At&t Fiber using Personal Router (DMZ+ and IP Passthrough) a Story of Woe.

This story starts like any other story of being completely f***ing sick of the garbage equipment provided by <insert ISP name here>. Normally it goes something like this.

  1. Get new service
  2. Think “ah this time it will probably be fine to use their router/gateway”
  3. Realize after it takes 30–45 mins to do something as simple as assigning a static local IP or port forwarding a single service. That its just not gonna work out and you need to start seeing someone else.

Well whatever your version of this story goes like it likely will bring you to a place of:

I’ve had enough

So now begins the journey of setting up a 3rd party router, easy right?

Now my current setup was this:

  • Att Fiber 1Gbps up/down
  • 5268AC FXN Router/Gateway
  • Local Plex server

The setup I wanted to move to:

  • Att Fiber 1Gbps up/down
  • 5268AC FXN Router/Gateway
Netgear Nighthawk AC4000 — http://amzn.to/2km2o8l

Step 1 : Change your DHCP pool

To prevent collisions between the Att Router/Gateway and your router you will need to choose a new LAN IP pool for the Att Router to use. You can do this the opposite way if you’d like but I like my 192.168.x.x pool for my equipment. Att can have the 172.16.x.x range.

  1. Login to your router at 192.168.1.254 (consult the back of the router for the fancy att password)
  2. Select Settings > LAN > DHCP
  3. Select the 172.16.0.0 / 225.255.0.0 Range
  4. NOTE: This will drop network connectivity to everything and restart the router most likely. You will likely need to reboot your computers as well to force them to get a new IP address.

Step 2: Plug in the new Router

At this point it doesn't really matter if you have an Asus or Netgear router. The wiring layout will be something like this:

At&t router > your router > your computers

Once its plugged in connect your computer to your new router and run through the manufacture setup steps there.

Make sure your your router is:

  • Set to Get IP Address Dynamically from ISP
  • Set to Get DNS Automatically from ISP

Once you finish the initial setup of your new router your internet should actually be working at this point.

Don’t get cocky you aren't done yet

Step 3: Configure DMZ+ Mode and IP Passthrough

Now comes the most important part for this all to work. Most ISP provided routers/gateways will allow you to enable something called Bridged Mode. This is just a fancy term for:

I don’t want to use your jank a** s*** <insert ISP name here>

Unfortunately, because At&t likes making things hard for the sake of it, they have something called DMZ+ mode. Which effectively provides us give or take the same functionality.

If you aren’t familiar with DMZ its used in both war and networking. It’s short for demilitarized zone (sometimes referred to as a perimeter network). The concept is it places whatever devices you choose outside the firewall and thus in a sort of middle ground.

In our case this is exactly what we need in order to bypass(mostly) the At&t router completely. We will be placing our router in the DMZ+ area where it will get:

  • The same WAN IP as the At&t router (aka IP Passthrough)
  • Direct access to the scary outside internet
  • Easy to configure port forwarding support
  • No packet manipulation by the At&t router(at least so they say)
  • And much more….

To do this:

  1. Log back into the At&t router but this time at IP 172.16.0.1 (NOTE: you should be able to access this through the new router no problem but if you can’t hard wire your machine to your att router to make these changes)
  2. Select Settings > Firewall > Applications, Pinholes and DMZ

3. Once there you will see a list of all the active devices on your network, choose your router from the list

4. Scroll down to “Edit firewall settings for this computer”

5. At the very bottom you will see “Allow all applications (DMZplus mode)” along with a huge wall of text.

6. Select this and choose Save in the bottom right corner

7. Reboot your router after the At&t router saves those settings

8. Reboot all your devices on network to ensure correct IP mappings

And you’re done!

From here on out you will have complete control over your local network and you can port forward, host VPNs, and share network drives to your hearts content.