BGW320-505 Static IP

The Static IPs are setup in Home Network but you cannot see any of the statics on the internet.  ATT keeps saying its our config, but shouldn't the Public Subnet Gateway IP (.190/26) be pingable on the the internet?

By default the BGW320's Firewall blocks inbound ICMP Echo requests to the LAN. You will need to turn off the following setting to allow your Public IPs to be Pingable from the Internet. However this is not a good idea for security reasons.

Here is the BGW320 link: http://192.168.1.254/cgi-bin/dosprotect.ha (You will be promoted for your Access Code)

Just turn off the First Entry: Drop incoming ICMP Echo requests to LAN (Default is On | change to Off) and hit Save.

Drop incoming ICMP Echo requests to LAN: This setting is primarily intended for the Public Subnet (IPv4 hosts). If enabled, all echo requests coming from the Internet to LAN-side devices will be dropped.

Dave

Yep turned off.  I can ping the Dynamic WAN IP 156.168.  I cant communicate at all with the /26

This appears to be a routing issue on the ATT network.

For example, heres a trace route to the Dynamic WAN IP (we'll call it 156.168)

 4  cr1.ormfl.ip.att.net (12.123.34.26)  9.451 ms  9.307 ms  9.178 ms

 5  cr1.ormfl.ip.att.net (12.123.34.26)  9.050 ms  8.896 ms  8.777 ms

 6  12.123.34.65 (12.123.34.65)  6.180 ms  5.210 ms  5.230 ms

 7  * * *

 8  * * *

 9  32.130.24.145 (32.130.24.145)  6.774 ms  6.669 ms  6.549 ms

10  99.168.25.135 (99.168.25.135)  6.894 ms  7.452 ms  7.353 ms

See how it makes it to ATT's headend of 99.168.25.135 ?

Now a trace route to my Static IP (well call it 244.189)

 4  cr2.ormfl.ip.att.net (12.123.34.154)  12.748 ms  12.583 ms  12.483 ms

 5  cr2.ormfl.ip.att.net (12.123.34.154)  12.353 ms  12.231 ms  12.129 ms

 6  * * *

 7  * * *

 8  * * *

 9  * * *

10  * * *

No workie...

And trace routes outbound

From a computer on 192.168.1.0/24

1 192.168.1.254

2 107-139-44-1.lightspeed.dybhfl.sbcglobal.net (107.139.44.1)

3 99.168.25.134 (99.186.25.134)

4 * * *

5 * * *

6 * * *

7 32.130.17.17 (32.130.17.17)

8 12.244.32.18 (12.244.32.18)

From a computer on my static ip

1 xxx.xxx.244.190

2 * * *

3 99.168.25.134 (99.186.25.134)

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

My guess is the /26 of IP isnt actually routed to me but how do I get ATT Level1 to understand that?

Now a trace route to my Static IP (well call it 244.189)

 4  cr2.ormfl.ip.att.net (12.123.34.154)  12.748 ms  12.583 ms  12.483 ms

 5  cr2.ormfl.ip.att.net (12.123.34.154)  12.353 ms  12.231 ms  12.129 ms

 6  * * *

 7  * * *

 8  * * *

 9  * * *

10  * * *

No workie...

How long ago did you get this Static IP block and did you have someone read it to you from your Account at AT&T or did you get it via email?

What network is the source of this trace inbound to your Public IP block? And do you have Allow Inbound Traffic set to On for your Public Subnet setting in the Subnets & DHCP Settings page?

Dave

This account was setup brand new last Tuesday (about a week ago). ATT configured the modem, ive spent hours on the phone today and had them read it to me.  They keep saying it's "device related" because the ip's are configured on the modem.  Tried explaining that the IP's arent routed

The Public IP Block is indeed the source

Allow Ibound Traffic is set to On

The /26 doesnt make it to the modem based on trace routes, and traffic from the /26 doesnt make it past the modem

It does appear at first glance to be a issue with your Static IP block but you are still confusing me by a couple of things you posted. For your Static IP Router address it should be one less than the highest IP in your Static range. Are you using a secondary router or the BGW320 to manage your Static IP block?

Now a trace route to my Static IP (well call it 244.189)

 4  cr2.ormfl.ip.att.net (12.123.34.154)  12.748 ms  12.583 ms  12.483 ms

 5  cr2.ormfl.ip.att.net (12.123.34.154)  12.353 ms  12.231 ms  12.129 ms

 6  * * *

 7  * * *

 8  * * *

 9  * * *

10  * * *

No workie...

The Public IP Block is indeed the source

In this in bound trace to a computer on your Static block you indicated in your last post that your source address was but the trace indicates that as of hop 4 it is being routed outside of your Fiber connection. Did you really mean your Public IP block was actually the target of the trace?

The trace output shows a couple of hops in AT&T Network in Ormond Beach on the way to Daytona.

ETA: Still learning to type...

Dave

it depends.  i’ve traced both ways.  the /26 is not making it to the modem from outside.

So... clear these points up for us:

1. Is your /26 block the .0, .64, .128 or .192 block?  Your examples imply the .128, is that correct?
2. Is the above the value in the Home Network > Subnets & DHCP > Public Gateway Address?
3. What is the Public Subnet Mask you have in the next field?

It does sound a bit like the configuration of the subnet may not be correct in the network, but AT&T doesn't make mistakes, their network is perfect, all problems are between the OLT and the chair.

Hello

1. The /26 is assigned as xxx.xxx.244.129 - 190 with .190 being the "Public Gateway Address"

2. The Public Gateway Address is xxx.xxx.244.190, The Public Subnet is 255.255.255.192

When I place xxx.xxx.244.189 with 255.255.255.192 and xxx.xxx.244.190 as gateway on a device, I can ping xxx.xxx.244.190 but cant ping out to the internet.

When I place 192.168.1.64 with 255.255.255.0 and 192.168.1.254 as gateway on device, I can ping out to the internet but im recognized as the Dynamic WAN IP which is xxx.xxx.156.168 (as expected since Im natting to the WAN)

From outside the ATT Network, I can ping xxx.xxx.156.168 (Dynamic WAN) but cannot ping xxx.xxx.244.189 or xxx.xxx.244.190

 - Within the Modem -> Firewall I have

  Packet Filter: Off

  IP Passthrough Off

  NAT Default Server Off

  Firewall Advanced Off

So... your Subnet address is x.x.244.128, yes, I forgot that the Gateway Address for the subnet is what the GUI wants and that is .190; that is the correct subnet mask for a /26.

I guess you're going to have to have them send a tech out to prove to himself it doesn't work with his own laptop so that they can troubleshoot it.