Skip to main content
AT&T Community Forums
For the mom who gives us everything - Mother's Day gifts that connects us.
rickatech's profile
rickatech
#1 Star!
10th stratosphere!
The 5th element!

Tutor

 • 

10 Messages

Tuesday, December 20th, 2011 8:43 AM

U-verse for business, Model 3600HGV, multiNAT

I've seen several posts about putting a router behind U-verse CG/modem - but they all seem using a single external IP address.

I have a 8 static IP with our service - the bloody U-verse CG/modem is forcing me to have a dedicate hardware interface for each static IP address I want to use - defeating the powerful ability of any decent commercial router or server to be easiiy configured for a single hardware interface to respond to multiple IP address.

Is anyone else on board see these issues too?  ... work arounds?

I'm not mad as far as I can tell as these links seem to indicate this is U-verse related:

http://www.broadbandreports.com/forum/r22421681-U-Verse-Static-IP-s-Not-Working-Can-t-figure-out-problem~start=20?

http://www.broadbandreports.com/forum/r22421681-UVerse-Static-IPs-Not-Working-Cant-figure-out-problem

thanks'

- Rick and Julie

Questions

2.3K

3

0

0

Accepted Solution

Official Solution

SomeJoe7777

Expert

 • 

9.4K Messages

12 years ago

That is correct, the 2Wire gateway is hard-coded to assume that there is a 1-to-1 relationship between IP addresses and MAC addresses (in direct violation of multiple RFCs, by the way). This means that each IP address must have a unique MAC address. Multihoming (multiple IP addresses on a single MAC address) will not work with this unit.

Also, the 2Wire unit does not have any facility to insert a static route, which would allow routing through another gateway.

The only work-around I've seen is a person who did some custom configuration to a Linux machine that created multiple virtual Ethernet interfaces that each had a different MAC address.

Otherwise, what you will have to do is either:

1. Use a single IP address with NAT on your routing device, or
2. Eliminate your routing device and use your separate static IP addresses on machines that are directly connected to the 2Wire.

0

0

rickatech

Tutor

 • 

10 Messages

12 years ago

Thanks.  That sums up it well - unfortunately.

 

Yes I can work around it by having multiple HW firewalls in front of each static IP server / or use use soft firewall (e.g. iptables, ...) or by having virtual machines provide mulitple virtual network interfaces.  Also, having both local network subnet and external subnet on same network cable feels wrong but seems to work.

 

How likely do you think U-verse firmware will be patched to 'fix' this ridiculous warped routing for muitple static IP's.  My sense is it may be 'by design'.

 

0

0

SomeJoe7777

Expert

 • 

9.4K Messages

12 years ago

The original stupid decision to require 1-to-1 MAC-to-IP relationships is in 2Wire's original stock firmware. The 2Wire units abuse the ARP protocol to maintain their list of devices that you see when you log into the 2Wire gateway, and if a single MAC has multiple IPs it ruins their interface model.

Working around this in the original 2Wire firmware was easy because it has a bridge mode which turns off routing.

AT&T, however, had special firmware build for the U-Verse product that disables the bridge mode, replacing it instead with the DMZ mode (which still routes behind the scenes). AT&T does this to maintain the 2Wire as a system-manageable unit on their network. Because bridge mode is disabled, now the 1:1 IP-to-MAC restriction becomes even more bothersome.

0

0

Related Conversations

Loading...

Did this help you?

Tags

CTAS

Not finding what you're looking for?
Ask a question
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.