Need help with your equipment?
nlucchesi's profile

Tutor

 • 

3 Messages

Wednesday, January 20th, 2016 3:23 AM

Port Forwarding to Router Behind 2Wire

I have a personal router (Asus RT-N16 flashed with TomatoUSB) behind ATT's
2Wire 3600HGV DSL gateway/wireless modem. I am trying to set up port forwarding from the Internet to devices that are connected to the personal router.

 

The 2Wire uses the default 192.168.x.x subdomain. I have the wireless access capability turned off and the only device attached to it is the Asus router. The 2Wire LAN port is connected to the WAN port of the Asus. The Asus creates the subdomain 10.10.49.x.

 

Within the 10.10.49.x subdomain, the Asus acts as:
(1) Wireless access point
(2) DHCP server
(3) Dynamic DNS (DDNS) maintenance on FreeDNS

 

In order to update FreeDNS with changes in the 2Wire's public (WAN) address, the Asus must know the public IP address of the 2Wire, so I set up the Asus to assign the 2Wire WAN address to the Asus WAN port.

 

I have several services on my 10.10.49.x subdomain that I want to access from the Internet. They include an OpenVPN server at 10.10.49.11 listening on port 443.

 

How do I forward requests on the 2Wire's port 443 to the OpenVPN server (at 10.10.49.11) behind my Asus router?

 

Accepted Solution

Official Solution

Tutor

 • 

3 Messages

8 years ago

Here are the exact steps I followed:

 

last modified: 2015-11-16 17:54:10
How do I configure bridge mode (DMZ+) on a 2Wire 3600HGV, 3800HGV, or 3801HGV?
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.

  1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.

  2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.

  3. Restart your router, let it get an IP address via DHCP.

  4. Sign into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ

  5. Select your router under section (1)

  6. Click the DMZPlus button under section (2)

  7. Click the Save button.

  8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.

  9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration

  10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.

  11. Check everything under Outbound Protocol Control except NetBIOS.

  12. Uncheck NetBIOS under Inbound Protocol Control.

  13. Uncheck all the Attack Detection checkboxes (7 of them).

  14. Click Save.


Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.

Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.

Credit for this post goes to SomeJoe7777

Community Support

 • 

6.7K Messages

8 years ago

Hi @nlucchesi,

 

Check this forum post out. It may help.

 

Good luck!

 

-ATTU-verseCare

Tutor

 • 

3 Messages

8 years ago

DMZ+ did the trick.

 

 

Contributor

 • 

1 Message

7 years ago

Does your DMZ+ configuration allow the use of AT&T's wireless TV?

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.