Enabling IP Passthrough on the Arris BGW320
Note: This article's content was originally sourced from https://forums.att.com/t5/AT-T-Internet-Equipment/Strict-NAT-Bridge-Mode-What-is-IP-Passthrough-Can-I-enable-on-my/td-p/5296974
Note: These instructions require knowledge of advanced networking topics, including DHCP, assigning static IP addresses, identifying MAC addresses, IP routing and port forwarding. IgLou does not provide technical support for the configuration or use of IP passthrough. IP passthrough is not recommended for most users and applications unless there is a very specific need for it. Internet troubleshooting with our support team may require your modem be placed back into it's factory default configuration.
Business customers sometimes need their Internet service configured into a "Bridged mode" where they are putting other routing equipment behind the Broadband CPE. The below information provides general instructions on how to configure the Arris BGW320 Internet Gateway for IP Passthrough mode, an effective equivalent to a bridge mode configuration.
IP Passthrough means the Broadband CPE device terminates the VDSL/Fiber connection, authenticates with the network, receives a WAN IP, and shares that IP address with a single customer device connected to the Broadband CPE equipment. IP Passthrough will only allow one connection to be "unfiltered" or pingable from the WAN or internet side of the Broadband CPE equipment.
The IP Passthrough feature allows a single device on the LAN to have the gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet. Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.
Note: Remember to make a copy of all current settings before proceeding.
Configuring IP Passthrough:
Open your web-browser from a computer directly connected to the Arris BGW320.
Enter http://192.168.1.254 in the browser address location field and have the Device Access Code off the bottom of the modem available for when it is requested.
Click on Firewall and then IP Passthrough. Set Allocation mode to Passthrough and choose DHCPS-fixed for the Passthrough mode. Either choose your router from the drop down list or manually enter the MAC address of the router you want to use IP Passthrough with. Click Save at the bottom
Click on Packet Filter at the top and then click on Disable Packet Filters.
Click on Firewall Advanced at the top and turn all options off. Click Save at the bottom.
Click on Home Network at the top, click on Wi-Fi, and click on Advanced Options. For BOTH 2.4GHz Wi-Fi Configuration and 5GHz Wi-Fi Configuration turn Wi-Fi Operation Off. Be sure this is done for both the 2.4GHz and 5GHz networks (scroll down to see 5GHz and further down for save). Click Save at the bottom.
Note: IP Passthrough Restriction: Since both the BGW320 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW320. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.