kfitz

Networking

This post is going to put my full nerdiness and my full cluelessness simultaneously on display, but I am building a home network that is going to include a server hosting much of my online presence, and I am running into some issues that are making the limitations in my knowledge all too apparent. (Also the limitations in internet search in the year of our lord 2025: I can find answers for solving issues in specific one-to-one connections within this network, but they leave out other crucial components such that I can't get the whole thing going all at the same time.) So I am here, appealing to you, to help me think this through.

I have AT&T fiber coming into my house, with a BGW320 modem/router combo. I have a 3-device Eero mesh wifi network, with the gateway Eero connected to the BGW320 via ethernet. I have a Synology NAS connected to the Eero gateway via ethernet, and I'm soon going to have a mini server that... will get connected to all of this somehow that I haven't yet figured out.

I have turned off the wifi radios on the BGW320, so that I only have the wifi network provided by the Eeros. Right now, I have IP Passthrough turned on on the BGW320, set to DHCPS-dynamic; the WAN IP address is being picked up properly by the gateway Eero and the WAN type on the Eero is set to DHCP (Default). The bajillion devices in my house are being doled out IP addresses appropriately vis DHCP, including the NAS, and are for the most part getting good bandwidth (though the gateway Eero seems to have to reconnect to the internet periodically, so there's clearly some setting in the BGW320 that needs futzing with already).

But here's where things start to get complicated: I have purchased a block of 5 static IP addresses from AT&T (really 8, but one gets assigned to the router and 2 are unusable), with the intent of assigning the NAS and the forthcoming server a static IP. So in the BGW320 admin interface, I have both a private LAN subnet and DHCP range (of the 192.168.1.XXX variety) and a public subnet that includes my public gateway address, my public subnet mask, and the 5-address DHCP range.

In passthrough mode, the BGW320 just hands off all DHCP stuff to the Eero mesh, which has the gateway address of 192.168.4.1 (the Eero default). In the Eero admin interface, I can use Reservations & port forwarding to assign a static IP address to a device, like the NAS. However, my static IP addresses are outside the Eero's subnet range, so it won't accept them.

On the NAS, I can use the admin interface to assign the static IP address right there, and it will accept the address, but doing so breaks a bunch of connections between the NAS and the outside world, like Synology's software updaters, whose IP addresses it cannot resolve. I am guessing that this is because assigning the static IP on the device breaks the DNS connection, but it's also possible that it's got something to do with the way I've set up the NAS's firewall rules, which, ugh.

Anyhow, I am wondering at this point whether going with IP Passthrough on the BGW320 is at the root of the problem. If instead I let the AT&T device handle all the WAN/DHCP stuff, and put the Eeros into bridge mode, will the static IP addresses become assignable to devices via the BGW320? If so, will devices connected to the private subnet via the Eeros still be able to talk to the devices on the public subnet? And aside from the "advanced features" that Eero tells me I'll lose if I go the bridge mode route, are there other drawbacks?

I think I've talked myself into trying it and seeing what happens... but I'm going to pause for a bit to see if anyone has other suggestions.

Webmentions

3 Replies

  1. Kathleen Fitzpatrick Kathleen Fitzpatrick
    @djg Hmmm. So in my case, I'd a static public IP to the Eero gateway and then use it to reserve something in its subnet range to the NAS/server?
  2. Kathleen Fitzpatrick Kathleen Fitzpatrick
    @djg Thanks for this -- but I'm still not figuring it out. The particulars of the BGW320 and Eero are different enough that it's just not that straightforward.
  3. Kathleen Fitzpatrick Kathleen Fitzpatrick
    An update to this ask: I more or less flipped the thing upside-down yesterday. Instead of using IP Passthrough to hand all the DHCP business to the Eeros, I instead put the Eeros in bridge mode, so all the DHCP stuff is being handled by the BGW320. It's behaving pretty well, and I have been able to assign a public static IP address to the NAS. The NAS is now of course being subjected to a range of scanning attacks, but my firewall appears to be holding. I would very much like to install a network-level VPN, though (unsurprisingly) AT&T has their hardware locked down in a way that pushes you toward their VPN-as-a-service. If y'all have suggestions for ways to get around that, I'm all ears! #AskFedi #BGW320 #VPN askfedi bgw320 vpn

4 Likes

jimgroom Emilia [Scout] Bell Henrik Schönemann Amanda Wyatt Visconti

8 Reposts

Tim Sherratt ???????????????????????????????????? ???????????????????? TinDrum Mareike König Exhaust_Fumes_NowMoreThanEver Jennifer Moore ???? Henrik Schönemann El Duvelle