Enabling IP Passthrough on the Arris BGW210
Note: This article's content was originally sourced from https://forums.att.com/t5/AT-T-Internet-Equipment/Strict-NAT-Bridge-Mode-What-is-IP-Passthrough-Can-I-enable-on-my/td-p/5296974
Note: These instructions require knowledge of advanced networking topics, including DHCP, assigning static IP addresses, identifying MAC addresses, IP routing and port forwarding. IgLou does not provide technical support for the configuration or use of IP passthrough. IP passthrough is not recommended for most users and applications unless there is a very specific need for it. Internet troubleshooting with our support team may require your modem be placed back into it's factory default configuration.
Business customers sometimes need their Internet service configured into a "Bridged mode" where they are putting other routing equipment behind the Broadband CPE. The below information provides general instructions on how to configure the Arris BGW210-700 Internet Gateway for IP Passthrough mode, an effective equivalent to a bridge mode configuration.
IP Passthrough means the Broadband CPE device terminates the VDSL/Fiber connection, authenticates with the network, receives a WAN IP, and shares that IP address with a single customer device connected to the Broadband CPE equipment. IP Passthrough will only allow one connection to be "unfiltered" or pingable from the WAN or internet side of the Broadband CPE equipment.
The IP Passthrough feature allows a single device on the LAN to have the gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet. Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.
Note: Remember to make a copy of all current settings before proceeding.
Configuring IP Passthrough:
Open your web-browser from a computer directly connected to the Arris BGW210-700.
Enter http://192.168.1.254 in the browser address location field.
Click the IP Passthrough tab to configure the following settings.
DHCP can automatically serve the WAN IP address to a LAN computer. When DHCP is used for addressing the designated IP Passthrough computer, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single servable address subnet, and reserve the address for the configured PC's MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.
The two DHCP modes assign the needed WAN IP information to the client automatically. You can select the MAC address of the computer you want to be the IP Passthrough client with fixed mode or with first-come-first-served dynamic. The first client to renew its address will be assigned the WAN IP.
Manual mode is like statically configuring your connected computer. With Manual mode, you configure the TCP/IP Properties of the LAN client deviceyou want to be the IP Passthrough client. You then manually enter the WAN IP address, gateway address, and so on that matches the WAN IP address information of your Broadband CPE device. This mode works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still able to access the BGW210 device and other LAN clients on the 192.168.1.x network.
DHCP Lease: By default, the IP Passthrough host's DHCP leases will be shortened to two minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the IP Passthrough host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.
Click Save. Changes take effect upon restart.
Note: IP Passthrough Restriction: Since both the BGW210 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW210. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.