[TriLUG] ATT fiber installed and gateway/routing problem
    David Burton via TriLUG 
    trilug at trilug.org
       
    Sun Dec  4 04:54:12 EST 2016
    
    
  
I had this problem on my previous home router. (I think it was an old
Netgear.) For my laptop I lived with the problem by writing a little script
which ran on startup, and tested whether I was home or away, and adjusted my*
C:\Windows\System32\Drivers\etc\hosts *file accordingly, so that I could
access the web server that lives on my LAN. Uuuuuugly!
When I installed my current router, a TP-Link TL-WR1043ND, that problem
just went away. I didn't configure anything special, it just worked.
Accessing the external IP address from a machine on my LAN is now correctly
routed to my server, according to the port forwarding configuration in the
TL-WR1043ND.
It is disappointing to learn that AT&T is supplying a router/gateway which
doesn't do this!
(Aside: Since LAN traffic to my external IP address is being routed to my
web server, to access my SB6121 cablemodem I instead go to its hardwired
admin IP address, http://192.168.100.1/)
I found a looooong discussion of issues with the 5268AC, here:
https://forums.att.com/t5/AT-T-Internet-Equipment/I-have-a-
Pace-5268AC-Router-how-to-put-it-in-Bridge-Mode/td-p/4330866
(One of the participants shared
<https://forums.att.com/t5/AT-T-Internet-Equipment/I-have-a-Pace-5268AC-Router-how-to-put-it-in-Bridge-Mode/m-p/4812195#M356>
a couple of files on OneDrive
<https://onedrive.live.com/redir?resid=6EF9B5E6C7C15B1!12056&authkey=!AB3eQrU-FIhio6Q&ithint=folder%2cpdf>,
and I downloaded copies of them and saved them here: http://burtonsys.com/
ATT_Modm_5268AC/)
The 5268AC apparently does support a "DMZ+" mode, in which external traffic
is all routed to a particular LAN IP address. That's probably sufficient
for some people. However, that would not be sufficient for me, since I need
to route different ports to different LAN addresses.
BTW, that brings me to another couple of questions:
*1.* I'm starting to see more and more home Internet services in which the
"external IP" is actually a NAT'ed address like 192.168.0.85, from an
upstream gateway somewhere. *Please* assure me that AT&T is *not* doing
this with their fiber service!
*2.* How stable is your "dynamic" IP address with AT&T fiber? With TWC, my
dynamic IP address doesn't change for many months on end. Even when they
have one of their typical 2 a.m. half-hour outages (which are obviously
planned, but which they *never* give advance notice of, despite my pleading
for *years*, grrrr!), I usually get the same IP address back again. That is
very helpful!
*3.* What about IPv6? It doesn't work at my house, probably because version
v.1.10 of the TL-WR1043ND, which is what I have, apparently doesn't support
IPv6 <http://archive.is/pDBg3#selection-769.33-785.22>. (
http://test-ipv6.com/ says Teredo is running.) But I'm starting to see IPv6
actually work, some places!
I presume you get some (or at least one?) IPv6 address(es) with AT&T fiber?
What does http://test-ipv6.com/ say about your connection? Do you have any
idea whether it/they are static, or at least reasonably stable?
*Digression:* How do I know that IPv6 is starting to actually work, in the
wild?
Well, a few weeks ago I ran into a fellow whose computer in his home office
had very weird problems. (Other machines on his LAN worked fine.)
His POP3/SMTP email wasn't working, many web sites were not working
(including mine!), and VNC remote access didn't work. Ping didn't seem to
work at all. Yet he could bring up https://www.google.com/ in any web
browser and do Google searches, and they worked correctly and quickly
(though many of sites found by a Google search would not actually open).
It turned out that his computer was connected both wirelessly and wired.
The wireless connection was directly to his new UVerse gateway, as
configured by an AT&T technician. The wired connection to his computer,
which was left over from his previous Internet service (TWC?), and which
the sloppy AT&T technician had left connected to the computer, went via
ethernet cable to a very old router, which was connected to some sort of
powerline adapter, which was talking to another powerline adapter about 15
feet farther down the same wall, which was connected through another
ethernet cable to another port on his UVerse gateway.
The 2nd powerline adapter had apparently been originally connected to the
previous internet service's modem or gateway, elsewhere in the house. The
AT&T technician had moved the 2nd powerline adapter to its new location,
and connected it to the new UVerse gateway, without bothering to see where
it's twin was.
It turned out that Windows was routing IPv4 traffic through the wired
connection to the old router, and something in that chain of devices had
failed. But Windows realized that the wired connection didn't support IPv6,
so for IPv6 it used the wireless connection, instead.
So the computer effectively had IPv6 service, *only*. That worked for
accessing some web sites, including Google, but didn't work for his email,
nor for many other sites.
The solution was simply to remove the old router, the two powerline
adapters, and the two unnecessary ethernet cables.
Dave
On Sat, Dec 3, 2016 at 11:20 PM, Wes Garrison via TriLUG <trilug at trilug.org>
wrote:
> Looks like it's called "NATPlus" mode on the Pace modems.
>
> ...
> On Sat, Dec 3, 2016 at 10:58 PM, Wes Garrison <wes at xitechusa.com> wrote:
>
> > You're looking for "NAT reflection".  Some people call that "loopback",
> > but I think reflection is the proper term.
> >
> > https://forums.att.com/t5/AT-T-Internet-Equipment/NVG589-
> > NAT-loopback-reflection-possible/td-p/3866231
> >
> > It looks like it's not possible, but if you set it to "passthrough mode",
> > the router will see your Synology as having your public IP.
> >
> > This is not a true "bridged" Ethernet, and adds some overhead, but it
> > still seems to work in most cases.
> >
> > -Wes
>
...
> > On Sat, Dec 3, 2016 at 7:19 PM, Christopher Merrill via TriLUG <
> > trilug at trilug.org> wrote:
> >
> >> Looks like Scott and I are on the same schedule :)
> >>
> >> I had the install yesterday. The tech was considerably more
> knowledgeable
> >> than I have come to expect from utilities. There were a few things I
> >> wanted
> >> done in specific ways and he was very accommodating. To the point that I
> >> called his supervisor to mention the good service.
> >>
> >> Using the Google Fiber speed test, I got results similar to Scotts. And
> >> ~15ms latency to major datacenters (AWS, Facebook).
> >>
> >>
> >> Unfortunately, I've also experienced unhappiness with the provided
> >> gateway/router - 5268AC. Note that I previously had UVerse with their
> >> gateway in place. Like many of us, I run a server at home (Synology
> >> Diskstation). Our family uses this for music, photos, notes and some
> >> email.
> >> After duplicating my previous setup, almost everything works well. There
> >> are bunch of ports routed though to the Diskstation to support these
> >> services.
> >>
> >> Here is the problem I've run into: connections to the public IP from
> >> inside
> >> the network are refused. I've tested this from several Android devices
> as
> >> well as from Windows. Summary of symptoms:
> >> 1) If I connect to the Diskstation directly (the local IP or internal
> >> hostname) from inside the network (wired or wireless), everything works
> >> 2) If I connect to the Diskstation via the external/WAN/public IP from
> >> outside the network, everything works
> >> 3) If I attempt to connect to the Diskstation via the
> external/WAN/public
> >> IP from outside the network, all connections are refused
> >>
> >> #3 was not the case previously. I've searched through the settings on
> >> the 5268AC and don't see anything that seems like it would control this.
> >> Is
> >> there a specific term I should be looking for?
> >>
> >> If you have any ideas on how to remedy this, I'd love to hear them :)
> >>
> >> Chris
>
    
    
More information about the TriLUG
mailing list