AT&T Fiber with Arris BGW210 to Firewalla

Comments

12 comments

  • Avatar
    Firewalla

    Check out this tutorial for google wifi https://help.firewalla.com/hc/en-us/articles/360048869274-Firewalla-Gold-Tutorial-Google-Wifi-Mesh-network-with-Gold-Beta-

    There is a little trick that will allow your google wifi to act like an access point or bridge...   Google as you said, doesn't want ever run in bridge / AP mode ...  (unlike other major router manufactures) 

    1
    Comment actions Permalink
  • Avatar
    Dpadron

    I have the same question/issue. Hopefully you will post an update if you figure it out. Likewise I will myself.

    0
    Comment actions Permalink
  • Avatar
    Dpadron

    I believe I have figured out a workable solution.

    -On your AT&T Arris box make sure DHCP is still enabled (I had mine disabled and it was causing configuration options not to be available, casuing more headaches)

    -You will have to figure out a way to get the MAC address for the WAN port on the firewalla. Unsure of a good way to do this, but the way I did this was to setup Firewalla as a regular network device instead of a router at first, then using ARP to grab the MAC address. You can also get it from the Firewalla mobile app once the firewalla is connected to your phone under settings > about. Then after saving that off somewhere, I factory reset the Firewalla back.

    -On your AT&T Arris box go to Firewall > IP Passthrough. Set the passthrough mode as DHCPS-fixed. Here you will input the Firewalla MAC address. Make sure to save the changes and possibly reboot if necessary.

    -You can now setup the Firewalla from scratch again and use DHCP mode.

     

    1
    Comment actions Permalink
  • Avatar
    Kenneth Clerebout

    Thanks Dpadron,

    I will be trying this!

    0
    Comment actions Permalink
  • Avatar
    Greg Pajak

    Here is basically the same procedure (uses a netgear device, but essentially the same process)

    https://www.f0il.com/how-to-arris-bgw210-700-modem-router-with-netgear-xr500-router/

     

    0
    Comment actions Permalink
  • Avatar
    Kevin Passino

    You actually don't even need to remember the MAC address with the BGW210. Under DHCPS-Fixed, the available clients will show up in a drop-down, one of which will be the Firewalla. Choose it and save, then reboot the Firewalla (or realistically just unplug/replug the cable) so it gets the new passthrough IP. 

    0
    Comment actions Permalink
  • Avatar
    Ro88durham

    Some questions on AT&T BGW210:

    1. I initially had it in Simple mode.  The porn filter was not working.  Is that standard with AT&T?

    2. So followed the above and set BGW210 to DHCP-Fixed and moved to Firewalla to DHCP mode. Initially it fail but then it worked.  But now I get "Invalid Local Subnet" warning.  Porn filter still not working.  

     

    0
    Comment actions Permalink
  • Avatar
    Nilesh Patel

    UPDATE:

    Well I fixed it.  The difference was Apple's Private Internet Relay which i disabled.  I rebooted all devices, now it all seems to be working.

     

     

    I am having some issued getting the BGW210 and Firewalla Gold to work for port forwarding.

     

    My FG is in router mode. I have turned on IP Passthrough with DHCPS-fixed set for my Firewalla mac address. The internet and DHCP functions are working.  However, port forwarding is not.

    My external IP address (which has been essentially static for 4 years with my BG210 is 1xx.2xx.2xx.4x.  Previously when I performed a whatismyip check I would get this ip address.  However, now that I am using Firewalla as my primary router, when I perform and ip check with whatismyip, it appears my "external IP" address is: 172.225.249.58 (this is different than my LAN IP which I have set to 192.168.0.x).

    Any ideas on what I'm doing wrong and not able successfully port forward, which I think is related to why my IP address is not accurately returned on whatismyip site.

     

    thanks!

    0
    Comment actions Permalink
  • Avatar
    Kenneth Clerebout

    Hello Nilesh,

    I can confirm that I did get port forwarding to work.  Let's check some other settings besides IP Passthrough and see if something else is different.

    Under Home Network - Status, I see that Cascaded Router Status is Disabled, IP Passthrough Status is On (Public IP address)

    Under Home Network - Subnets & DHCP, I see that DHCP Server Enable is On, Public Subnet Mode is Off, Cascaded Router Enable is Off.

    Under Firewall - IP Passthrough, I see Allocation Mode is Passthrough, Passthrough Mode is DHCPS-fixed, and the Pasthrough Fixed MAC Address is my Firewalla Gold.  The lease is still at 10min.

    Under Firewall - Advanced, I see off, on, on, off, off, on, off, on

    I don't think any of the other tabs are related to Port forwarding.

    If you still can't get it to work, one time I was having trouble I hard reset the modem and then went in and just changed the IP Passthrough settings and then rebooted the modem and the firewalla gold and everything worked fine.

     

    You know one last thing before I go.  In the actual Firewalla app.  Are you port forwarding using "Rules" or are you going down to "Ports".  Under rules you will see things like "Traffic from Internet / [PC Name Here], Local Port UDP XXXX / Inbound only, Always".  Under Ports you will see "Ports Forwarded" [Mapping Name] / UDP XXXX / Always, forwarded as XXXX".  I think the one under "Ports" is the important one for external from the internet and the "Rules" one is good for when you are doing network segmentation and you want ports to cross your segments.

    Okay, I think I said too much.  Let me know if any of that helped or if you already figured it out.  Don't be afraid to ask more questions if this didn't help.

    0
    Comment actions Permalink
  • Avatar
    Nilesh Patel

    So thanks for that detailed settings review.

     

    I have all my settings the way you have.  Unfortunately, I am only able to get things to work if I disable IP6.  So currently I have IP6 disabled on the Arris and FWG and I am able to have everything work perfectly.

    Any reason I need to have IP6 enabled?

     

    0
    Comment actions Permalink
  • Avatar
    Kenneth Clerebout

    I just double checked and I have IPv6 turned on on the Arris, but I also have it turned off on the FWG.  I've been in this configuration for a year plus and I have noticed no negative impact of having IPv6 turned off on my FWG.

    If you are hosting any actual servers with server OSes such as Windows Server 20XX, there may be some issues, but for the rest of us, there doesn't seem to be any issues.

    0
    Comment actions Permalink
  • Avatar
    Nilesh Patel

    All seems to work as long as IP6 is turned off on the FWG.

     

    Thanks for the help.

    0
    Comment actions Permalink

Please sign in to leave a comment.