Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Dec 20, 2011
12:43:31 AM
U-verse for business, Model 3600HGV, multiNAT

I've seen several posts about putting a router behind U-verse CG/modem - but they all seem using a single external IP address.

I have a 8 static IP with our service - the bloody U-verse CG/modem is forcing me to have a dedicate hardware interface for each static IP address I want to use - defeating the powerful ability of any decent commercial router or server to be easiiy configured for a single hardware interface to respond to multiple IP address.

Is anyone else on board see these issues too?  ... work arounds?

I'm not mad as far as I can tell as these links seem to indicate this is U-verse related:

http://www.broadbandreports.com/forum/r22421681-U-Verse-Static-IP-s-Not-Working-Can-t-figure-out-pro...

http://www.broadbandreports.com/forum/r22421681-UVerse-Static-IPs-Not-Working-Cant-figure-out-proble...

thanks'

- Rick and Julie

I've seen several posts about putting a router behind U-verse CG/modem - but they all seem using a single external IP address.

I have a 8 static IP with our service - the bloody U-verse CG/modem is forcing me to have a dedicate hardware interface for each static IP address I want to use - defeating the powerful ability of any decent commercial router or server to be easiiy configured for a single hardware interface to respond to multiple IP address.

Is anyone else on board see these issues too?  ... work arounds?

I'm not mad as far as I can tell as these links seem to indicate this is U-verse related:

http://www.broadbandreports.com/forum/r22421681-U-Verse-Static-IP-s-Not-Working-Can-t-figure-out-problem~start=20?

http://www.broadbandreports.com/forum/r22421681-UVerse-Static-IPs-Not-Working-Cant-figure-out-problem

thanks'

- Rick and Julie

0
(0)
  • Rate this reply
View profile
Solved
Dec 20, 2011 7:24:33 AM
0
(0)
Expert
That is correct, the 2Wire gateway is hard-coded to assume that there is a 1-to-1 relationship between IP addresses and MAC addresses (in direct violation of multiple RFCs, by the way). This means that each IP address must have a unique MAC address. Multihoming (multiple IP addresses on a single MAC address) will not work with this unit.

Also, the 2Wire unit does not have any facility to insert a static route, which would allow routing through another gateway.

The only work-around I've seen is a person who did some custom configuration to a Linux machine that created multiple virtual Ethernet interfaces that each had a different MAC address.

Otherwise, what you will have to do is either:

1. Use a single IP address with NAT on your routing device, or
2. Eliminate your routing device and use your separate static IP addresses on machines that are directly connected to the 2Wire.
Accepted Solution

U-verse for business, Model 3600HGV, multiNAT

884 views
3 replies
(0) Me too
(0) Me too
Reply
View all replies
(3)
0
(0)
  • Rate this reply
View profile
Solved
Dec 20, 2011 7:24:33 AM
0
(0)
Expert
That is correct, the 2Wire gateway is hard-coded to assume that there is a 1-to-1 relationship between IP addresses and MAC addresses (in direct violation of multiple RFCs, by the way). This means that each IP address must have a unique MAC address. Multihoming (multiple IP addresses on a single MAC address) will not work with this unit.

Also, the 2Wire unit does not have any facility to insert a static route, which would allow routing through another gateway.

The only work-around I've seen is a person who did some custom configuration to a Linux machine that created multiple virtual Ethernet interfaces that each had a different MAC address.

Otherwise, what you will have to do is either:

1. Use a single IP address with NAT on your routing device, or
2. Eliminate your routing device and use your separate static IP addresses on machines that are directly connected to the 2Wire.
That is correct, the 2Wire gateway is hard-coded to assume that there is a 1-to-1 relationship between IP addresses and MAC addresses (in direct violation of multiple RFCs, by the way). This means that each IP address must have a unique MAC address. Multihoming (multiple IP addresses on a single MAC address) will not work with this unit.

Also, the 2Wire unit does not have any facility to insert a static route, which would allow routing through another gateway.

The only work-around I've seen is a person who did some custom configuration to a Linux machine that created multiple virtual Ethernet interfaces that each had a different MAC address.

Otherwise, what you will have to do is either:

1. Use a single IP address with NAT on your routing device, or
2. Eliminate your routing device and use your separate static IP addresses on machines that are directly connected to the 2Wire.

Re: U-verse for business, Model 3600HGV, multiNAT

2 of 4 (871 Views)
Solution
0
(0)
  • Rate this reply
View profile
Dec 20, 2011 8:53:41 AM
0
(0)
Tutor

Thanks.  That sums up it well - unfortunately.

 

Yes I can work around it by having multiple HW firewalls in front of each static IP server / or use use soft firewall (e.g. iptables, ...) or by having virtual machines provide mulitple virtual network interfaces.  Also, having both local network subnet and external subnet on same network cable feels wrong but seems to work.

 

How likely do you think U-verse firmware will be patched to 'fix' this ridiculous warped routing for muitple static IP's.  My sense is it may be 'by design'.

 

Thanks.  That sums up it well - unfortunately.

 

Yes I can work around it by having multiple HW firewalls in front of each static IP server / or use use soft firewall (e.g. iptables, ...) or by having virtual machines provide mulitple virtual network interfaces.  Also, having both local network subnet and external subnet on same network cable feels wrong but seems to work.

 

How likely do you think U-verse firmware will be patched to 'fix' this ridiculous warped routing for muitple static IP's.  My sense is it may be 'by design'.

 

Re: U-verse for business, Model 3600HGV, multiNAT

3 of 4 (858 Views)
0
(0)
  • Rate this reply
View profile
Dec 20, 2011 2:21:54 PM
0
(0)
Expert
The original stupid decision to require 1-to-1 MAC-to-IP relationships is in 2Wire's original stock firmware. The 2Wire units abuse the ARP protocol to maintain their list of devices that you see when you log into the 2Wire gateway, and if a single MAC has multiple IPs it ruins their interface model.

Working around this in the original 2Wire firmware was easy because it has a bridge mode which turns off routing.

AT&T, however, had special firmware build for the U-Verse product that disables the bridge mode, replacing it instead with the DMZ mode (which still routes behind the scenes). AT&T does this to maintain the 2Wire as a system-manageable unit on their network. Because bridge mode is disabled, now the 1:1 IP-to-MAC restriction becomes even more bothersome.
The original stupid decision to require 1-to-1 MAC-to-IP relationships is in 2Wire's original stock firmware. The 2Wire units abuse the ARP protocol to maintain their list of devices that you see when you log into the 2Wire gateway, and if a single MAC has multiple IPs it ruins their interface model.

Working around this in the original 2Wire firmware was easy because it has a bridge mode which turns off routing.

AT&T, however, had special firmware build for the U-Verse product that disables the bridge mode, replacing it instead with the DMZ mode (which still routes behind the scenes). AT&T does this to maintain the 2Wire as a system-manageable unit on their network. Because bridge mode is disabled, now the 1:1 IP-to-MAC restriction becomes even more bothersome.

Re: U-verse for business, Model 3600HGV, multiNAT

4 of 4 (844 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post