Tutor
•
3 Messages
How to run Pace 5268AC in simple bridge mode?
I just had an AT&T fiber system installed, and I'm really not a fan of the modem/router box that was given to me. With all the other boxes I've had, I've been able to turn them into a simple pass-through and get a WAN address on my PFSense box, which handles the majority of my network service needs (NAT, port forwarding, DHCP, DNS, firewall, monitoring). I need to be able to set up the same thing with this new hardware. Is it possible to set the AT&T box into a simple bridge mode and for my PFSense box to get an external IP on it's WAN port? I've heard DMZ+ mode may be what I'm looking for, but I would much rather not use that if I don't have to. If that's my only option, could someone explain to me the difference between a "bridge" mode, and DMZ+?
Thank you.
Accepted Solution
Official Solution
JefferMC
ACE - Expert
•
35.2K Messages
6 years ago
There is NO BRIDGE MODE available in the 5268ac, or any other AT&T Gateway for Fiber or VDSL2/ADSL2+ service. (Yes, the DSL modems do.have bridge mode).
DMZplus is as close as you can get with a 5268ac.
0
Accepted Solution
JefferMC
ACE - Expert
•
35.2K Messages
7 years ago
In DMZplus mode, the gateway still looks at all the packets coming in to decide what to do with them (whereas in bridge mode, it just forwards everything). Unsolicited traffic that is not filtered (per any filtering rules) is forwarded to the DMZplus device, where VOIP/IPTV traffic, or any traffic that matches an established NAT connection, is processed or forwarded based on the NAT table. When the DMZplus device requests an IP address via DHCP, it is given the public IP address from the external interface of the Gateway.
Thus DMZplus mode operates pretty much like bridge WRT the device designated in DMZplus mode, but does have additional overhead, and can still handle other directly connected devices.
0
juparker
Tutor
•
3 Messages
7 years ago
.
0
0
gunnarniels
Tutor
•
3 Messages
7 years ago
Thanks JefferMC, exactly the explanation I was looking for. I will try to setup DMZ+ and report back.
Just to be clear...this device does *not* support any pure bridge mode; DMZ+ is the only option?
0
JefferMC
ACE - Expert
•
35.2K Messages
7 years ago
Yes, because this device is positioned as a multi-service gateway, the custom AT&T firmware does not have a bridge mode.
0
gunnarniels
Tutor
•
3 Messages
7 years ago
So another question: I want to make my PFSense box the authoritative machine offering network services. In particular, DHCP and DNS. Should I disable these on the at&t box, which would make the pfsense box the sole DHCP server on the lan?
0
0
JefferMC
ACE - Expert
•
35.2K Messages
7 years ago
You cannot turn off DHCP or DNS on the Gateway. However, if you disable WiFi on the Gateway, and hook all your devices to your PF Sense, then it will be the only DHCP server that any of your clients see (as the PF Sense should not pass the requests through). The PF Sense will be told to use the Gateway as its DNS Resolver during its DHCP negotiation with the Gateway, but you can override that if you wish (you can also lock the public IP address in as a static if you wish to prevent any temporary disconnects from a DHCP renewal failure), and it will likely default to handing out its own IP as the DNS server address.
0
jcagpn
Teacher
•
17 Messages
6 years ago
Your response was extremely helpful. I have one further complication in that I have/use additional 8 IP's, and one of them I use all the time. If I place the Pace in DMZPlus mode how can I be assured that all ports on my 'additional' IP's, or as they call it (User Defined Supplemental Networks) will get forwarded. I, too, want to manage everything at my ASUS RT-AC66U.
0
0
JefferMC
ACE - Expert
•
35.2K Messages
6 years ago
So you've purchased a public static /29 IP block from AT&T and have it configured as a Supplemental Network. The default DMZplus configuration would not cause that the be routed to your DMZplus device, as DMZPlus is really only intended for traffic on the public "dynamic" address. The Cascaded Router feature is intended to allow you to define a router. I do not run this configuration myself, so I don't have concrete guidance here. Another poster was having difficulty with Cascaded Router and switched to Supplemental Networks (without the router) and was happy. Normally I would say turn off Supplemental Networks and turn on Cascaded Router in its place. If that doesn't work for you, try turning them both on, I guess. Post back here and let us know how it turns out.
0
0
jcagpn
Teacher
•
17 Messages
6 years ago
0
0