In my case, I am on FIOS with an internal network with that's neither of the above (192.168.100.x), using a Linux box for both DHCP and DNS, and forwarding a few services to an internal box. I bought the thing, did the online pre-registration, and started the connection. No matter what, the thing would not connect. Besides the fact that they want attempt cycles of 90 minutes, there is nothing that one can check on the damn box to know what's really happening. :(
After checking both the FIOS and the ATT&T forums, it seemed that the best setup is to configure the microcell IP to be reserved, and set that IP to be the DMZ (to bypass any firewall issues). still didn't work...
I found a list of required ports for the thing, which include:
- 443 TCP (HTTPS)
- 123 UDP (NTP)
- 500 UDP (IPSEC)
- 4500 UDP (IPSEC NAT)
Even though it was already in a DMZ, I set the forwarding rules for the ports. Still, nothing. Called the tech support line and gave them the whole list of things I've done. He had no more ideas...
Finally, I found another post in the FIOS forums that simply said: "I had to reset the firewall to factory defaults, and it worked".
I took the plunge and did the same. Which, by the way, includes a default IP numbering based on 192.168.1.x. Reserved the IP for the thing, set it as a DMZ, and it worked. Not believing that something as dumb as a numbering difference could cause the problem, I set the router back to a 100 based IP, going through the same process to reserve the IP for the unit and setting it as the DMZ. Reboot everybody, and immediately stops working! Revert back to a 1.x IP, and everything works again...
So, my solution was the difficult one: renumber the entire internal network to the 192.168.1.x, and reconfigure all the systems in the house (many!) I cannot imagine something that silly was the cause of all the pain. Knowing that the firewall has been port forwarding all this time without issue leads me to blame the microcell for all this pain. It probably has some dumb internal rule.
So, if you get said device, here's my recommended setup:
- Make sure your network in on 192.168.0.x or 192.168.1.x (most of you will be)
- Check that your MTU is 1492 (no more than 1500), this is the default in most cases, but check.
- Check that IP fragment blocking is disabled (default for me)
- Set up a reserved DHCP address for the microcell (check your documentation). For the FIOS (actiontec) router it is under the advanced settings/ip allocation
- Set up the reserved IP as the DMZ for the firewall. Some people frown on this, but that thing is locked up so tight, it is close to impossible to hijack it for a nefarious purpose.
I hope the tale help you if you run into a similar situation.
Later,
2 comments:
I can confirm that it wouldn't work at all with my 192.168.100.x scheme. 10.x.x.x works fine!
I fooled around with port forwarding, etc, to get my AT&T MicroCell working reliably behind my Netgear FVS336Gv2 router. I use 192.168.10.X on the home LAN, ran an IPSEC VPN tunnel to work, etc. and could never keep the MicroCell from flashing red after a few days. Finally last month I did *another* Netgear firmware update and, ta-da! It's worked flawlessly for a month.
In other words, I am firmly convinced that Netgear "fixed" something that was preventing transparent access of the MicroCell to its mothership.
By the way--I had that Router in the junk box for a year after I got it. It was so unstable and flakey it was useless, but progressive waves of firmware have made it genuinely excellent.
Post a Comment