Uverse DSL With Static IPS WORST ISP EVER! in AT&T U-verse

Re: Uverse DSL With Static IPS WORST ISP EVER!

Mon, 07 Sep 2009 03:29:33 EDT

SgtPepper : Wow this was some read I just got Uverse a week ago with the 3800HGV-B Gateway and /29 of sticky IP's. There are many ways to make all this work. I'm using a Cisco 1841 router yet this approach will work with many Linksys routers as well. Mac address cloning or spoofing is the key to get this to work.
Before I got started I set the mac address on the network interface of my laptop to match that of the F0/1 interface of the 1841 router. Next I connected to the 2-wire gateway with the laptop, assigned a public IP address to it followed by and IPCONFIG / Release & Renew. Verified it worked and then moved the cable connected to the laptop to the f0/1 interface of the router. Log into the router and configure it with the same public IP address and the 2-Wire 3800HGV-B Gateway will never know the difference.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 02 Jul 2009 21:30:39 EDT

anon : First of all, thanks for posting the rant. :) I just ordered Uverse and would have been pissed if I found out about this after my 30day money back period. Has anyone (specifically x51) tried h3lix0's solution? It seems that if this does indeed turn the 2wire box into a plain IP router then it should address the problem.

I've got a slightly different solution if the above doesn't work... x51, you mentioned you had set up linux as a gw/fw. If so, then if you are using a recent distro of fedora, you can try iproute2 and the macvlan kernel mod. It seems to have been introduced sometime between fc7 and fc10. Not sure about other distros. I'm sure you can download the latest kernel and iproute. I wasn't able to get the necessary iproute version via yum on fc7 with stock repo's so I didn't try very hard. This would allow you to configure a/multiple link/s (shows up as an interface via ifconfig) on a single ethernet interface each with a different mac and ip. I tried it out and it sends and responds to arps with the correct ip/mac combos. Seems like this would allow you to build a linux gw/fw/nat box that would do exactly what you want without having to resort to vm's.

I'll have to play with some of this myself once my service is installed.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Mon, 29 Jun 2009 04:41:55 EDT

h3lix0 : I can't get you Layer 2 - but I can at least get you layer 3 routed via the 2wire without the need for DHCP.

1) Configure the normal private IP range.. you probably already have this setup, but you can not configure the 2wire POS using the public IP interfaces.
2) Under the uverse configuration, go to the "Home Network" tab
2.1) Click "Advanced Settings". Down below, you will see a "Public Routed Subinterface" option. This is key.
3) Give your "Router Address" one of the public routed IPs given to you by AT&T.
4) Subnet mask will probably be a /27.. As a network engineer you'll know this is 255.255.255.248 - but for anybody else who is playing along at home, this is what you enter here if you have the lowest static package.
5) "Auto Firewall Open".. select this.
6) Clear your "Device List" by heading to

http://ip.of.gateway/mdc

and clicking "Resets" on the left hand side. Click on the "CLEAR" next to "Local Network"
7) Add devices onto your network in your IP address range, use the "Router Address" configured above as your gateway
7.1) Ping the gateway "Router Address" from the node you bring up on the network. The gateway seems to be braindead enough not to ARP, so at least this way it knows your MAC address
8) Under the same "Home Network" -> "Advanced Settings" tab, click "Edit Address Allocation" on the right when you have a node online
9) Make sure "Firewall Protection" is unselected. This is what turns this beast into a dumb gateway for your public address range. (It may already be deselected)

Downsides:
For the life of me, I have not been able to figure out why MTR and Traceroute still do not work, even with this thing configured as a gateway. Other than that - enjoy turning your 2wire into a gateway.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Sat, 13 Jun 2009 17:33:33 EDT

anon : x51 - Thank god for your post. I was beginning to go thru the same thing you did, however luckily i found this posting. Setting up a half a*s network is not an option for me. Thank you again for saving me tons of time!

Re: Uverse DSL With Static IPS WORST ISP EVER!

Fri, 05 Jun 2009 22:41:17 EDT

x51 : anderboy, as far as I can tell the 2wire wont route for me.

So if i have a server with address 75.100.75.121 with it's gateway being the 2wire public 75.100.75.126.

And I have... say... a printer running off the 2wire using an ip in the default private subnet 192.168.1.31. with the 2wire (192.168.1.1) as its gateway.

The 2wire wouldn't route the traffic to the other interface as I expected it to. It seemed I had to add a second nic, or at least a second IP to the server in the 192.168.1.x subnet so they could communicate.

Routes are only as good as the router you point them at.

Should the 2wire have routed this for me?? I was so aggravated over all the other issues, I put little time into testing the actual routing since it was a such a small part.

I'm guessing here... but I imagine if it were to route this for a 192.168.1.x device to talk to a 75.100.75.x address the firewall would need to be opened on the right ports?

Re: Uverse DSL With Static IPS WORST ISP EVER!

Fri, 05 Jun 2009 14:21:20 EDT

anderboy :

said by x51 :

2) The only way to use the static IPs provided is to have their 2wire device assign them to your equipment via DHCP. That’s awesome.. So.. I have to have real public IP addresses on my machines to use the static IPs. (Theoretically you can manually assign the public’s to your equipment, but it does not work for reasons mentioned below.) So no NAT???? I cant NAT a public on the gateway to a private in my network? NOPE.. sorry. Publics for everything! ... with Public IPs on my equipment, how am I supposed to talk to my printers, Active directory servers, portable devices..etc?? Do I ask them for more IPs to cover my whole network? Or do I now put 2 network cards in each of my public facing machines? One with the public IP and one with the private?

Why not just change your routing tables on the public machines? You don't need two different network cards to talk to two different subnets.

~$ sudo route add 192.168.1.2 dev eth0
~$ ping 192.168.1.2

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 04 Jun 2009 23:17:25 EDT

anon : I too am feeling the U-verse pain and hoping for a business class device that can be bridged.
To answer the "why would you need several static IP's" question, it is because we have multiple web and e-mail servers in our network. We need to NAT port 25 (SMTP) and port 80 (HTTP) in from the Internet to different web and mail servers on the private LAN.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 04 Jun 2009 15:58:46 EDT

x51 : hahahahahahahah LMAO. I had also considered that approach. but I think a Linux firewall with 5 nics would be neater.

I spoke to Level 2. Actually the Tech who did the "Install" didn't know anything about static IPs. He gave me the number the Techs call that goes directly to level 2. After answering the "How did you get this number" questions... They confirmed that that’s just how it works. I'm SOL

It's not really a matter of "How to". the interface is self explanatory... the only way to do what I need would be new firmware or possibly full command line access to turn on disabled features.

Anyway, I canceled the statics. I put my Cisco in DMZ mode and I'm port forwarding to my various servers. I'll live with the single IP. It's not what I wanted, but it'll do until they offer a better device or I change ISPs.

I sent a nice tech who contacted me through here an email offering to become a beta tester for a new device / firmware... LOL

Re: Uverse DSL With Static IPS WORST ISP EVER!

Wed, 03 Jun 2009 19:07:42 EDT

anon : what about using 5 routers :) Unfortunately that is what I am doing at this time. Yeah i know it sucks and yeah the Uverse RG sucks but I had them laying around and had to do something.... Dont ask to see pictures of my rack its pretty lame looking with 4 linksys routers, 1 cisco pix and 1 rg :P

x51 - on another note there is a tier 2 support number that you can use to get a tech on the phone.. those uverse business tier2 guys actually know stuff. Havent called them since I had the service installed 4 months ago but last time I spoke they did say they are working on a new hardware solution for business customers. not sure why they would release a product like this when its not ready at all. its still in alpha IMHO.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 21:31:02 EDT

x51 :

said by bclbob :

x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network.

Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs.

Well with the publics on the machines, I can still use the RG as a firewall... but it all seems to come back to 2 NICs. The one solution from djrobx with the VM linux firewall is the only way I know to avoid it.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 21:22:32 EDT

bclbob : x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network.

Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 21:15:36 EDT

x51 :

said by mhetterm :

Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...)

I have a windows exchange server with Outlook web access, A windows Web server, A linux Apache Web server, a VPN device, and an SFTP server.

There are many workarounds (As I'm doing right now) to fit this all into a single IP address. I can use port forwarding to different devices. The most difficult part is the multiple servers that require port 80 and 443.. simple port forwarding won’t cut it. Right now all websites point at one server on port 80 and 443, and redirect to the proper servers on other ports. I dont want to make people remember port numbers.

I CAN move the important things to one of my datacenters where I wont have any issues... Most of the stuff I have is just for a test lab..

It's more about the point that with any other ISP that offers statics, this would not be a problem. going from AT&T DSL to AT&T Uverse I thought would be pretty simple.

I don’t mind a LITTLE compromising, but it's getting silly.

said by Tigerpaw509 :

Would be willing to bet this guy talks for 3 hours on a conference call without a break.h]Has to be one of the worst rants on here

Hrm.. maybe thats why I was on with tech support so long??

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 21:04:09 EDT

x51 :

said by djrobx :

If you want to "roll your own" routing, you could run Linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces.

I had considered something similar.... I have a bunch of 4 port Ethernet cards. I considered throwing 2 of them in an old PC and building a Linux firewall. This could solve the issue with the RG only working off of physical mac addresses.

The Virtual solution WOULD effectively do the same thing and sounds like a better Idea. I may give that a shot.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 21:00:42 EDT

Tigerpaw509 : Would be willing to bet this guy talks for 3 hours on a conference call without a break.h]Has to be one of the worst rants on here

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:59:43 EDT

mhetterm : @x51 - you are correct, I have a single dynamic IP - I don't have need for statics, as my router updates my dyndns account (and, apparently, u-verse "dynamic" ip's don't really change)

My point was only that the service _can_ be used for business purposes. I completely agree that AT&T should figure out how to provide a true bridged internet pipe via u-verse - but they don't at the moment, so we have to find work-arounds, or you can drop the service.

Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...)

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:57:17 EDT

Tigerpaw509 : again what about his johnson

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:51:47 EDT

David : We also even have a direct forum as well...

»/forum/sbcdirect

I do take in problem reports and now that I have more uverse people listed in direct it's getting quite relaxing as I have more time to also focus on other AT&T problems as well.

$fontbg oh look more research! $Fontbg
--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:41:49 EDT

djrobx : If you want to "roll your own" routing, you could run linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces.
--
AT&T U-Hearse
Your funeral. Delivered.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:36:46 EDT

x51 :

said by djrobx :

What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem.

I can confirm in DMZ plus mode i have IPSEC VPN working. I have read posts from many others who, like you, can not get it to work though. I dont know if all of these devices have the same firmware?

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:31:24 EDT

x51 :

said by mhetterm :

Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!)

I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine.

Asking for solutions is quite a bit more productive than just ranting ...

Your solution is the most common found for this issue. The problem is that it sounds like you are using the single provided IP and your own router in DMZ mode. This is actually how I'm running right now, because it mostly works.

If this IS indeed the case, the problem is that your solution does not address my rant at all. I want to use my block of 5 different static IPs. I want to NAT them and only require 1 NIC in my servers.

If I misunderstood and you ARE using a block of statics, I'd be interested in more detail.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 20:22:18 EDT

x51 :

said by x51 :

Their static IP offerings must have been planned out by a bunch of 9 year olds with head trauma.

said by apeface :

I would offer suggestions, but I would be one of those "9 year old with head trauma" you mention an tend not to want to help people who insult me.

So you are an engineer who helped plan out the current service from Uverse?
If not then the comment was obviously not directed at you, and I would welcome and sincerely appreciate any suggestions you may have.
If you ARE an engineer who helped plan out this setup, then I’m sorry I ruffled your feathers and welcome you to prove me wrong. If it would make you feel better to take a hostile tone and belittle me back while doing so… that would be fine too. I’d welcome the smackdown if it would get my network working the way I’d like it.

said by apeface :

I have the static IP package, a Cisco 878, a couple VLANS set up, and the 2 vpn's I have set up run fine. My wife is running a nice little web server I build for her as well. That also works fine. Only issues I have run into was with a wireless camera.

I know it was a long rant, and you probably didn’t read it thoroughly.. or maybe I just didn’t explain well… Sure I can give my Cisco firewall a public IP. I can make my VPNS work that way.. I can add all the vlans I’d like to the private network but the gateway cant be setup to VLAN. I cant have the private side of it in one VLAN and the Public side in another VLAN. I’d have to do all kinds of silly routing that I should not have to do to make it happen. The only way to get my webserver on it’s own public IP is to expose it to the 2wire and put the public directly on the server. I can’t put it behind the Cisco firewall and maintain its Public IP using NAT. I would have to setup a webserver with a public IP and add a second network card with a private IP, then setup the Cisco with a public IP, then add routes to the webserver to go out the Private network card and hit the Cisco on the inside interface to use the VPN.

All the things CAN be done, but in a convoluted roundabout ridiculous way. I think that’s a pretty poor setup to have to work around the gateway like that. If you have another solution I’d welcome the input. I’m thoroughly interested on how you have all your stuff configured.

said by apeface :

Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead.

Hrm.. Good point… Tell me if this is enough research…
(All this stuff below is a seriously condensed version of my research)

Day 1: Tech who came out was useless.. never heard of static IPs. Spent an hour setting it up myself. got it to work but ran into the issues I mentioned, figured I must be missing something. Called Support, took my info and dropped me in the transfer never called back. I Called back, finally got a level 3 tech. didn’t know anything about statics, sent me to the static IP department, Spoke to them. They transferred me to another level 3 tech who didn’t know anything about statics and asked why they would transfer me to him.. like I would know. He sent me to someone else. They explained how to configure the static IPS. I let them talk, and it was just what I had already setup. I asked how to NAT them so I could use private IPs on my servers.. they said I couldn’t use NAT. I asked how I would talk to my printers and such… silence… then “I don’t know”. I asked would I have to have two network cards.. the reply was “I guess”. That was it… all that took almost 3 hours. I did some research online. Found bunches of people with the same issues.. no real solutions. I could ask the same question, in the same forum, and get the same non-answers… I still must be missing something. I called back, Got another tech. Asked to be escalated to Level 2. Spoke to a level 2 tech who was more knowledgeable, but confirmed everything the first tech had. You can’t NAT, and You must use Public IPs on your equipment. I called customer service to switch back to my old ADSL. They gave me a free month of this Special Pay support called Connect Tech or something. They claimed that would solve everything. She said “They can even connect to your machine remotely and do it for you”. I guess I was supposed to be impressed. I acted like I was. They said I could call in about an hour to get support. About an hour and a half later I called. I was told that I had to wait 24 hours so they could put in a ticket and get me setup. I got my internet working myself, but imagine if I really needed help connecting to the internet???

Day2: Called the Connect Tech support Plus line back. After almost an hour of being on hold, and answering questions They said I wasn’t in the system right and they would call me back after they had a manager set me up. 2 hours later they called back and told me they could “Schedule an appointment” for tomorrow to talk with someone. I complained about the fact that I was told I’d have support in an hour the previous day.. they said they would call me back. An hour later A tech calls and remotes into my machine. Looks at the router and tells me that I have it configured right and does not understand my issue. I explain and I ask the same questions and I’m given the same answers. You can’t NAT, You must have public IPs on your equipment, You need 2 nics, You really should use DHCP from the router or your machines may not show up reliably.

Day 3: Looked online some more. Looked into buying my own device, Looked up all the threads I can find to possibly fix this. Like before everyone in a similar situation was pretty much SOL. The only answers are use DMZ plus and use your own router. That works if you don’t want to use 5 static IPs. I called AT&T to ask again to switch me back to my old DSL. They said it would take 7 days and I’d be without internet all that time. I asked cant you turn off the uverse when I get my other line turned on like you did when I switched to Uverse. She said no, they need to turn off the uverse to provision the other service. She was really nice and convinced me to talk to support again. I did… They had no clue, transferred me to another department, who transferred me to another department, who dropped my call. I called back tech support spoke to them some more, transferred another time, until customer service was closed.

Day 4: More online research… more nothing… Finally Posted my rant.

said by apeface :

Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead.

Exactly how much research should one do?...

My rant was not to get help…. It was to warn others before they end up in the same situation. Enough disgruntled posts like this, and perhaps someone will fix the issues. I estimate damn close to 14 hours of tech support calls when you include all of the holding and providing my information over and over but NOT including my own research on the web. The tech showed at noon the first day, and I got off the phone with the last call at 10:30pm But some of that Time I was working on it myself, looking online and I ate something… but it was a solid 6 hours at least on the phone. On the second day I spent another solid 4 hours. And at least 3 – 4 hours the 3rd day. I also in addition to the 14 hours spent at least 6 hours reading in forums. I even tasked the others at work to find me a solution… nothing.

I don’t think I know it all, what I wrote here regarding the configuration was confirmed many many AT&T techs. If I’m wrong about any of it, so are they. At least the ones I talked to. The opinion parts, are just that.. my opinion.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 13:43:48 EDT

bclbob :

said by ozzy6900 :

There is a lot more to the RG than just the Internet access.

Not to me since U-Verse Small Business is internet only.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 12:43:16 EDT

ozzy6900 :

said by bclbob :

I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting:

Seeing as how Uverse TV is proprietary, it is doubtful that you will see 3rd party modems for quite a while. They will have to decode the TV signal and VoIP in addition to the VDSL. Just the VoIP alone is enough to scare the hell out of many of the manufacturers because they realize that the modem has to act like a Central Office to the telephones that stand behind it. Most people don't understand this. There is a lot more to the RG than just the Internet access.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 12:39:39 EDT

mhetterm : @djrobx - I have a Netgear FVS336G on either end (doing router-to-router ipsec) - I didn't change the setup from when I had plain old AT&T dsl - just put the router in DMZplus and it worked ...

@bclbob - I agree the ICMP issue is there, but in reality, it's kind-of a non-issue - do you _really_ need to tracert all the way into your home network? I still hope they fix it, though. Re: 2wire proxy - I haven't run into any problems yet (3 weeks with this setup).

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 11:37:13 EDT

djrobx :

quote:
I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints!

What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem.
--
AT&T U-Hearse
Your funeral. Delivered.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 10:07:18 EDT

bclbob : I'm glad the DMZplus mode is working for you, but it isn't working for me. And the DMZplus mode doesnt pass ICMP traffic. And the 2wire is still firewalling and proxying, so you're limited to what the 2wire can proxy (1024 connections?)

I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting:

1) are you using the U-Verse RG? No? Ok use that, if its still a problem call us back.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 10:04:31 EDT

bclbob : That's what I have and I have the U-Verse Small Business service (ie. more expensive for the same Internet, but my company wants me to have a "business" service for expenses purposes).

I'm trying to figure out if I can use the 2wire to do all of the authentication stuff, but then have some other device really do the IP. I think it would take some fancy layer 2/layer 3 filtering and NAT though. It'd be a fun hack that not many people would be able to pull off.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Thu, 28 May 2009 04:30:06 EDT

mhetterm : Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!)

I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine.

Asking for solutions is quite a bit more productive than just ranting ...

Re: Uverse DSL With Static IPS WORST ISP EVER!

Wed, 27 May 2009 23:33:12 EDT

apeface : Another engineer, lulz.

I have the static IP package, a Cisco 878, a couple VLANS set up, and the 2 vpn's I have set up run fine. My wife is running a nice little web server I build for her as well. That also works fine. Only issues I have run into was with a wireless camera.

Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead.

I would offer suggestions, but I would be one of those "9 year old with head trauma" you mention an tend not to want to help people who insult me.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Wed, 27 May 2009 22:47:11 EDT

x51 : So the uverse business has the same device?

From what I read... you cant use anything but the modem they provide. It uses Certificate based authentication for the network, and no other device would work without some reverse engineering and custom firmware.

Re: Uverse DSL With Static IPS WORST ISP EVER!

Wed, 27 May 2009 22:13:24 EDT

bclbob : I couldn't agree with you more. I was considering static IPs on my line but seeing how the DMZ mode works (or doesn't, see my thread on that) and statics basically work the same way, I decided against it.

Even in DMZ mode, its not bridging traffic, it's proxying inside the 2wire. And they even forgot to proxy ICMP, so traceroute doesn't work.

I'm seriously considering trying to hack around the requirement to use the 2wire, it seems like the basic service is ethernet/layer 2 over VDSL, but it seems like the 2wire performs IEEE 802.1X and possibly HTTPS posts to AT&T and 2wire, or AT&T disconnects service on the line.

My day job is a network engineer, and the 2wire makes the U-Verse service a joke. I even have this piece of junk on my "U-Verse Small Business" account. To think I used to mock the piece of junk SMC modem Comcast gave me as part of their small business service, but it seems light-years ahead of U-Verse.

All I want is a bridge modem, so I can take the layer 2 and plug it into my Cisco 3745 router. Or even the ability to use a Cisco 887V router.

Uverse DSL With Static IPS WORST ISP EVER!

Wed, 27 May 2009 20:20:28 EDT

x51 : I'd like to know I'm the only one who tried thier static IP option?

I'm a network engineer. I have setup hundreds of clients on everything from DS3 lines to DSL. I’ve used every firewall I’ve ever heard of from Linksys to Juniper. (I built several of my own Linux firewalls as well) Most of my clients use Cable or DSL because these days the speeds are significantly better than a t1 and way cheaper. There are few ISPs I have not setup for various clients nationwide.

At&t Uverse is the worst ISP I have ever dealt with.. there is not even a distant second. On a scale of 1-10 with 10 being the worst, they are a 4,738 Their static IP offerings must have been planned out by a bunch of 9 year olds with head trauma.

If you don’t need static IPs and you are a typical home user.. the service is probably fine. It will get you on the internet, and as long as you don’t need support You'll be ok.

Everything here has been confirmed after over 14 hours of Tech support calls.

So... As a network engineer, I have an extensive test network at home. It's mostly Windows with Active Directory, Exchange, Web Servers.. etc. I need static IPS. I was an SNET > SBC > AT&T customer on standard ADSL with Static IPS for years with no issues except slow speeds. But this network was not built by AT&T, it was inherited by them.. so it worked.

Anyway... I find I can now get static IPs from U-verse with a tremendous speed boost for the same price I pay for my regular DSL.. no brainer?? Of course. I order it up, and they can install it in 2 days!!! WOW. They tell me I need a tech to come out because static IPs are "Complicated". It's $149. I explain I have U-verse already for TV, and I have the modem setup and wired already.. cant I do a self install? They wont budge.. They just keep saying that Static service requires a tech due to the “complicated” setup. Whatever.. I want my shiny new connection! Just do it.

So the Tech shows up, Walks in, looks at my modem and says “connect your laptop to this wireless it's called 2wirexxx.” So I connect (I had changed the name a while back, but I didn't need to confuse him.) He then says “this is the key for the wireless” and reads it off the box. (I had already changed that too) So I type in the key and connect up. He says “Open a web page”. I do. It opens the DSL reg page. He says “answer the questions.” I do. He says “you’re all set” and gets ready to leave... Um... OK... ? Where are my static IPs? He doesn't know what a public static IP even is. I had to explain the difference between Private IPs (192.168.x.x, 10.x.x.x, 172.16.x.x... etc) and Public IPs. “Complicated” indeed.. He calls for support and they give him 5 static IPs. He tells me what they are and says.. “So your all set”. Um, What do I do with these IPs.. do I need to configure them? He says “I don’t know, I didn’t even know they offered such a thing. You can call for support…” That’s it? I paid $149 for that. NO.. Actually I won’t be paying that bill.

So I take a look at the 2 wire 3800HGV-B gateway (The worst piece of crap gateway ever created.) It was Easy to configure, but the problem is with how it works…. I must have done something wrong. After ridiculous hours of tech support, dropped calls, and being transferred is a constant loop.. It is determined that I set it up right, the thing just plain sucks.

1) This gateway does not go into bridging mode. There is no bridging mode. Forget about transparently passing your ips through to be handled by a real firewall. I can’t use my Cisco Pix any longer… I can get over that if the damn 2 wire was not such garbage.
2) The only way to use the static IPs provided is to have their 2wire device assign them to your equipment via DHCP. That’s awesome.. So.. I have to have real public IP addresses on my machines to use the static IPs. (Theoretically you can manually assign the public’s to your equipment, but it does not work for reasons mentioned below.) So no NAT???? I cant NAT a public on the gateway to a private in my network? NOPE.. sorry. Publics for everything! To a morphine addicted coma patient this might not be a problem but, with Public IPs on my equipment, how am I supposed to talk to my printers, Active directory servers, portable devices..etc?? Do I ask them for more IPs to cover my whole network? Or do I now put 2 network cards in each of my public facing machines? One with the public IP and one with the private?
3) The 2 wire talks to both the private and public IPs on the same Ethernet port. This device does not support Vlans. Great!! So if I do go the N Network card route I now must mix multiple subnets and broadcast domains on the same switch. It’s the only way. It WILL work, but it’s really bad practice. AT&T engineers probably don’t know that… afterall they are 9 and have head trauma.
4) The 2wire works off of Mac addresses. It identifies your devices on your network (when it feels like it) and they may or may not show up in the device listing on the 2wire device. This is how you assign your addresses to devices. If you manually assign addresses they may not show up for up to 48 hours (in my case). This is why you cannot use a real firewall. The 2wire will see it as a single device and only allow it to use one IP. You cant just send all your IPS to it and NAT like a standard network should be.
5) Once your devices have public IP addresses. You have to open the right ports on the gateway to allow things like mail, and http access inbound. Unlike any regular firewall on the planet from belkin to checkpoint you can simply NAT a public ip to a private ip, and open up any ports to any IP you wish whether there is a device using that IP or not. Not here. If the Gateway does not see your device connected to it, you can’t open up ports. So if I statically assign my ips, and the devices do not appear in the 2wire device I have to wait until they show up to open the ports.
6) If you connect to the 2wire and you get a DHCP address like 192.168.1.66, then you configure the device by turning off dhcp, and changing the IP subnet to something other than 192.168.1.X you have big trouble. The device remembers your original device got its address through DHCP and it has a 192.168.1.x address. It shows in the device list and will not change. You must turn DHCP back on to get an address on the current network or it does not see your device as being active with it’s new IP. It stays listed as 192.168.1.66. since you changed the subnet of the device to something else, every operation you perform regarding IP Assignments will error on you with “Invalid IP” because it lists a device with an IP on another subnet and it cant handle that. You are now Stuck. There is no option to remove devices or to tell it that it has a new IP.

Remember this is a static IP service. People who request static IPs have a need to do so usually because they are a business, or they are hosting something. With the static IP service should come a gateway that can handle these IPs properly. Every ISP I have ever dealt with offers a modem that has firewall / NAT features. You can always turn these things off and use your Own firewall / Nat device. This gateway is totally inadequate for anyone who would request static IP service. Furthermore The gateway cannot be swapped out. AT&T will not give you any alternate device, and your service is tied to that device. You cannot buy your own replacement.

What I listed here was not even half of the issues I’ve found. I didn’t even go into the fact that I can longer maintain Point to Point VPNs because I can’t use my Cisco, and this device has no VPN options. I can’t connect to my VoIP server at work with my softphone, or the nearly 14 hours, and 27 different incompetent support personnel I went through. The fact that AT&T can’t even transfer a call without dropping you is pretty pathetic.

In every way this is the absolute worst excuse for a service I have ever encountered.