Skip to main content
AT&T Community Forums
Gift your grad endless possibilities. Celebrate right now and connect them to their brightest future.
Get superfast AT&T Fiber internet
Check availability
FastAndLight's profile
FastAndLight
#1 Star!
The 5th element!
10th stratosphere!

New Member

 • 

12 Messages

Friday, February 3rd, 2023 3:47 PM

BGW320 public static IP block

I'm an AT&T Fiber customer with 1gig service.  I want to test out hosting some of my own infrastructure and asked AT&T for a public subnet to do it on.  I've paid for a public static IP block (X.X.X.56/29) and configured it in my BGW320 as follows:

I've assigned through the fixed allocation DHCP the .57 address to an machine connected to the BGW320 via the LAN ports, and while it gets DHCP and can ping the gateway (.62), it does not have any network access beyond that.  I've had the same result with both an OPNSense box and a Macbook.

I've disabled the firewall, packet inspection, etc., and have also not configured any IP passthrough.  I can ping the .57 box from other machines both on the public subnet while connected to the BGW, as well as from machines behind the BGW320's NAT on the broader "home" network.  This has stumped me, ATT support, and the 2 different techs who have come out to my house. 

It feels like there is a route missing that links my public subnet with my router and the broader ATT network.  I would appreciate any help in either how to properly setup my public subnet, or even how to further troubleshoot the situation.

I had considered setting up my OPNSense box as a cascaded router, but after one of the many tech visits I no longer have that option available in the UI (which seems odd).  I did successfully setup the OPNSense via IP passthrough, but that only got that box the assigned router public IP and I reverted those settings. I probably could configure the OPNSense box to handle both, but I thought for a relatively simple setup (just hosting a couple servers on the public subnet), it was overkill. 

Thank you in advance for any help. This has been a huge fiasco.

Questions

 • 

Updated 

4 months ago

 • Edited

277

29

0

FastAndLight

New Member

 • 

12 Messages

4 months ago

@ATTHelp are you saying that I need to sign up for something additional for you to troubleshoot your network for something I'm already paying for?  Also, this is not at AT&T wireless problem. This is a fiber internet problem. 

(edited)

0

0

JefferMC

ACE - Expert

 • 

32.3K Messages

4 months ago

Latoya, that's frankly offensive that you would suggest a paid service to correct what appears to be an error in AT&T configuration.

Try again.  And do better.

0

FastAndLight

New Member

 • 

12 Messages

4 months ago

@ATTHelp Its Monday, a new week, a new chance to help resolve this issue.  Can you please find a way to verify that the proper routes are setup between my BGW320 and my static gateway IP.  I would still love for this to be a configuration issue on my end (but nothing seems to indicate that it is).

(edited)

0

0

dave006

Scholar

 • 

3.7K Messages

4 months ago

@FastAndLight 

Don't waste time with Chat or private DM's (just to slow) you need to call 1-800-288-2020 and have a rep verify your Static IP Block assignment that is assigned to your AT&T Account. They should be able to verify your Static IP Block matches their records.

The last oblivious quick test is to restart your BGW320 and your MacBook's IP service if the AT&T records match what you have set for your Static IP Block.

Dave

0

0

JefferMC

ACE - Expert

 • 

32.3K Messages

4 months ago

Even if the records match, that doesn't mean its implemented properly.  But it's a good place to start.

0

0

dave006

Scholar

 • 

3.7K Messages

4 months ago

@JefferMC 

Oh I agree but we have to start somewhere. Once we get confirmation that the account data matches what @FastAndLight has recorded then we can try pinging to the Static IP addresses and see where the path fails from outside the Local Public LAN Block.

Dave

0

0

FastAndLight

New Member

 • 

12 Messages

4 months ago

@dave006 @JefferMC  

To keep playing this game, I called AT&T again and they verified my static IP block.   Anyone that wants to can try pinging 99.34.24.60.  It still doesn't seem to be routing to my router. I can ping it internally just fine. (and no, I don't have any firewalls blocking ICMP externally)

(edited)

0

0

dave006

Scholar

 • 

3.7K Messages

4 months ago

Hmm pinging 99.34.24.60 is a no go with a tracert set to 30 hop limit. Nothing after hop 7 an AT&T Core router.

 5    21 ms    23 ms    28 ms  cr2.ormfl.ip.att.net [12.123.6.50]
 6    27 ms    22 ms    22 ms  attga21crs.ip.att.net [12.122.28.197]
 7    26 ms    23 ms    22 ms  12.122.141.213
 8     *        *        *     Request timed out.

It appears to be a routing issue to your Static IP Block. Maybe easiest to ask for a new Static IP block since you have not used any.

Dave

(edited)

0

0

dave006

Scholar

 • 

3.7K Messages

4 months ago

@FastAndLight 

Also double check you have Drop incoming ICMP Echo requests to LAN set to "Off" on your BGW320's Firewall Advanced page:

http://192.168.2.1/cgi-bin/dosprotect.ha

Drop incoming ICMP Echo requests to LAN: This setting is primarily intended for the Public Subnet (IPv4 hosts). If enabled, all echo requests coming from the Internet to LAN-side devices will be dropped.

Dave

0

0

FastAndLight

New Member

 • 

12 Messages

4 months ago

@dave006

I checked the fw again, and the packet filter is off, and under "advanced fw" (which I annoyingly can't turn off), it is set to disable the drop, as such:

I have been pointing out that traceroute to anyone who would listen for the last week.  Everything is dropped after 12.122.141.213. 

As an experiment I did a traceroute on the block "below" mine, 99.34.24.48/29 and I think that gives an example of what the routing "should" look like:

traceroute to 99.34.24.48 (99.34.24.48), 30 hops max, 60 byte packets
 1  * * *
 2  12.255.11.3 (12.255.11.3)  14.565 ms 12.255.11.11 (12.255.11.11)  14.466 ms 12.255.11.3 (12.255.11.3)  15.104 ms
 3  * * *
 4  * * *
 5  * * *
 6  32.130.16.5 (32.130.16.5)  41.657 ms  33.686 ms  37.989 ms
 7  12.122.141.213 (12.122.141.213)  37.081 ms  34.086 ms  39.959 ms
 8  * 12.122.141.213 (12.122.141.213)  31.046 ms  31.618 ms
 9  76.201.208.132 (76.201.208.132)  30.280 ms  30.479 ms  29.997 ms
10  76.201.208.223 (76.201.208.223)  32.737 ms  32.533 ms  29.190 ms
11  107.212.169.25 (107.212.169.25)  31.947 ms  30.870 ms  30.579 ms
12  76-198-152-170.lightspeed.tukrga.sbcglobal.net (76.198.152.170)  31.796 ms  31.254 ms  34.911 ms

Funny you should mention asking for a new block of IPs. I actually tried to do that on my call with AT&T when I was verifying my existing block earlier today.  It was one of the worst experiences I've ever had. The first rep had no idea what I was talking about and kept reading back to me my fiber gateway IP. He finally transferred me to someone else who did verify my IP block. However, that took about a half dozen tries because his audio kept cutting out for 15+ seconds at a time. He said they were having technical issues on their end. I asked him to call me back when they were resolved so that we could have a productive conversation.  He told me that he couldn't and that I should just call back in 5 or 6 hours.   

0

0

Related Conversations

Loading...

Did this help you?

Tags

router

fiber

internet

Not finding what you're looking for?
Ask a question
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.