Explore & discover

Helpful Links

Strict NAT? Bridge Mode? What is IP Passthrough? Can I enable on my Arris BGW210 or like router?

Community Support

Strict NAT? Bridge Mode? What is IP Passthrough? Can I enable on my Arris BGW210 or like router?

BGW210backColor.pngBGW210frontColor.png

 

The Arris BGW210-700 is an advanced residential gateway that supports VoIP, IPv6, video delivery, security firewall, and extensive remote management features. 

 

The BGW210-700 Broadband Gateway delivers robust video, primary line telephony, and high-speed data over broadband networks via high-speed Internet connectivity.

 

The four Gigabit Ethernet ports can be separated into different services allowing the configuration of dedicated ports for data. It is designed for advanced DSL network service deployments and supports Quality of Service (QoS) and IP Passthrough.

 

Determining the Business Need

Business customers sometimes state that they need DSL/Broadband CPE that can be configure or placed into a Bridged Mode where they are putting other CPE behind the DSL/Broadband CPE. Many times, these customers can be better served with a configuration known as IP Passthrough. The below information explains the difference between IP Passthrough vs Bridged mode and provides instructions on how to configure the Arris BGW210-700 Internet Gateway for IP Passthrough.

 

IP Passthrough means the AT&T supported CPE device terminates the DSL, authenticates with the network (Receives a WAN IP) and shares that IP address with a single device connected to the AT&T supported CPE equipment. This configuration is often times suitable for a business customer desiring to connect third party equipment to AT&T supported equipment. The IP Passthrough configuration still allows AT&T support groups to access the AT&T supported equipment while allowing end-users to connect third party equipment in a configuration they desire. The IP Passthrough configuration will only allow one connection to AT&T supported equipment to be "unfiltered" or pingable from the WAN or internet side of the AT&T equipment (does not support multiple pingable connections).

 

The IP Passthrough feature allows a single PC on the LAN to have the AT&T Gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet.

Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.

 

Note: Remember to make a copy of all current IP settings before proceeding.

 

Configuring IP Passthrough:BGW_IP_Passthrough_Screen.jpg

Run your Web browser application, such as Firefox and Chrome, from the computer connected to the Arris BGW210-700.

 

 

  • Click the IP Passthrough tab and configure your settings.

 

 

Dynamic host configuration protocol (DHCP) address serving can automatically serve the WAN IP address to a LAN computer.

 

When DHCP is used for addressing the designated IP Passthrough computer, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single servable address subnet, and reserve the address for the configured PC's MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.

IP Passthrough Mode.jpg

 

  • The two DHCP modes assign the needed WAN IP information to the client automatically.
    • You can select the MAC address of the computer you want to be the IP Passthrough client with fixed mode or with first-come-first-served dynamic. The first client to renew its address will be assigned the WAN IP.

 

  • Manual mode is like statically configuring your connected computer. With Manual mode, you configure the TCP/IP Properties of the LAN client computer you want to be the IP Passthrough client. You then manually enter the WAN IP address, gateway address, and so on that matches the WAN IP address information of your AT&T device. This mode works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still able to access the AT&T BGW210 device and other LAN clients on the 192.168.1.x network.

 

  • DHCP Lease: By default, the IP Passthrough host's DHCP leases will be shortened to two minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the IP Passthrough host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.

 

  • Click Save. Changes take effect upon restart.

 

Note: IP Passthrough Restriction

Since both the BGW210 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW210. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.

 

If you need further assistance with your IP Passthrough setup and configuration contact ConnecTech Support.

 

Jared, AT&T Community Specialist

 

AT&T Customer Care

Need help with an account specific question?  Post a new question here on the forums by clicking the "Ask a Question" button.
For additional support, please visit us at our AT&T services hub.
Follow us on: Twitter @ATTCares and @DIRECTVService

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
226,551 Views
Message 67 of 162
Tutor

Re: Arris BGW210-700 Passthrough mode

I'll do it as this is ridiculous. 

Message 136 of 162
Teacher

Re: Arris BGW210-700 Passthrough mode

TURN OFF all firewall features on the ATT modem

@dunnjo 

What exactly do you mean by turning off all firewall features?

 

Are you talking about going into the "Firewall Advanced" tab and turning off all the settings there?

 

 

Message 137 of 162
Mentor

Re: Arris BGW210-700 Passthrough mode

Yes. If you already have a router with protection (security) or in my case
a firewall then you honestly don't need the firewall on this modem. Just
use it as a shoe bridge for the public ip pass through & call it a day.
Message 138 of 162
Teacher

Re: Arris BGW210-700 Passthrough mode

Thanks.

 

What firewall do you have?

 

 

Message 139 of 162
Contributor

Setting Arris BGW210-700 Passthrough mode

The settings below worked on a GBW210-700, running Software version 1.8.18. I am using an ASUS router in addition to the AT&T provided GBW210, but these instructions will hopefully be compatible with any other router brand you might have.

 

If not already done, connect the ASUS router to the AT&T router, using one of the available Ethernet ports. Log into the ASUS router, and verify the DHCP settings that the ASUS router is providing. For the purposes of this example, I set the ASUS DHCP table to use 100.10.1.x, so the Gateway IP is 100.10.1.1, and the Subnet is 255.255.255.0. I believe it will work if you accept the default settings that your router generates, but I opted to create my own.

 

Manually reset the AT&T GBW210-700 by pressing the reset button on the back of the device, to clear any prior settings you have made on the device. Once it boots up normally, log into the GBW210-700 on IP address 192.168.1.254.

 

1. Go to Firewall=>Packet Filter.

a. Press “Disable Packet Filters.”

 

2. Go to Firewall=>IP Passthrough

a. Set Allocation Mode to “Passthrough.”

b. Set Passthrough mode to “DHCPS-fixed.”

c. On Passthrough Fixed MAC address, select the IP address/MAC address of your router, so that it populates the Manual Entry field. Also make note of the IP address your secondary router is using.

d. Do not make any changes to Passthrough DHCP lease.

e. Save Changes.

 

3. Go to Firewall=>Firewall Advanced.

a. Change all settings to “no,” then save changes.

 

4. Go to Home Network=>Subnets & DHCP.

a. Set Cascaded Router Enable to “On.”

b. For Cascaded Router Address, type in the IP address the AT&T router assigned to the ASUS router.

c. For Network Address, type in the Gateway address of the ASUS router, but use a “0” instead of a “1” for the final octet. So for this example, I typed in 100.10.1.0.

d. For Subnet Mask, type in the Subnet Mask of the ASUS router (in this example, 255.255.255.0).

e. Save the Changes.

 

5. Go to Device=>Restart Device.

a. Restart the GBW210-700.

 

6. When you can access the ASUS router again, Restart the ASUS router.

 

Some notes:

 

1. I can’t say with certainly that Disabling Packet Filtering and turning off the Firewall Advanced Rules are mandatory, but doing so disables the NAT Default Server on the GBW210, and that was helpful for my purposes.

 

2. It took a bit, but when I checked the status of my ASUS router, it showed that I was getting the AT&T public IP address, instead of a locally assigned IP from the GBW210-700.

a. Not only does my ASUS router show the AT&T public IP address, when I checked my Xbox Live Network status, it reported NAT Status as “open.” Up until I made these changes, it reported the NAT status as “Strict,” and indicated that a “Double NAT” was detected.

 

3. I did not set an IP Address Allocation for the ASUS router. This seems counter-intuitive to me, but based on my previous efforts, I think that setting was actually getting in the way of making this work. Configuring the IP Passthrough options accomplishes the same thing.

 

4. I also disabled the wireless radios on the GBW210-700, via the Home Network=>Wi-Fi=>Advanced Options. If you disable the Packet Filtering and Firewall settings, this becomes mandatory, since you don’t want any of your home network devices using them unprotected.

 

I wish to thank everybody else who chimed in on this thread.  You all provided enough information that I could start experimenting on my own home network setup, until I found a combination of settings that worked!

Message 140 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

These settings worked on a GBW210-700, running Software version 1.8.18.

 

If not already done, connect the 3rd party router to the AT&T router, using one of the available Ethernet ports. Log into the 3rd party router, and verify the DHCP settings that the 3rd party router is providing. For the purposes of this example, I set the DHCP table to use 100.10.1.x, so the Gateway IP is 100.10.1.1, and the Subnet is 255.255.255.0. I believe it will work if you accept the default settings that your router generates, but I opted to create my own.

 

Manually reset the AT&T GBW210-700 by pressing the reset button on the back of the device, to clear any prior settings you have made on the device. Once it boots up normally, log into the GBW210-700 on IP address 192.168.1.254.

 

1. Go to Firewall=>Packet Filter.

a. Press “Disable Packet Filters.”

 

2. Go to Firewall=>IP Passthrough

a. Set Allocation Mode to “Passthrough.”

b. Set Passthrough mode to “DHCPS-fixed.”

c. On Passthrough Fixed MAC address, select the IP address/MAC address of the 3rd party router, so that it populates the Manual Entry field. Also make note of the IP address your secondary router is using.

d. Do not make any changes to Passthrough DHCP lease.

e. Save Changes.

 

3. Go to Firewall=>Firewall Advanced.

a. Change all settings to “no,” then save changes.

 

4. Go to Home Network=>Subnets & DHCP.

a. Set Cascaded Router Enable to “On.”

b. For Cascaded Router Address, type in the IP address the AT&T router assigned to your secondary router.

c. For Network Address, type in the Gateway address of your secondary router, but use a “0” instead of a “1” for the final octet. So for this example, I typed in 100.10.1.0.

d. For Subnet Mask, type in the Subnet Mask of the secondary router (in this example, 255.255.255.0).

e. Save the Changes.

 

5. Go to Device=>Restart Device.

a. Restart the GBW210-700.

 

6. When you can access the 3rd party router again, restart it.

 

Some notes:

 

1. I can’t say with certainly that Disabling Packet Filtering and turning off the Firewall Advanced Rules are mandatory, but doing so disables the NAT Default Server on the GBW210, and that was helpful for my purposes.

 

2. It took a bit, but when I checked the status of my router, it showed that I was getting the AT&T public IP address, instead of a locally assigned IP from the GBW210-700.

a. Not only does my router show the AT&T public IP address, when I checked my Xbox Live Network status, it reported NAT Status as “open.” Up until I made these changes, it reported the NAT status as “Strict,” and indicated that a “Double NAT” was detected.

 

2. I did not set an IP Address Allocation for the 3rd party router. This seems counter-intuitive to me, but based on my previous efforts, I think that setting was actually getting in the way of making this work. Configuring the IP Passthrough options accomplishes the same thing.

 

3. I also disabled the wireless radios on the GBW210-700, via the Home Network=>Wi-Fi=>Advanced Options. If you disable the Packet Filtering and Firewall settings, this becomes mandatory, since you don’t want any of your home network devices using them unprotected.

 

Thanks to everybody else who commented on this thread. The information provided was very helpful in finding the right combination of settings to use for me!

Message 141 of 162
ACE - Expert

Re: Arris BGW210-700 Passthrough mode


@Professor_FERPS wrote:

... For the purposes of this example, I set the DHCP table to use 100.10.1.x, so the Gateway IP is 100.10.1.1, and the Subnet is 255.255.255.0....

 


I wouldn't recommend using 100.10.1.x, even as an example, because people tend to copy examples blindly.  100.10.1.x is a valid publicly routable address, assigned to Verizon and could be in use for a resource that someone will want to get to, but the traffic won't leave their home.  Please use private, non-routable address blocks for examples, e.g. 192.168.3.x, 172.16.1.x, please see https://en.wikipedia.org/wiki/Private_network

 


...

4. Go to Home Network=>Subnets & DHCP.

a. Set Cascaded Router Enable to “On.”

b. For Cascaded Router Address, type in the IP address the AT&T router assigned to your secondary router.

c. For Network Address, type in the Gateway address of your secondary router, but use a “0” instead of a “1” for the final octet. So for this example, I typed in 100.10.1.0.

d. For Subnet Mask, type in the Subnet Mask of the secondary router (in this example, 255.255.255.0).

e. Save the Changes.

 


This feature is designed for when you have a Public Static address block from AT&T and you want to assign it to a router behind your gateway.  If you don't have a public static address block, you shouldn't need this feature.  (However, there have been those who've experimented with setting up the LAN behind the router this way to allow devices connected to the gateway to get to it.

 


...

2. It took a bit, but when I checked the status of my router, it showed that I was getting the AT&T public IP address, instead of a locally assigned IP from the GBW210-700.

...


This is the expected behavior when using IP Passthrough.

 


2. I did not set an IP Address Allocation for the 3rd party router. This seems counter-intuitive to me, but based on my previous efforts, I think that setting was actually getting in the way of making this work. Configuring the IP Passthrough options accomplishes the same thing.


This is another way of setting up a public static block, for use when you want the publicly-accessible devices connected directly to the Gateway.  No public static block, no use for this setup.

 

Award for Community Excellence 2019 Achiever*
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 142 of 162

Re: Arris BGW210-700 Passthrough mode

for me it said " address may not be in network" what do i do? i have a nighthawk router i want to put in

Message 143 of 162

Re: Arris BGW210-700 Passthrough mode

c. For Network Address, type in the Gateway address of your secondary router, but use a “0” instead of a “1” for the final octet. So for this example, I typed in 100.10.1.0.

 

 

 

****

- I have a netgear 2600 nighthawk router, my gateway address is  5 numbers **.*.*.1

not letting me put that in, im sorry im very confused i just want my nighthawk to be running and using all its features

Message 144 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

I have had U-verse since 2016 here with the Pace 5268AC. How can I swap that router out for the Arris BGW210-700? The Pace really throttles my Unifi network.

 

Thanks!

Message 145 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

I disabled the AT&T BGW210 wifi radios and connected a Netgear Wi-Fi router to one of the Gateway’s ethernet LAN ports. The bandwidth speeds are better with the NetGear Wi-Fi router but the download speed never tests above 500Mbps while the upload tests at around 900Mbps. My MacBook is directly wired to one of the other gateway’s LAN ports and consistently tests at around 900Mbps up/down. I did not set the Gateway to IP Passthrough after disabling the Gateway’s WiFi radios. Could that setting increase the NetGear WiFi router download speed or is it designed for some other purpose? My only goals are increasing that NetGear WiFi router download speed and secondarily solving any other unstable behavior associated with the current or passthrough configurations

Message 146 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

I have enabled IP Passthrough on my ATT Arris NVG599 to my Untangle Firewall and it's working fine. I also disabled all of the advanced firewall features and disabled the packet filters on my NVG599.

 

The only device I have attached to my NVG599 is the Untangle Firewall and my Home Phones.

 

Question I have is does disabling advanced firewall and packet filters on the NVG599 pose a security issue for my phones?

 

I know this could be a silly question, but want to make sure I'm not unknowingly creating a security risk.

Message 147 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

Just checking back since it's been a few days to see if anyone can help me on my previous post just above this one.

Message 148 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

i got my fiber connection setup and get close to 1gig speeds but i want to use my own router. I followed ip passthrough steps to use with my R7000 router. everything seems to have worked fine but for some reasons all my speed tests wired/wireless are limited to 300/300. i cant break those speeds. is possible to get higher than that using a 3rd party router?? 

Message 149 of 162
Contributor

Re: Arris BGW210-700 Passthrough mode

  1. I’m using an ASUS RT-AC86U and have tested up/down a bit over 500 a couple of times.  On average though I’d say it’s closer to 390/415.  I didn’t turn on cascade as I didn’t need that but I did disable all Advanced Firewall settings and SSID broadcasting.  I’m using a Cat5 from the AT&T modem port 1 to my ASUS WAN port. 
Message 150 of 162
Share this topic
Share this topic
Announcements

Are you having trouble logging in? Is your email password not working? Let us show you how to Reset your Email Password using myAT&T!

Additional Support