03-16-2011 8:18 AM - edited 03-16-2011 8:59 AM
I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?
I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)
In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:
- DHCP - OFF (at min, it appears you must leave one available?)
- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)
- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)
- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?
Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!
AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...
For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)
Solved by: Go to Solution.
03-16-2011 6:52 PM
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.
1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save.
Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.
Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.
This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
06-17-2011 3:06 PM
2. Even if you didn't do this, you don't need the 2Wire for DNS. Your own router will handle DNS, acting as a DNS resolver. It will use AT&T's upstream DNS servers as the upstream resolvers, the 2Wire is not involved when in DMZPlus mode.
That's exactly what I thought should happen as well. But when I check the status on my linksys router I can see that it has not picked up the DNS servers for AT&T. It instead thinks that it should be using the 2wire IP for dns resolution:
Automatic Configuration - DHCP
DNS1 is my own local caching server and I used to have it set to use 192.168.1.254 as my forwarder. That setup worked great, and I'd really like to just continue using it if possible. I manually added this IP to the local DNS settings on the router.
DNS2: This is the IP address that the linksys got from the 2wire when I set up the dmz forward. And the problem with this is that I cannot ping or access the IP address for the 2wire anymore. No ping = no dns resolution.
From reading that link you just posted though I should be able to clear this up if I change the IP range for my own LAN? Once I do that my understanding is that I should be able to ping the 2wire again correct? And I am guessing that once I can ping it, the DNS resolution will take care of itself.
06-17-2011 3:16 PM
Alternately, I guess I could always take the lazy way out for now and go straight to the upstream AT&T dns servers:
Just stuck those in my named.conf and they seem to work. Only problem is those could change and I wouldn't know about it until I started having trouble. Best if I use this as a bandaid for now and go ahead and reconfigure my LAN IP range I suppose.
BTW: Does AT&T keep IP addresses for things like DNS servers posted somewhere that us customers can get to? I found these DNS IPs in a forum thread, but it would be nice if I could just bookmark a FAQ url.
Thanks for the help!
06-17-2011 5:36 PM
06-17-2011 7:47 PM
Thanks for all the advice. I logged back in to my 2wire and changed the IP address to 192.168.2.254 and now everything works like a charm. I am directly using the AT&T DNS servers and everything works great with the external name resoltuion as well.
I admit that I tried the google DNS servers when I first started messing around with all this. But I noticed pretty quickly some lag when I went to places like youtube and watched the streams. The videos were buffering like mad. When I switched over to the AT&T dns servers the problem went away.
Once again...thanks for the clear cut instructions and the extra assistance!
06-25-2011 6:44 AM
Ok so I have everything MOSTLY right here. I followed the instructions, and I can't seem to get to my router to change any configurations now.
Here's what I have:
The AT&T provided router
NetGear wireless router connected per the instructions in this thread
Wired desktop plugged ino my netgear router
Wireless laptop on the wifi network on my router.
I can see the shared files on both PCs, print over wifi, all that. What I CAN'T seem to do is log into my router's page to change any settings on it! If I go to the 192.168.1.254 address I can see that the RG lists my router with an IP address of 192.168.1.66, which from what I have read on here it seems isn't an external IP address, so I assume that's part of the problem? If I try that IP, or 192.168.1.1 (which used to work), it goes nowhere.
I'm pretty novice at all this, so be gentle haha.
06-25-2011 8:39 AM
06-25-2011 7:15 PM
06-25-2011 8:16 PM
06-26-2011 12:35 PM
SomeJoe7777: thank you for all your help.... I want to set up a second router for a Window Home Server 2011 machine and remote access. I need UPnP (without it whs2011 is tough!). Would I follow post #2? Will this give me an address on the 192.168.1.xxx subnet for the server? I think without it the network might not find the server. Would I set the dhcp off on the second router and just assign an ip to the server like 192.168.1.78? You seem to know a great deal about this - will ATT ever get UPnP on their routers? if yes I would not even try to do second router. Thanks again...
06-26-2011 12:53 PM
06-26-2011 3:58 PM
thank you so much for your answer. At what step (1-14) do I change the ip address on second router to 192.168.2.1? Do I do it before step one and not allow it to get an address from DHCP? Thanks again.
06-26-2011 4:14 PM
06-26-2011 5:45 PM
Thank you for all your help!!!! I am making very small baby steps. I set the router network address at 192.168.2.1 but let it get dhcp and dhcp set it to 192.1.64. Now I can not reach the router from the main work group 192.168.1.xxx. I try and turn off dhcp and set the internet address to 192.168.2.1 and the subnet to 255.255.255.0 and default gateway to 192.168.1.254 and cisco won't let me save it as it has a different subnet for address and gateway. Thanks again.
06-26-2011 7:41 PM
06-27-2011 6:14 PM
I have a cisco (linksys) e1000 as the second router. I have turned off the dhcp on the e1000 so that it does not give out an address to the WHS2011 server box as I want to set a static IP for that box. The idea is to get a UPnP router for the WHS box to make it far far easier to use to get to it from the outside. I have got it to work but now the router gets a "outside" address that is 99.xxx.xxx.xxx. At that point the WHS box can not be seen on the "real" network 192.168.1.xxx. I need the "real" network to see the WHS box on the new network. Maybe not posible... thanks for your help. Or, I will throw in 10.00 to get ATT to get a router made in this century (UPnP) Dave
Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!
Service acting up? Click here to troubleshoot now!
For DSL related issues. We highly recommend chatting with our teams to address this as quickly as possible.