How do completely turn off firewall on BGW320-505

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
5 posts Page 1 of 1
by krby » Mon Jun 21, 2021 10:58 am
I'm a new Sonic-over-ATT customer and have the BGW320-505 gateway. I have my own firewall and Wifi APs behind the BGW320 so the ATT tech who did the install helped me setup IP Passthru and turn off the wifi radios. So far, that been working great. This morning, there was a brief outage, so when it came back up, I checked the logs of the BGW320 and noticed this:
No. Date/Time SourceIP DestinationIP Proto Reason
1 2021-06-21T10:49:50.785834 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
2 2021-06-21T10:49:53.795841 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
3 2021-06-21T10:49:59.820537 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
4 2021-06-21T10:50:11.875906 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
5 2021-06-21T10:50:14.885843 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
6 2021-06-21T10:50:20.885851 x.x.x.123 172.28.168.48 TCP Policy (filtersets, etc.)
7 2021-06-21T10:50:32.955855 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)
8 2021-06-21T10:50:35.955852 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)
9 2021-06-21T10:50:41.965880 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)
10 2021-06-21T10:50:54.015860 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)
11 2021-06-21T10:50:57.035850 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)
12 2021-06-21T10:51:03.045844 x.x.x.123 172.19.127.10 TCP Policy (filtersets, etc.)

This surprised me because previously I thought I turned off all the firewall and packet filtering on the BGW320. I even deleted the sample rules.
Firewall Status
Packet Filter Off
IP Passthrough On
NAT Default Server Off
Firewall Advanced Off
I really don't want this BGW320 doing any packet filtering of any kind. I already handle that in one spot, at pfSense router behind the BGW320. What are the recommended settings for getting the BGW320 to be JUST pass thru
by krby » Mon Jun 21, 2021 3:39 pm
Huh, I just went back to look at this and realized the IPs being blocked are from one of the RFC1918 non-routable addresses (172.16.0.0 – 172.31.255.255) That is really strange, I use a few of those under 172.16.x.x. on my LAN, but nothing in the ranges shown in the logs...I wonder where those are coming from?

But still, it's pretty clear the BGW320 is still doing some processing of each packet, and making some decisions to drop some. I'd really like to get it stop doing any layer3-type things
by klui » Wed Jun 23, 2021 12:23 pm
Those requests are coming from x.x.x.123. How many devices do you have plugged into your BGW320's LAN ports? What is your pfSense's WAN address?
by krby » Fri Jun 25, 2021 6:51 am
klui wrote:Those requests are coming from x.x.x.123. How many devices do you have plugged into your BGW320's LAN ports? What is your pfSense's WAN address?
The pfSense is the only thing connected to the LAN ports on the BGW320. That x.x.x.123 is the public WAN address of my pfSense, that it got from the BGW320 because I'm using passthrough. I know it's not possible, but I really want the BGW to act as much like a modem as possible and not mess with anything above that.
by js9erfan » Sat Jun 26, 2021 4:27 pm
Huh, I just went back to look at this and realized the IPs being blocked are from one of the RFC1918 non-routable addresses (172.16.0.0 – 172.31.255.255) That is really strange, I use a few of those under 172.16.x.x. on my LAN, but nothing in the ranges shown in the logs...I wonder where those are coming from?
Just a hunch since I know nothing about that ATT router but what is the DHCP pool(s) set to on the BGW320? If you’re connecting a device or devices directly to it to check the ATT log perhaps that’s the local IPs assigned by the BGW320. This is assuming you’re not connecting to it from a device behind pfSense since you already configured passthrough. Yes, you disabled the BGW320’s packet filtering for pfSense but it’s possible the packet filtering, firewall, etc. is still enabled for other devices you might have connected to the BGW320 while bypassing pfSense.

Now, if you setup an interface on pfSense for local access to the BGW320 then I would double check all of your other pfSense interface subnet ranges including vlans, etc.

Then again I wouldn’t sweat it too much unless your speeds are suffering as a result.
5 posts Page 1 of 1

Who is online

In total there are 25 users online :: 2 registered, 0 hidden and 23 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot], Semrush [Bot] and 23 guests