Monday, January 04, 2016

AT&T UVerse Motorola NVG510 Bridge Mode

The best instructions are available here:

Please note that I have not yet encountered the conflict between Bridge Mode and VOIP services.

Overall, I am very dissatisfied with the UVerse experience.  If there is any alternate service provider available, please consider using it.  In my humble opinion, UVerse is poorly supported, slow, and much more prone to failure than any competing service.

A much deeper issue, and I see this as much in competing services as I do in AT&T, is that technicians are really only equipped and trained to deal with the service providers network and are truly clueless when it comes to the customers' networks.  Issues with DHCP, DNS, and firewalling are way over the head of the typical installer.  this needs to change because customers are becoming increasingly irritated with the ineptitude displayed by the service technicians sent by Internet providers.  I often feel that these companies are operating in a way analogous to having oil change technicians perform engine repairs - the techs know what most of the parts do, but they aren't familiar with the theory and details of the inner workings.

From DSLReports:
Bridge mode, DMZ+, or IP Passthrough are the features that permit you to run your own router behind the AT&T provided residential gateway with a public IP address on its outside WAN interface. The NVG589 supports the IP Passthrough feature to accomplish this.

To be technically accurate, the NVG589 does not actually "bridge" the traffic. It will enable a default rule to forward all unknown inbound traffic to the AT&T public IP address to the MAC address of the internal router. This will preserve the public destination IP address on incoming packets and allow you to control inbound access for services and security from your personal router.

The NVG589 will still map session state information for each connection passing through, similar to a traditional NAT configuration. The only thing it will do with this traffic is rewrite the destination MAC address to that of your personal router's WAN interface. The NVG589 includes more memory and can support 8192 simultaneous connection entries, as compared to previous gateways that were limited to a maximum of 1024.

Make sure you have a notebook or a computer that you can directly connect to the NVG589.  Once you have that, unplug all Ethernet cables (including television STBs) from the NVG589 except for the previously mentioned notebook/computer. Note: the WAN connection from AT&T is not an Ethernet connection.

Second, write down the WAN-side MAC Address of your personal router.

Configuration steps to perform on the NVG589:
Note: address block is a suggestion in this series of steps.  Feel free to adjust this as you wish.

1. Login to the NVG589's web-based configuration interface in your web browser.
This can usually be accessed with the following link:

2. Go to the "Home Network" -> "Subnets & DHCP" tab.  It may ask for your NVG589's password.

3. If your "Device IPv4 Address" is in the same subnet as your personal router's LAN segment, you should change your personal router's network configuration to use a different subnet like or whatever you wish, as long as it continues to use private address space in the,, or  The subnet mask can stay the same,, or can be adjusted to a larger range if you want.

4. Leave the default DHCP settings on the NVG589 as is, unless you want to expand the usable range. This will permit your Television Set Top Boxes to connect and any other devices that you may want to use the integrated wireless or wire directly to the RG. The Television STBs can not connect to your personal router, unless your router has the capability to provide Multicast Routing using IGMPv3. Most consumer routers do not have this capability.

It is important that you have only your computer that's configuring the NVG589 connected to it at this time.

5. If you have made any changes, at this point, Click "Save" at the bottom.

6. Go to the "Home Network" -> "Wireless" tab.

7. If you do not want to use the NVG589's integrated wireless feature, disable Wireless by choosing "Off" in the "Wireless Operation" option.

8. Go to the "Firewall" -> "Packet Filter" tab.  Click on the "Disable Packet Filters" button.

9. Go to the "Firewall" -> "NAT/Gaming" tab and disable any and all settings.

10. Go to the "Firewall" -> "IP Passthrough" tab.  Select "Passthrough" in the "Allocation Mode" option.

11. Do not enter anything for the "Default Server Internal Address". Leave this field blank.

12. In the "Passthrough Mode" selection choose "DHCPS-Fixed".

13. Type in the WAN-side MAC Address for your router under "Manual Entry", lowercase is fine. The MAC address should be in the traditional hexadecimal format xx:xx:xx:xx:xx:xx where the x's should be values from 0-9 or letters a-f, separated with single colons. If you have already connected the WAN interface of your personal router and configured it for DHCP, it may show up in the "Choose from list". If you select it, it will automatically fill the field with appropriate MAC address.

14. The Passthrough DHCP Lease value defaults to 10 minutes. You can not change this.

15. Click "Save" at the bottom. It will tell you that it needs to reboot. Stop! Do not reboot the router, yet.

16. If you are not putting any devices on the network segment directly attached to the AT&T gateway and do not want any of the Firewall security features active on the NVG589, go to the "Firewall Advanced" tab at the top and turn everything off. The recommendation is to leave these features enabled if you will have any devices on this segment or are using the integrated wireless feature. If you disable these features, make sure you are enabling this functionality on your personal router.

17. Near the top of your screen, you should see an option telling you to reboot the router. Go ahead and do this now. It takes about 2 minutes.

Configuration steps for your personal router:

Disconnect your laptop's ethernet connection from the NVG589 and connect your personal router, while the NVG589 reboots.

2. Connect your laptop to your personal router.

3. Login to your personal router and change the Internet connection type to DHCP as per your router's instructions.

You should be done configuring the IP Passthrough "bridge mode", at this point. Verify that your personal router is being assigned the public IP address from AT&T on its WAN interface via DHCP.