06-25-2012 11:47:14 AM
I have a new 2Wire 3801HGV router and want to setup a pinhole/firewall rule to allow access on a certain port... from a certain set of IP addresses. For example, let's say I want to enable printing to my wireless printer from the Internet. I can open up a pinhole on the proper port... but the interface only seems to allow this globally - meaning EVERYONE could print to my printer. How do I lock it down so that only certain source IP addresses can do this?
06-25-2012 05:36:52 PM
If you need this capability, you will have to use your own router that can do this, and set it up as a router-behind-router with the 2Wire.
06-26-2012 07:47:16 AM
Where is the "router behind router" configuration setup? I can't find it in the UI. Also, do you have documentation related to this feature? Does my 2nd router need to go "in front" or "behind" the 2Wire box?
Separately, how do we request this feature be added with a future firmware release on the 2Wire box? That would obviously be the best solution and alleviate the need for another router.
06-26-2012 12:57:48 PM
See the following post for instructions to set up your own router using the DMZPlus feature:
It is doubtful that AT&T would add your requested features to the 2Wire firmware, and there is no formal mechanism to request that.
06-26-2012 01:13:23 PM
Thanks again for your replies, SomeJoe. To make sure I understand properly, the only solution here is to basically turn the 2Wire into a big, dumb gateway using the DMZPlus option, and put my own router and Wifi access point behind it? That ends us making useless all of the other features of the 2Wire box - I wouldn't be using DHCP, or the Wireless AP, or anything else from that box at all.
If that's the case - that I just want to use a DMZ-type mode and my own router, does U-Verse offer any smaller, less functional modem-only-type boxes that I can use?
06-26-2012 02:14:28 PM
For VDSL, the only gateways available are all 2Wire branded and have the same functionality and firmware. The 3801HGV model is physically smaller and has a beefier processor, but is otherwise the same as the 3800HGV-B.
06-27-2012 06:41:24 AM
OK, last note. Do you know of ANY way to contact 2Wire about this? Are they owned by AT&T or something? I think this is a logical request and maybe they should consider adding this feature via a firmware update. Thanks.
06-27-2012 06:48:10 AM
AT&T contracts with Pace to supply the gateways for the U-Verse service, and produces specialized firmware to AT&T's specifications. AT&T does not write the firmware themselves.
You can try to contact Pace and see what they say, but I doubt they'll talk with you. Pace does not have a consumer division and does not sell their product to the retail market. They manufacture their gateways solely under contract for other companies to use.
Even if you did talk to them and convince them to add a firmware feature, it would then be up to AT&T whether they would allow that feature to be present in their specialized firmware build.
On a bigger note, why bother with the attempt to add this feature or otherwise change the 2Wire gateway's firmware? The unit and its firmware are substandard and below average in both features and functionality, and has several known bugs and peculiar behavior. Why not use a good router behind the 2Wire and offload all functionality to that so that you avoid all those shortcomings? It doesn't make sense to put lipstick on a pig.