cpsavage's profile

Contributor

 • 

1 Message

Thursday, October 17th, 2013 4:24 AM

Setup Static IP's Router behind RG 5031NV

I am trying to move from TWC to AT&T and need to have static IP's. I have a block of 5 usable and have been working with AT&T Level 2 support to try and get them working. They cannot figure this out. I would prefer to setup bridge mode in the device and let my firewall do all the routing and protection. This is my current setup. I have tried a few different things since the AT&T Level 2 guys can't figure it out. I've read that this model does not do bridging well, if at all. I've tried the DMZ route and that assigned a completely different public IP to my device than what I was given. How do I configure this device to work the way I need it to? If I can't get this to work, I'm going to seriously cancel the service. I'm on day 5 of trying to get this working. 

 

Any help is greatly appreciated. 

 

 

Accepted Solution

Official Solution

Teacher

 • 

5 Messages

10 years ago

 

Got it working.  Others probably already know this but there is a key assumption in "Cascaded Router" mode that I was missing.  You have to make the WAN port on your internal router contain an IP address from the private range given by the 5031NV RG. 

 

If my public block was 1.2.3.8-15 (.9 - .13 useable) then I would do the following:

 

Check the "Enable Cascaded Router" box in the Broadband link screen

Network Address = 1.2.3.8

Subnet mask = 255.255.255.248

 

Router Address = 192.168.1.14 (pick an IP address from the private static range below 192.168.1.33)

 

On your inside router:

WAN port set to static IP 192.168.1.14

Gateway = 192.168.1.254

Subnet mask = 255.255.255.0

 

 

 

Once this is all set up. The Public Static IP addresses (1.2.3.9-13 in this example) will come through the WAN port on your router without any interference from the 5031NV RG.  With my ZyWALL 50 these addresses can be subject to virtual server mapping or "many 1:1 NET" from WAN to DMZ without any trouble.  It's confusing to have your WAN port be set to a private IP address while sending the public IPs through but it works fine on my router.

 

Expert

 • 

9.4K Messages

10 years ago

Do you need the static IPs to work on the subnet that's directly connected to the 5031NV, or do you need them to work behind your own router, which itself will be connected to the 5031NV?

Also, what router are you working with?

Mentor

 • 

76 Messages

10 years ago

If you want to use a static IP block, you should be configuring it in Settings > Broadband > Link Configuration > Supplementary Network > Add Additional Network. A recent update added a "Cascaded Router" feature to that screen, but I don't know if that applies to your case.

I don't know the 5031NV, but most RGs need each static IP to be associated with a different MAC address. Can your firewall supply multiple unique MAC addresses?

Community Support

 • 

1.7K Messages

10 years ago

Hi cpsavage,

 

Just wanted to check in with you to see if you were ever able to get your issue resolved. There are different setups to produce the desired result, based off the modem you have. With the static IPs though, are you even able to browse when having one device directly connected?

 

Let us know how it's going, and if any issues, I am positive this community will be able to help.

 

-David T

Tutor

 • 

6 Messages

10 years ago

I am having similar problems. I have managed to get ssh working, somehow, but https and mail don't work. It would be very nice if there were a step-by-step howto for setting up static IPs on this device.

Tutor

 • 

6 Messages

10 years ago

I'm trying to open up port 1194, UDP for openvpn. I see this in the 5031NV log:

 

INF     2013-10-20T17:51:45-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Session Matches User Pinhole, Packet Passed
INF     2013-10-20T17:51:45-05:00       fw,     src=70.234.208.11 dst=50.201.220.162 ipprot=1 icmp_type=3 icmp_code=3 ICMP Dest Unreachable, session terminated
INF     2013-10-20T17:51:53-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Unknown inbound session stopped

So, the firewall says, "Yes, I recognize this request as a valid user pinhole request, and I'm passing the packet on".

Then it says, "What the heck is this?!? Dropping it on the floor..."

 

I honestly don't know what to make of this. I had Uverse installed last Wednesday (16 Oct. 2013) and am already seriously considering cancelling the service. I called AT&T about this, and got handed off to several different

individuals, none of whom seemed to have any clue what I was trying to tell them. The last person I talked to told me that I was now talking to a "fee-based" tech support team. His English was very difficult to understand, but it

sounded very much like he was reading from a script, and was of no help whatsoever.

 

AT&T used to have awesome customer support. What happened?

 

 

Community Support

 • 

1.7K Messages

10 years ago

Hi building39,

 

Without knowing the entire details of how this connection is operating, what it appears is that there is some kind of acknowledgement/negative acknowledgement request happening. It appears that outside connection is sending the information to your device behind our router, which forwards it with no problems, from there, it sends a request back to that destination IP trying to establish a connection, but it gets an unreachable error, causing the inbound session to completely terminate at that point.

So with that, it appears the forwarding rules are working right, but you may need to add a few more to handle this acknowledgement request, or you may need to look into the rules on the other device to see if it is blocking traffic from your U-verse modem.

 

One thing to try is putting the device in DMZ mode, and seeing if that helps.

To do so, on the Pace 5031

  1. Login to http://192.168.1.254
  2. Click on Settings
  3. Click on Firewall
  4. Click on Applications, Pinholes and DMZ
  5. Select the device you are trying to pass traffic to
  6. Click Allow all applications (DMZ plus mode)
  7. Save

Let me know how it goes.

-David T

ACE - Expert

 • 

34.7K Messages

10 years ago

I'm not sure what to make of the conversation.  As you say, you've got a message incoming from a Comcast served address using UDP which is passed through, but then it (the RG) discovers it doesn't know how to route the packet, so it replies back with that fact (the ICMP message) and closes the connection. 

 

Something is hosed with the routing setup.  Work with @DavidCS, as he can get the proper information for you.

 

I'm assuming that you're dealing with a Static IP block, as that is the title of the thread you've posted in.  Have you been to the Settings/Broadband/Link Configuration page and added the suplementary network?

 

 

 

Contributor

 • 

1 Message

10 years ago

I have an ISA firewall behind my 5031NV. I have assigned all 5 ofv my IP addresses to my ISA Server yet  my 5031NV only recognizes the 1st IP address in the list. I need it to recognize all 5 so that my ISA firewall can handle traffic instead of my modem.

Teacher

 • 

5 Messages

10 years ago

Did you ever find a solution to your problem? I have the same issue (my firewall is a ZyWALL 50). I want all 5 Static IPs to map to 5 servers inside my DMZ subnet. I have only successfully connected the one server that maps to the IP assigned to my router/firewall WAN port.

They sure do a good job of making life miserable with 5031NV RG...
Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.