dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14027
share rss forum feed

JohnRbrier
Premium
join:2000-10-28
Raleigh, NC

1 edit

3800HGV-B DMZ/firewall disable guide

Click for full size
Settings
Click for full size
LAN
Click for full size
IP Address Allocation
Click for full size
IP Address Allocation
Click for full size
Firewall
Click for full size
Applications Pinholes DMZ
Click for full size
Firewall Status, Done!
I have used dslreports a lot, but I haven't given a lot.. so hopefully this helps some people.

Disclaimer
I made these screenshots *after* I got it configured.
Some of the views will not be completely accurate if you follow it as I have laid out.

Also you may actually have to do this in different order than I show, I don't remember, but regardless the key settings are displayed easily here, just try them in a different order if it matters. I say that because I had a lot of trouble getting the settings to *stick* However that may have been because I was changing the password after I setup the DMZ and disabled the firewall.

instructions
go to »192.168.1.254

When/if you get prompted for the password enter the password based off the label on the left side of the 2 Wire. If you changed it already, enter that password.

WhyMe420
Premium
join:2009-04-06
kudos:1
Nice guide. I've been using those settings since I got the 6.x software back in March.

JohnRbrier
Premium
join:2000-10-28
Raleigh, NC

1 edit
thanks man. I actually just got U-verse today, I got the 24/3 service (Max Turbo IIRC). I'm loving it..

»i.dslr.net/imc/0/0/1/7/92741592.png

before with time warner I was getting unreliable bandwidth and latency spikes in peak hours, ever since school started back up.

any idea why the images load at the top of the post? I want my comments above the screenshots/pictures.

milkman82

join:2006-06-19
Lakewood, OH
Reviews:
·T-Mobile US

1 edit
reply to JohnRbrier
When I do what you say for disabling the firewall I get this message

"It is not allowed to remove the firewall protection on the private device: 10.0.0.12"

Is there something I am missing?

LOL, just noticed the RG sounds like Buffalo Bill from Silence of the lambs! It rubs the lotion on the skin or else it gets the hose again. It puts the lotion in the basket.

Next the RG is going to popup on my screen and say "It wants to listen to goodbye horses"

I have a sexually confused RG!!!! WHY!!! WHY DID THIS HAPPEN TO ME!!!

But honestly..... Any ideas why "It" is not allowed to change firewall setting?

imchale

join:2003-01-04
Charlotte, NC
Make sure you're selecting Settings->LAN->Address Assignment->Public for the system you want to place in the DMZ and disable the firewall on. I received the same error a couple times had to change it to Public and do Save then flip the disable firewall dropdown.

milkman82

join:2006-06-19
Lakewood, OH
Well, I dont want any of the connections to have a firewall setting from the RG. I really just want to turn the RG firewall off.

imchale

join:2003-01-04
Charlotte, NC
As far as I've been able to determine if you're connected to the RG's Ethernet/wireless and you are not assigned a public IP you do not have the option of disabling the FW; I'd love to be corrected on this point however.

milkman82

join:2006-06-19
Lakewood, OH
Reviews:
·T-Mobile US
Yeah, I was worried that was the case. I already have one computer in the DMZ. Now, am trying to connect a webdav drive on another computer for online storage and having problems getting it to connect. So I was going to disable the firewall on this computer too. However, oddly, 2wire must have never thought about allowing users to just shut off the firewall.

Well... maybe if I go in the basement and play goodbye horses while rubbing lotion on my body in front of Buffalo Bill RG. It will allow me access! I could just see my GF coming down and be like "THATS IT! You love that thing more then you do me"

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5
reply to imchale
said by imchale:

As far as I've been able to determine if you're connected to the RG's Ethernet/wireless and you are not assigned a public IP you do not have the option of disabling the FW; I'd love to be corrected on this point however.
Not sure what you mean by "disabling the FW". Unless you buy static IPs, you only have one public IP address. How else are clients outside your house supposed to connect to the servers in your house if not through that public IP? That's how it works.

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5
reply to milkman82
said by milkman82:

Yeah, I was worried that was the case. I already have one computer in the DMZ. Now, am trying to connect a webdav drive on another computer for online storage and having problems getting it to connect. So I was going to disable the firewall on this computer too. However, oddly, 2wire must have never thought about allowing users to just shut off the firewall.
Firewall configuration is really not that hard to do, if you are careful, although I understand your wish to just "shut off the firewall", that wish will not be granted with U-verse. So not to sound harsh, but deal with it, or post a specific question and we'll try to help.

BTW the reason U-verse does not allow you to simply shut off your firewall is that U-verse is not just an Internet service, it's also phone and IPTV video. So the RG has to manage the STB network and the VoIP service, and therefore it has to manage your home network since the STBs are connected via IP over Ethernet or coax (HPNA).


gdm
Premium,MVM
join:2001-06-15
Mchenry, IL
kudos:3
reply to milkman82
You might be better off buying a 3rd party router and sticking that in DMZ and moving all PC related equipment to that.

imchale

join:2003-01-04
Charlotte, NC
reply to MyDogHsFleas
Not to split hairs but .. You could disable the firewall and still do NAT (which is the bit that allows one:many mappings. I see what you're saying however, I'm going to guess that with the nonstatic IP option there are some routing/nat rules that are not visible in the GUI which direct the required packets to the STBs?

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5
reply to gdm
said by gdm:

You might be better off buying a 3rd party router and sticking that in DMZ and moving all PC related equipment to that.
I think that's a valid option if you have requirements not satisfied by the RG for your internal network, or if you just like the second router's firewall configuration interface better.

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5

1 edit
reply to imchale
said by imchale:

Not to split hairs but .. You could disable the firewall and still do NAT (which is the bit that allows one:many mappings. I see what you're saying however, I'm going to guess that with the nonstatic IP option there are some routing/nat rules that are not visible in the GUI which direct the required packets to the STBs?
I gather that what the RG does for the STBs includes:

-- a DHCP interface the STBs can depend on being there
-- a DNS that allows the STBs to find the internal AT&T servers for video, which is provisioned by the RG's DHCP
-- IGMP snooping that keeps all the IPTV traffic off your local network, and vice versa
-- edit: forgot this obvious one: Bandwidth/QoS management for the three services: Internet, Phone, Video

There may be other things it does that I haven't listed, I'm not a super expert here.

Oh and I also gather that even the static IPs have to go through the RG and be managed, they do not provide "naked access" to the Internet.