The closest it comes to a bridge mode is its “IP Passthrough” mode. My research indicated that I’d want to enable “bridge mode” on my router, but it turns out the BGW210-700 doesn’t have support for a true bridge mode *. Unfortunately, some research showed that I couldn’t drop the AT&T router entirely it was providing the authentication for my internet service. With the UDM Pro, I had a real gateway, and I no longer needed my AT&T BGW210-700 gateway/router to handle any of the services it was previously performing. While there’s no question the Unifi Dream Machine Pro is overkill for a home network, it was just the combination of power, control, and convenience I’d been looking for. I am able to connect to the modem web portal on devices behind my openwrt router using the default IP of 192.168.1.254 without any special setup.Īlternatively, if you're a fiber customer, you may be interested in this guide on setting up an EAP Proxy which allows connecting your own router directly to the ONT without rooting.ĭSL (AT&T U-Verse) customers may be interested in this guide to use an alternative modem with a proper bridge mode, but it relies on a rooting method which no longer works on the latest firmware.I’ve long wanted to have more control/flexibility in my home network, and 2020 finally gave me the justification to make some upgrades. Public Subnet Mode is off (default), Cascaded Router is disabled (default), and the Packet Filter had no rules set (default) but is set to disabled. I’ve left the default setting specific to the BGW210 (“Drop incoming ICMP Echo requests to Device LAN Address”) turned on. Under Firewall > Firewall Advanced, Reflexive ACL and SIP ALG is turned off.No other devices are connected to the modem. IP Passthrough is setup with the OpenWrt router and Passthrough DHCP Lease time is set to 1 day.Wi-Fi is turned off under Home Network > Wi-Fi > Advanced Options.Bridge settingsĮverything is now set back to the defaults on my BGW210-700, except: Make sure to remove the firewall rules when done and set the SSH interface to LAN. Screenshot at 19.44.23 1260×374 22.8 KB Drop packets that match:Ĭlick the empty checkbox to enable the rule, then run the nmap command again. Now add the following firewall rule to the BGW under Firewall > Packet Filter: Temporarily update the SSH interface to be unspecified: uci delete commit dropbearĪdd the following rule to /etc/config/firewall: config redirectĬonnect to a VPN or external network and run the following: # nmap -p 22 Note: I chose port 22 to test, with SSH password authentication disabled. Run the ping command again, and it should go through. Go to Firewall > Firewall Advanced, set “Drop incoming ICMP Echo requests to Device LAN Address” to Off, and click save.Go to Firewall > Packet Filter and click Disable Packet Filters, then run the above command again.The packets should be dropped.ģ packets transmitted, 0 packets received, 100.0% packet loss Connect to a VPN or external network and run ping6 again.e23e:a854:e5b5:67fc::1 ping6 statistics -ġ packets transmitted, 1 packets received, 0.0% packet loss Find the modem’s IPv6 address under Home Network > Status > IPv6 > Global Unicast IPv6 Address.The packet filter remains on for IP Passthrough devices unless it’s turned off altogether, contrary to what some posts have stated online.However, all the rules shown on the packet filter tab are already disabled by default, although the UI makes this unclear at first glance. Disabling the packet filter does not disable the advanced firewall rules.Ok, I’ve spent some time testing out the BGW’s firewall and confirmed the following:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |