Kathleen FitzpatrickI have been fighting with the process of setting up a server on my home network for what is now literally months. (I keep having to walk away from the project because of that whole “day job” thing, plus travel and so forth.) If anyone has advice to offer, it would not be unsolicited! https://kfitz.info/networking-continued/ #homelab #dns #proxmox #nginx
DrScriptt@kfitz I saw your #dns tag last night and have read your Networking Continued post. I want to read more of your blog for history, but I figured I'd throw this out there:
I have a BGW320(-505) from AT&T and I have public access working to things in my network without any problem.
I'm on a residential account with an 8-block of globally routed IPs. No business account required.
I find the BGW320 to be annoying to work with and occasionally feel like "what am I going to break now?". Take screen shots. You should always be able to reset it and get back to what you have now. It's annoying to recover from, but definitely possible to do.
Firewall - Status:
- Packet Filter: Off
- IP Passthrough: On
- NAT Default Server: Off
- Firewall Advanced: On (I've not found how to turn it off.)
Firewall - Packet Filter:
- No Filter Rules...
Firewall - NAT/Gaming:
- Nothing configured
Firewall - Public Subnet Hosts:
- (nothing, no public subnet defined)
Firewall - IP Passthrough:
- Allocation Mode: Passthrough
- Default Server Internal Address: Private IP on the LAN inside of the BGW320
- Passthrough Mode: Manual
- Passthrough Fixed MAC Address: MAC address of device with the private IP
- Passthrough DHCP Lease: 0:0:10:0
Firewall - Firewall Advanced:
- Drop incoming ICMP Echo requests to LAN: Off
- Drop incoming ICMP Echo requests to Device LAN Address: Off
- Drop incoming ICMP Echo requests to Device WAN Address: Off
- Reflexive ACL: Off
- ESP ALG: Off
- SIP ALG
Firewall - Security Options:
- Parental Controls Status: Disabled
Home Network - Subnets & DHCP:
- Device IPv4 Address: private IP I chose
- Subnet Mask: 255.255.255.0
- DHCP Server Enable: On
- DHCPv4 Start Address: private IP I chose to start at
- DHCPv4 End Address: private IP I chose to end at
- DHCP Lease: 0:8:0:0
- Public Subnet Mode: Off
- Allow Inbound Traffic: Off
- Public Gateway Address: (blank)
- Public Subnet Mask: (blank)
- DHCPv4 Start Address: (blank)
- DHCPv4 End Address: (blank)
- Primary DHCP Pool: Public
*** Cascade Router Enable: On
*** Cascade Router Address: 0.0.0.0
*** Network Address: Network (0th) address of my 8-block of globally routed IPs
*** Subnet Mask: 255.255.255.248
What this does is to cause the BGW320 to *route* IPs to the globally routed 8-block to my internal router connected to the BGW320 via a cross over cable using a private subnet between them. -- My personally provided router than actually has the WAN IP and an IP from the private subnet bound to it's outside interface. -- I can then do whatever I want to because MY ROUTER HAS FULL CONTROL AND RESPONSIBILITY FOR THE 8-BLOCK OF GLOBALLY ROUTED IPS. (emphasis, not yelling)
My firewall is the security entry point to my network, not the BGW320.
I view the BGW320 as upstream ISP equipment and mostly ignore it. I do all of my filtering on my router behind the BGW320.
I have actually manged to have fun with all 9 of the globally routed IPs from AT&T. Yes, nine, the number between eight and ten. The full 8-block plus the globally routed IP that AT&T sends traffic to. }:-) How I do that will be a future message