Sunday, January 8, 2017

AT&T U-Verse Modem/Router Combination -- YES You CAN Host a Web Server Behind It

In the past years, I had both Comcast cable Internet and AT&T DSL service to my home office.  Both Comcast and AT&T offered a public or externally-facing IP address.  With this IP address, my clients (almost never more than two at one time) could access web pages that I served from a Mac Mini behind a router.  I could also access and control IP security cameras, and I even served up a simple Filemaker database showing my video clips.  Comcast gave my service a pretty permanent IP address; whereas AT&T's DSL service changed my IP address pretty often, perhaps twice a week.  I used the dyndns service to let clients access my webserver where the IP address changed often -- you can read more about it at 

About nine months ago, I changed to AT&T U-Verse service.  AT&T has been trying to kill off their old DSL service over copper lines.  The nice things about the old DSL service is that you could buy a DSL modem, and then use your own router behind that modem.  The same thing applied to Comcast's cable internet service.  I highly recommend using your own router, regardless of how you get your internet.  You'll have to get a modem to decipher the internet signal from Comcast, AT&T, or Verizon -- but your router will then do the important stuff.  Having a router that you can configure easily is important. 

With U-Verse service, AT&T forced me to use their own modem/router combination.  I wasn't very happy about this, but I had no real reason to serve up my own web pages any longer.  Like most folks, I have a web hosting service that serves up my web pages.  The problem is, sometimes I'd still like to have my Filemaker database up for clients -- and having a web hosting service host my Filemaker database(s) is more complicated than doing it myself with a Mac Mini behind my own router. 

Over the past nine months, I halfheartedly researched the web and tried some testing to see how I could get my Netgear router to work behind the U-Verse router.  I could not find any answers to my questions.  I finally had time this past week to troubleshoot the situation.  Here's what I learned for sure: Yes, you CAN put a web server behind an AT&T U-Verse router and access it from outside.  Yes, the AT&T U-verse internet IP address is public, and it is forward-facing -- so someone typing in your IP address can reach your webserver. 

Here's how to do it.  I have an AT&T U-Verse modem/router, model Pace 5031NV.  I connected my normal Netgear router with an Ethernet cable to LAN port 1 on the AT&T router.  I then reached the setup page on the U-Verse router by typing 

The U-Verse router is unexplainably slow to respond, but not terrible.  I went to Settings -- Firewall --> Applications, Pinholes, and DMZ.  I saw that two devices were connected to the AT&T router, under "Select a computer."  One of these was my Netgear router.  Any router attached the U-Verse router will have a confusing name; I only recognized that my router was named as such because I had given it a username when I used it with Comcast; and the other computer attached to the U-Verse router was my Mac Mini, named as such. 

I then chose the Netgear router, and chose the button called DMZplus mode at the bottom of the screen.  This states: Allow all applications (DMZplus mode) - Set the selected computer in DMZplus mode. All inbound traffic, except traffic which has been specifically assigned to another computer using the "Allow individual applications" feature, will automatically be directed to this computer. The DMZplus-enabled computer is less secure because all unassigned firewall ports are opened for that computer. 

Basically, DMZplus mode lets all traffic flow through the U-Verse router to my Netgear router.  This is exactly what I want. 

In the Status page for the U-Verse router, I can see that my device allows all applications through my Public IP. 

That's all I needed to do! I had already set up port forwarding in my Netgear router, so that my Mac Mini served up web pages through port 80. 

No comments: