Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3862 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM won't work with ATT uVerse public IP blocks - here is why

KrisJacobs

Hello!  I've been really enjoying the SG330 we purchased at work, so I decided to fire up UTM at home.

I've been a ATT uVerse customer for years, originally with a 2Wire iNID i3812V residential gateway, recently switched out for a Pace/2Wire 5268AC.  They have identical configuration interfaces as far as I can tell.

I have a /28 block of public IPs with my ATT uVerse Internet access.  ATT's residential gateways (RGs) are goofy in the way they handle public IP subnets handed down to the customer.  They aren't just a routed block like anyone with any traditional IP networking knowledge would think.

The ATT RG wants to see a unique MAC address for every public IP in the customer's assigned subnet.

In pfSense, I accomplished this by configuring CARP Virtual IPs.  Each of my usable IPs from my uVerse /28 of publics = one CARP VIP in pfSense.  Once you configure a CARP VIP, pfSense generates a virtual MAC address to go with it.

Why it won't work in UTM:

I added my public IPs from my uVerse-assigned subnet in Interfaces & Routing>Interfaces>Additional Addresses & bound them to the WAN interface.  I started to do NATs, firewall rules, etc. and things starting getting really goofy.  The ATT RG was seeing all those IPs active on a single MAC (UTM's WAN interface), and it was freaking out.

 

Until we can create a virtual MAC for each IP in Additional Addresses, UTM Home won't work with ATT uVerse Residential Gateways & static public IP blocks.   :(



This thread was automatically locked due to age.
Parents

  • Yeah, Kris, that lousy RG was the reason AT&T got the boot here.  You'll find others here that have had many problems making it work as an Internet connection for a UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Thanks Bob.

    I went thru many trials getting my own firewall working with my /28 of public IPs, and have had pfSense handling it perfectly since 2012.  I'm really disappointed that I can't use UTM at home as well as at work - and I'm irritated at ATT all over again.

    I'd like to talk with the engineers / techs that came up with the dastardly way uVerse RGs abuse ARP, routed blocks of Static IPs, etc.  It's just crazy to me.

    ____________________________
    Kris Jacobs
    Network Administrator
    Calhoun County IT Department
    Battle Creek, Michigan   USA

Reply
  • in reply to BAlfson

    Thanks Bob.

    I went thru many trials getting my own firewall working with my /28 of public IPs, and have had pfSense handling it perfectly since 2012.  I'm really disappointed that I can't use UTM at home as well as at work - and I'm irritated at ATT all over again.

    I'd like to talk with the engineers / techs that came up with the dastardly way uVerse RGs abuse ARP, routed blocks of Static IPs, etc.  It's just crazy to me.

    ____________________________
    Kris Jacobs
    Network Administrator
    Calhoun County IT Department
    Battle Creek, Michigan   USA

Children
No Data
Unfiltered HTML