I could to get v4 working again, you can see the traffic go out but literally nothing comes back, ever, at all. It's just SYN, SYN, SYN going out while your devices desperately try to establish connections. ICMP _does_ work.
Ultimately, I just flipped the garbage 5268AC out of DMZPlus and had to make a few specific firewall rules, but IPsec VPNs can _not_ function behind the device in any mode except DMZPlus, so I've lost that connectivity for now (IPsec/L2TP from my phone and laptop back to home systems). I have the appropriate firewall rules added for AH/ESP, UDP 500 & 4500... that was a known issue for me anyhow and is consistent with previous firmware versions, they all break inbound IPsec in any mode that isn't DMZPlus.
- edited 07-25-2019 9:06 AM
AT&T's response above seems to work thus far, resulting in open NAT for gaming on multiple consoles through settings on my personal router.
07-31-2019 1:24 PM
This setting fixes the problem but breaks the Pace 5268AC's VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?
07-31-2019 1:27 PM
This setting fixes the problem of the firewall but breaks the Pace 5268AC's VOIP for outbound calls. Can call out but the called party cannot hear me. Inbound calls work normally. Is there a fix for this?
09-09-2019 5:54 PM
I'm on 11.3 and I can't use DMZ+ at all. No IPv4. Also, the pace doesn't properly hand off the /60 IPv6 so I can't distribute IPv6 addresses. I just asked for a new router, and i specifically requested the Arris. I'm sure they'll send me another Pace.
09-09-2019 6:04 PM
Maybe not. We've had two reports in the forum over the last week where they were shipped the Arris so maybe AT&T finally got enough inventory. Of course the BGW will currently accept a third party router (using IP Passthrough) so that's a plus but it still isn't all that. And of course with the crack AT&T firmware team lurking, who knows what disaster they'll bring next.
- edited 09-10-2019 8:23 AM
@h50 yup, it's been nearly 2 months since I made my post up there and DMZPlus remains 100% broken if you're on the 11.3 firmware. It's really just shockingly bad that A) they rolled out a broken firmware when less than 10 minutes of testing would have found that it completely kills connectivity for anyone in DMZPlus mode and B) two months later they're _still_ on that broken version and still pushing it out to other people.
Creating the NAT pinholes with the wide port range is a hack but not a fix, you still encounter strange gotchas when not in a true bridged/DMZPlus mode.
09-10-2019 8:50 AM
Same issue for VOIP calls had to put phone on different port on the modem to get voice calls working correct. And move from behind my FW.
09-10-2019 7:37 PM
LOL. They sent me another pace. Sigh. I give up. I'm going with the pinhole solution, but I have a feeling it's adding latency and the aesthetics are terrible.