**EDIT** Been meaning to update but just got busy. As everyone stated previously it's not an ideal application for fiber customers. Bridging definitely limits. So if you're bored and want a puzzle.. by all means.
To start I would like to say that this is an expansion/clarification geared to my fellow newbies. The credit goes to:
bzsparks: https://community.ubnt.com/t5/EdgeMAX/Using-an-Ubiquiti-Edgerouter-with-AT-amp-T-Gigapower-fiber/td-p/1696604 0xpebbles: http://blog.0xpebbles.org/Bypassing-At-t-U-verse-hardware-NAT-table-limits jhyda: https://strscrm.io/bypassing-gigapowers-provided-modem.html ryanc & users: https://www.dslreports.com/forum/r30708210-AT-T-Residential-Gateway-Bypass-True-bridge-mode
Now that everyone has received their standing ovations, let's get to work!
(1) AT&T Modem : I have the NVG599 others have the newer AC model
(1) EdgeMax Router: I will be using the EdgeRouter Lite
(1) terminal application to SSH into, if you don't have one you can either use the one that comes in the webui for the EdgeRouter Lite. I like the actual app so I can see the magic happen. You can download something like putty here:
Here's my NVG 599
and my fiber jack
Here's how I'll connect the EdgeRouter Lite:
Console: won't need it so let's skip
eth0: this goes to your LAN switch
eth1: this is where the ONT will plug into
eth2: this is where you'll plug the AT&T modem into its ONT port
Now tthat I know where everything is. Let's start!
1.) Before unplugging anythingI head over to my computer and bring up the browser. We are going to visit the AT&T modem's web page by typing its IP and then hit enter:
it should bring up a page like:
There's a lot of options, as you can see but we won't need to make any adjustments. This modem is here just to authenticate with AT&T, nothing more. So now you'll click on Broadband because we need some information:
Photo: portforward.com **I forgot to get this screenshot and once I bypassed I was no longer able to surf to this page without flipping everything back. I was lazy and opted for a google image.
2.) From this page, you'll want to take a screenshot or write it down as we'll need the broadband IPV4 address and MAC address.
3.) connected my computer to eth0 of the EdgeRouter lite
4.) disconnected ONT from the AT&T modem/Gateway and placed that into eth1 of the EdgeRouter lite.
5.) disconnected anything else from the AT&T modem/Gateway except for power
6.) Grabbed an ethernet cable and plug into eth2 of the Edge Router light to the ONT of the AT&T modem/Gateway
Once done everything looks like:
Now that we have everything setup, we can now open up putty or whatever app you like for SSH.
7.)Set my computer's interface to static:
IP = 192.168.1.10 Subnet = 255.255.255.0 Gateway = 192.168.1.1
8.)Brought up my browser and entered the gateway IP and hit enter
9.) Logged in using ubnt for user and ubnt for password (we'll change the login to be more secure at the end), and you should get something like
**I made it small so because we don't need to do anything here but just watch the pretty colors.
10.) pulled up terminal
11.) entered config mode
12.) created the bridge interface
set interfaces bridge br0
13.) With the interface now created we bridge eth1 & eth2 (AT&T Suff)
set interfaces ethernet eth1 bridge-group bridge br0 set interfaces ethernet eth2 bridge-group bridge br0
14.) Now let's give that newly created interface an IP. This IP is usually obtained by DHCP, but I manually typed it in because from what I've read AT&T doesn't change IP's unless they do a major change. So let head to our screenshot or our piece of paper where you wrote down from step one:
**We want the Broadband IPV4 and Gateway IPV4 Address
set interfaces bridge br0 vif 0 address 126.96.36.199/22 (YOUR IPV4 Address goes here) set protocols static route 0.0.0.0/0 next-hop 188.8.131.52 (YOUR Gateway IPV4 Address goes here)
15.) Now let's save our new config (not really necessary, but if you don't you'll get an error stating that there is no interface br0, but it saves it anyway. Didn't want to confuse ya'll.
16.) Next two commands allow us to get to the internet using that new interface
set service nat rule 5000 outbound-interface br0.0 set service nat rule 5000 type masquerade
Alright! now let's get our nerd goggles on and go into the EdgeRouter Lite as root
17.) typed in
18.) then we enter the command to push all authentication traffic over to the new interface (bridge)
echo 8 > /sys/class/net/br0/bridge/group_fwd_mask
19.) Now we specify what type of traffic with these 4 commands
ebtables -t filter -A FORWARD -i eth2 -p 802_1Q --vlan-encap 0x888e -j ACCEPT ebtables -t filter -A FORWARD -i eth2 -p 802_1Q -j DROP ebtables -t filter -A FORWARD -o eth2 -p 802_1Q --vlan-encap 0x888e -j ACCEPT ebtables -t filter -A FORWARD -o eth2 -p 802_1Q -j DROP
20.) Now we'll bring down the newly created interface, spoof the mac address from the AT&T modem/gateway (again from step one) and then bring it back up
ip link set br0.0 down ip link set br0.0 address a1:b2:c3:d4:e5:f6 ip link set br0.0 up
That's it! But our job is not done. If the Edgerouter lite reboots or loses power and then you'll have to do steps 17 and on over again. Who has time for that? Now let's create a script to do that for us!
For this folks, our nerd goggles aren't enough. Yes. We are reaching for the pocket protector...
21.) With our terminal or putty session open, let's create our script with this command:
This creates mask.sh (you can call it whatever you like just make sure to include it)
22.) after you hit enter your terminal or putty screen turns white with colons on the left. We'll hit
23.) which allows us then to paste the following
#!/bin/bash echo 8 > /sys/class/net/br0/bridge/group_fwd_mask ip link set br0.0 down ip link set br0.0 address a1:b2:c3:d4:e5:f6 ip link set br0.0 up ebtables -t filter -A FORWARD -i eth2 -p 802_1Q --vlan-encap 0x888e -j ACCEPT ebtables -t filter -A FORWARD -i eth2 -p 802_1Q -j DROP ebtables -t filter -A FORWARD -o eth2 -p 802_1Q --vlan-encap 0x888e -j ACCEPT ebtables -t filter -A FORWARD -o eth2 -p 802_1Q -j DROP
24.) now let's give it a glance over, make sure it looks exactly like above. To exit edit mode we hit
25.) and then we
hold down SHIFT and press ZZ
26.) To make sure we did everything right you should get what we typed in step 23. with this command
27.) if everything matches we can now save everything! Exit from root
28.) commit our changes
29.) and save our config
30.) and exit terminal or putty
You should now see :
To test everything pull up any website and make sure you're able to surf.
31.) now head over to the user's tab in EdgeRouter Lite and either change the password to the ubnt account OR as I would create a whole other account. Log out of ubnt and login with the new, THEN delete ubnt.
EAT THAT AT&T! no more limited NAT tables!