[messages] [Technical Support & Bugs] ATT 2wire routers and connectivity with vassalengine

Tabpub robertdavidson2 at att.net
Thu Mar 19 19:25:21 CET 2015


Hello,

I am an ATT customer that has also recently had trouble connecting to
the server to participate in games.
I have had some discussion with both the admin here and with some minor
support from ATT I think I have a workaround for myself and others that
have seen this occur.

My belief was that it is a problem with our routers firewall treating
this as intrusion/attack; traceroutes ran during failed connections
showed timeouts at gateway and next immediate connection in route.

The simplest answer that I have found (and this has worked now on 3-4
separate occasions, so I feel confident in repeatability) is to enter
into your router controls and set the computer to 'DMZplus' mode. The
following quote from the manual seems to confirm this:

_By default, the 2Wire gateway firewall rules block the attack types
listed in the Attack Detection pane. There
are some applications and devices that require the use of specific data
ports through the firewall. The
gateway allows users to open the necessary ports through the firewall
using the Firewall Settings page. If
the user requires that a computer have all incoming traffic available to
it, this computer can be set to the
DMZplus mode. While in DMZplus mode, the computer is still protected
against numerous broadband
attacks (for example, SYN Flood or Invalid TCP flag attacks)._

There is probably a more elegant way to do this, but I don't know
exactly how to achieve this; I just know that this is working for me.
Doing this does have limitations, if you have multiple computers it
might not be best, as the DMZplus computer will be the default for all
Internet applications that aren't specifically allocated to another
computer in the network for example.

http://setuprouter.com/router/2wire/3800hgv-b/manual-1319.pdf  is an
online link to the manual for my type of router.
Others are available there.

I do note that in the allow individual applications, there is a 'server'
setting, which then lists all the different types. 
If I knew the information, it might be possible to do the change there
to allow data in to the network. Choice are many; DNS, FTP, POP3, etc
.....doing something like this would probably be 'better' than the
DMZplus method; but again, I am not informed enough to render a
verdict/answer to that.

This may also be mooted by the fact that ATT was apparently treating
this IP as a spam source; and therefore it might have also been
inhibiting data transfer from it as a security service. Again, I am a
not even an educated amateur regarding these things; I just saw that the
apparent problem was at the gateway; read that DMZplus lets in the most
information; enabled it and it worked. Of course, this puts more
reliance on my software firewall; but that's hopefully not an issue.

Final note, after any changes are saved, most times it requires a
re-boot to lock them in; so don't just do a change and attempt
connection. Hope that this helps others out; it's worked for me in my
circumstance.

RD

_______________________________________________
Read this topic online here:
http://www.vassalengine.org/forum/viewtopic.php?p=48301#p48301


More information about the messages mailing list