[TriLUG] ATT gigabit internet quick review

Rogers, Matthew via TriLUG trilug at trilug.org
Sun Dec 11 12:45:59 EST 2016


You got it.  It's pretty easy, just need to get the workflow right, and you overcome the limited routing capabilities of the att junk.  I'm using an opnsense Linux box with 2 nics running inline ids and vpn services.


Matthew Rogers | Senior Security Manager
Allscripts | 8529 Six Forks Road | Raleigh, NC | 27615<x-apple-data-detectors://0/1>

919.691.4636<tel:919.691.4636> | M
919.329.1130<tel:919.329.1130> | D


matthew.rogers2 at allscripts.com<mailto:matthew.rogers2 at allscripts.com> | www.allscripts.com<http://www.allscripts.com/>
Corporate Headquarters l 222 Merchandise Mart Plaza<x-apple-data-detectors://5> l 20th Floor l Chicago, IL l 60654

On Dec 6, 2016, at 6:13 PM, David Burton via TriLUG <trilug at trilug.org<mailto:trilug at trilug.org>> wrote:

So, is this right, Matthew?

Suppose that your gateway gets external IPv4 address 129.250.123.123. When
you first set up your router, you plug it into the 5268AC gateway, and your
router is given an IP address by the gateway between 192.168.0.2 and
192.168.0.253. Your computer, plugged into your router, gets an IP address
between 192.168.x.2 and 192.168.x.253, where x is != 0 (as configured in
your router's DHCP/LAN settings). Your computer sees the router at
192.168.x.1 (or perhaps 192.168.x.254). It sees the gateway at 192.168.0.1
(or maybe 192.168.0.254). It sees the Internet through two layers of
NAT-ing.

But when you configure DMZ+ in the gateway, and then reboot your router,
instead of getting an IP address between 192.168.0.2 and 192.168.0.253,
your router is given the external IP address, 129.250.123.123, passed on by
the gateway, which the gateway used to have, before DMZ+ was enabled.

Right?  If that's right, then it sounds pretty good, to me!

It also sounds like you could configure whatever DNSs you want in your own
router, and if it's a decent router then the problem of machines on your
LAN not being able to access your server(s) via your external IP address
would also be solved, since that traffic wouldn't even make it up to the
gateway.

Dave



On Tue, Dec 6, 2016 at 3:07 PM, Rogers, Matthew <
Matthew.Rogers2 at allscripts.com<mailto:Matthew.Rogers2 at allscripts.com>> wrote:

So in DMZ mode the DMZ device shows the external IP which it pulls via
DHCP.  The ATT device just forwards all traffic to that particular port
unless it has something in its state table since the ATT router is still
running.  I turned off the wireless on the ATT device.  It's important to
note that the ATT device uses a particular subnet 192.168.1.0 or whatever,
but prior to the DMZ mode being used - the new router will pull an internal
IP prior to configuration of DMZ plus mode.  If you duplicate that subnet
you'll cause a problem during that configuration change.


*...[snip]...*


*From:* David Burton [mailto:ncdave4life at gmail.com]
*Sent:* Tuesday, December 6, 2016 10:58 AM
*To:* Rogers, Matthew <Matthew.Rogers2 at allscripts.com<mailto:Matthew.Rogers2 at allscripts.com>>; Triangle Linux
Users Group General Discussion <trilug at trilug.org<mailto:trilug at trilug.org>>
*Subject:* Re: [TriLUG] ATT gigabit internet quick review



On Sun, Dec 4, 2016 at 5:00 PM, Rogers, Matthew via TriLUG <
trilug at trilug.org<mailto:trilug at trilug.org>> wrote:

You can set a device in dmz plus mode which is basically a bridge mode.  I
do this and run my own router and domain controller with dhcp/DNS etc.



Do you end up with double-NAT using DMZ mode, Matthew, or does your router
get the external IP address?



Dave

--
This message was sent to: Matthew <matthew.rogers2 at allscripts.com<mailto:matthew.rogers2 at allscripts.com>>
To unsubscribe, send a blank message to trilug-leave at trilug.org<mailto:trilug-leave at trilug.org> from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web    : http://www.trilug.org/mailman/options/trilug/matthew.rogers2%40allscripts.com
Welcome to TriLUG: http://trilug.org/welcome


More information about the TriLUG mailing list