THIS IS LONG.. IS it worth saving a few thousand for your business connection.
We Recent had a allot of experience with U-verse Residential and business..
I'm getting this info out fast and some of it might be a little sloppy. When I get the full write up done I'll post it in another board for questions and answers. I'm doing short section on residential first.
If your looking for help with Residential because web pages don't seem to open properly. Open your network settings and add public DNS assignments to TcpIP v4. A good place to start is Google public and open DNS. There IP addresses are for Google 18.104.22.168 and 22.214.171.124 AND OpenDNS are 126.96.36.199 188.8.131.52 I suggest you look them up in Google search for more information.
The other and more practical way for residential is to have a second router. plug it into the AT&T 2wire. Wait a few minutes go get a coffee then login to the 2wire. Goto the Network info page and note the name of your router. Then go to the Firewall setting and enable DMZplus mode for your router. once its set use all your networking for your computers or gaming boxes to go threw that router.. There will be more details in the Business IP assignments portion of this BUT this could also solve any minor pix-elation you might be getting by leaving your TV's and phones connected direct to the 2wire. and your computers behind on the second layer. It will also allow to to setup connections from work easierHERE's the Section most business owners are having problems with.
So you had U-verse business installed.. and your Surfing ... AND YOU CAN'T get your 5 Static IP's or more running..I know your pain
We had U-verse business put in about March 30th after long discussions with Techs and Sales people at AT&T We went with it.. Cable wasnt a option because Cable dosn't work properly in our area with lost connections that just won't work.
We have 8 IP addresses assigned to us. 5 of them usable as public IP addresses. We run extensive cloud service here with 18 Websites on 3 servers with POP and SMTP mail Servers with a total of 8 machines running 24/7 over the years the AT&T Static IP's threw DSL have been fine with our other DSL running great for a total of 10 IP addresses. All that and a average of 35Gig of bandwidth for the websites and about 150000 emails a month.
So now it was time better uploads to work with our servers and our own work.So now AT&T U-verse is installed on a Dry loop to our business Which took a lot of pateints to have installed.
They brought out a iNID which is basically the Router mounted outside. Then installed a what looks like a regular 2wire inside and a battery backup to power the outside iNID router. 3 peaces of equipment.. You go through the registration and your surfing... But you didn't come here to find out how to surf or even get it installed You want to know how to use your additional IP addressesBy now you've been put in MAC Address hell.. This WILL fix that
Since the 31st of march I read over 1000 pages
on this, including how bad the 2wire is to different solutions that made for allot of work..
This will still be a little technical BUT will work the first time and you can get back to what you really do for a living.My personal opinion the 2wire solution is brilliant more on that below.
Most businesses will have a IT Guy or Girl or the owner of the business has learned how to be Technical. This wont cost a bunch of money.
Just a little time.. HEY it took you time just to get U-verse give it a little patients.
First you need a older computer that your not using anymore OR look for a cheep Desktop with a minimum of 512 memory.
get 2 Network cards. inexpensive Realtek cards will work fine for this. In the future because of our needs we'll probably be getting managed Intel cards.. 99% of all businesses can probably get away with 2 NIC's(network cards)
So now you have the older computer setup with the 2 network cards.
You need something to run it and be able to assign your IP addresses with MAC addresses.... AGAIN I'M GETTING THIS INFO OUT FAST So it might be missing little details but the setup info works..
To do this we need a Operating system with a router solution.. This was done with PFSense. Some call it a Super router. I call it a Unbelievable Super Router.. Your 2wire router is built around FreeBSD our version is 4.4 PFsense is based on FreeBSD 8.1. For all practical purpose we're using PFsense 2.0.1 the latest build.
You'll need to download this from PFsense http://www.pfsense.org/
and burnit to disk.. There's ALLOT of info and support for the software on there website and Please if you find this works for you Give them some MONEY otherwise it is free
For our purpose we used a Pentium 2.8 32bit with a gig of memory we had laying around.
Once you have PfSense installed and running you need to plug it into the 2wire.
PfSense will run without installing from the CD so you can get familiar with it... For this to work YOU WILL need to install it to a Hard drive.
During the setup you need to setup the WAN NIC(network card) more info is gotten on the pfsense website.
Once PFsense is up and running and your surfing through it.
Goto the 2wire and set it to turn off the firewall for your Static IP's
Goto Broadband Tab> Link Configuration link>
scroll down to "Supplementary network" > Add additional network
Check the box to > Enable
Input your Gateway IP that AT&T gave you for your Static IP addresses
Input your subnet mask usually 255.255.255.248
Check the box "Auto firewall open"
I assume the AT&T tech already did this for you... but just in case you have that info now.
Now goto the Firewall Tab> Advanced configuration
Disable> Stealth Mode
Disable> Block ping
Disable> Strict UDP Session control
Leave UDP session timeout alone.. Pleanty of people have messed with this and for this setup LEAVE IT ALONE
TCP session timeout is great right were it is.
Scroll down past all the rest of the enabled stuff to
Un-check all that stuff.. You don't need it pfSense will do that...
By all means Please leave NetBIOS unchecked.. you dont need to advirtise your network or open the computers this way to the public..
Now goto the LAN tab>
Scroll down to see devices
look for the currant IP and MAC address of the PFsense network card.. If you left it as DHCP assigned it should show your LAST Static IP address
If not at this time reboot the 2wire wait a minute and reboot the pfsense router
Go back into the 2wire firewall configuration > Applications. pinholes and DMZ
click on the pfsense computer link and if its not in the DMZ plus mode check that box or radio button and hit save.
At this point we're ready to get the rest of the IP addresses running as long as you can surf to the web through the pfsense box
In pfSense for our configuration we did a couple things I'll give you at the end. I'm also going to assume you know how to work with NAT port assignments and how to enable ICMP.. Believe it or not ICMP on ATT DSL and AT&T U-verse is important if you want to increase your connection time...
Lets assume your WAN IP is x.x.x.109... Its already up and running and the 2wire knows its MAC address
So in pfsense goto>
Click the plus sign>
Click the box/radio button Carp
Add your next IP if your WAN IP ends in x.x.x.108
(x represents number)
Set your CIDR for subnet 248 that = 29
Set a Virtual IP password.. If all goes well you can even login to pfsence from that virtual IP
Set the VHID Group>1
Since this is the first IP leave it as the number 1
Advertising Frequency> leave as default(Master) base 1 skew 0
Give it a short description you will use that name in NAT later on... I use the IP and the word "Static"
Hit Save the screen hit apply
Lets add another IP
click on a plus sign to add again follow the directions just above
Add the IP CIDR and password
Set the VHID Group to 2
Advertising Frequency the same as the first Virtual IP
Add your description and Save then apply
You can add more if you want but at this point you can check to see if there working in
In Status>Carp they should show as MASTER with a Green running arrow.
If you scroll down a little to find.......
the x represents a number
Simply said these numbers represent HEX addresses which are translated to MAC addresses that the 2wire router then recognizes...
You can also add this to the pfsense
As a Safety we added loop to our madness
I mentioned the 3rd network card. we added the interface and enabled it.. DO NOT ASSIGN IT to anything at this point.
We then added to
Click the Routes Tab
Add your pool address and gateway.
Reboot your (2wire and pfsense)routers and go check for the IP's now showing in the 2wireplease note
It could in some cases take a little bit to propigate the CARP virtual IP's
I hope this has been a big help to someone and as I get more of my info and desktop captures together I'll clean this up a bit.
In the mean time dont hesitate to ask for help in the forum.
Some of the other things we have running in pfsense is pfblocker and Squid proxy.
Also keep in mind pfsense is running services and a firewall.. these should be treated seperatly mentally and your not opening things in the 2wire firewall to your network. Your openhing them to your new firewal to control..Important to note:
U-verse will pass DNS public. So using a DNS IP other then what AT&T assigns is important
ICMP will increase reliablity to a AT&T connection.. Opening the Advanced Firewall in the 2wire is not decreasing your security.. pfsense will.. Some people think its double NAT from the 2wire threw pfsense.. Ive ran enough tracerts and pings to know its passing just fine.. if your not sure do a packet sniff frrom pfsense.. they have it built in...
This is as close as your gonna get to having a True commercial Cisco router without the expense or headaches.
We've been running pfSense builds since just before version 1.2.1... once you setit you can forget it..
With pfsense we dont use allot of the addons.. Squid proxy is to help cache our websites not SSL or SSH.. it speeds up the webpages a touch.. Squid can also be used to GET windows updates but we don't use it for that.
pfblocker we use to block by country name or a CIDR set of addresses that have attacked the router
WE also set these up in other places bonding more then one ISP or Failover and decrease latency
our laTENCY in this particlar build averages 30ms and in pfsense 0.72ms
Memeory use is about 10% the Swap file is 0 and CPU fluctuates from 0 to 6% on a normal day.. We have seen it as high as 20%
The last Pfsense box we setup was for a Comcast business connection that was subscribed to as 12down x 2up with it bonded to a AT&T DSL at 3 x 512Kb... End results were 56Mb down by 5Mb upload... Dont ask for that secret KEEP IN MIND besides giving this info most of the info for the build of YOUR pfSense box is on the pfSense Website.
They deserve 99.9999% of the credit without CARP I wouldn't be writing about this...
Please donate to there website.. This isnt cheap to support BUT man you'll save on nightmares at night knowing your up and running..
ThanksPublic static IP not working after u-verse AT&T U-Verse Static IP get information about a Static IP? - AT&T