[TriLUG] ATT gigabit internet quick review
David Burton via TriLUG
trilug at trilug.org
Sun Dec 11 20:23:04 EST 2016
Thank you for this good news, Matthew!
I wonder how AT&T addresses their gateway from the "outside," when it is
running in DMZ+ mode?
Maybe they've reserved a port number or two, which the router handles
without passing on?
Or maybe they just give it its own IPv6 address, and use IPv6 to access the
gateway? But somehow I doubt that. I could believe it from Google. But AT&T
doesn't seem "smart enough" for that. After all, it's a company which gave
up trying to run their own mailservers, and contracted with Yahoo to do it.
Dave
On Sun, Dec 11, 2016 at 12:45 PM, Rogers, Matthew <
Matthew.Rogers2 at allscripts.com> wrote:
> You got it. It's pretty easy, just need to get the workflow right, and
> you overcome the limited routing capabilities of the att junk. I'm using
> an opnsense Linux box with 2 nics running inline ids and vpn services.
>
>
> *Matthew Rogers* | Senior Security Manager
>
> *Allscripts* | 8529 Six Forks Road | Raleigh, NC | 27615
>
>
>
> 919.691.4636 | M
>
> 919.329.1130 | D
>
>
>
>
>
> matthew.rogers2 at allscripts.com | www.allscripts.com
>
> Corporate Headquarters l 222 Merchandise Mart Plaza l 20th Floor l
> Chicago, IL l 60654
>
> On Dec 6, 2016, at 6:13 PM, David Burton via TriLUG <trilug at trilug.org>
> wrote:
>
> So, is this right, Matthew?
>
> Suppose that your gateway gets external IPv4 address 129.250.123.123. When
> you first set up your router, you plug it into the 5268AC gateway, and your
> router is given an IP address by the gateway between 192.168.0.2 and
> 192.168.0.253. Your computer, plugged into your router, gets an IP address
> between 192.168.x.2 and 192.168.x.253, where x is != 0 (as configured in
> your router's DHCP/LAN settings). Your computer sees the router at
> 192.168.x.1 (or perhaps 192.168.x.254). It sees the gateway at 192.168.0.1
> (or maybe 192.168.0.254). It sees the Internet through two layers of
> NAT-ing.
>
> But when you configure DMZ+ in the gateway, and then reboot your router,
> instead of getting an IP address between 192.168.0.2 and 192.168.0.253,
> your router is given the external IP address, 129.250.123.123, passed on by
> the gateway, which the gateway used to have, before DMZ+ was enabled.
>
> Right? If that's right, then it sounds pretty good, to me!
>
> It also sounds like you could configure whatever DNSs you want in your own
> router, and if it's a decent router then the problem of machines on your
> LAN not being able to access your server(s) via your external IP address
> would also be solved, since that traffic wouldn't even make it up to the
> gateway.
>
> Dave
>
>
>
> On Tue, Dec 6, 2016 at 3:07 PM, Rogers, Matthew <
> Matthew.Rogers2 at allscripts.com> wrote:
>
> So in DMZ mode the DMZ device shows the external IP which it pulls via
>
> DHCP. The ATT device just forwards all traffic to that particular port
>
> unless it has something in its state table since the ATT router is still
>
> running. I turned off the wireless on the ATT device. It’s important to
>
> note that the ATT device uses a particular subnet 192.168.1.0 or whatever,
>
> but prior to the DMZ mode being used – the new router will pull an internal
>
> IP prior to configuration of DMZ plus mode. If you duplicate that subnet
>
> you’ll cause a problem during that configuration change.
>
> *...[snip]...*
More information about the TriLUG
mailing list