In this blog, I will walk you through setting up your Uverse gateway to allow all traffic to properly pass through to your pfsense router or any other router.
While this blog is aimed at configuring a Uverse gateway with static IP addresses, most of the information is the same for configuring a Uverse gateway with a dynamic IP. If you need to configure more than one static IP address into your pfsense router, then you will need to setup CARP virtual IP addresses which is beyond this tutorial.
First you must have a working Uverse gateway that has been installed by an ATT tech. Do not connect your pfsense router yet. On the gateway, you will find a sticker that contains the information you need to connect to the device. The default IP is usually 192.168.1.254, so fire up a browser and head to that IP address. If you are prompted for a password, it is the password on the side of your Uverse 2wire gateway.
Once you are logged in, go to the settings tab and then to the broadband tab. If your ATT tech already configured your static IP addresses, then your router address and Subnet Mask will already be entered in. If you have a block of 5 static IP addresses, then your subnet mask will be the same as below. If your static IP addresses have not been configured, you will have to get the Router Address (Gateway IP) from ATT support. Make sure the check box for Auto Open Firewall is checked.
Save the page if you made any changes (most likely). Now it is time to configure your pfsense router. Connect your computer to the LAN of your pfsense box. Connect into the pfsense web administration (default IP: 192.168.1.1, default Username: admin, Default Password: pfsense). Go to Settings -> Routing to access the list of gateways. Click the add gateway button and you will then select your WAN interface, enter in a gateway name, and enter your gateway IP address (Router Address in the Uverse Link Configuration page). You will also need to check the Default Gateway box.
Now that the gateway is configured, you will need to setup your WAN inteface. Go to Interfaces -> WAN (or whatever your WAN is named such as UVERSE). You will need to select Static from the Type dropdown. Then enter in an IP address that is in your usable range and select the gateway that you configured in the previous step. You will also have to select the subnet mask (/29 for a 5 static IP address block).
Now that your pfsense router is configured with your static IP address, plug the WAN port of your pfsense router into one of the network ports on the Uverse 2Wire gateway. Connect your computer to one of the other ports on the Uverse gateway and log back into the Uverse gateway web page as we did in the first step. Go to the Settings tab, then the LAN tab and then the IP Address Allocation link. If you configured your pfsense router correctly, it should have pushed the static IP into this page. You might also see your computer in this list, do not worry about it. Make sure your pfsense router is listed on this page and that the settings look similar to the image below:
If your firewall on the device shows disabled like the image above, you can skip this next step. If your device has the firewall enabled, you will need to go to the settings tab, then the firewall tab and then the Applications, Pinholes and DMZ link. On this page you will select your pfsense router from the devices and then select the last option (Allow all applications) which will essentially turn off the firewall. Then hit the save button.
Your gateway should now be passing all incoming traffic to your pfsense router. This last step is optional. Go to the settings tab, then firewall tab, then Advance Configuration link. This is my working configuration below, I let the gateway handle some basic firewall functions. If you would like to completely disabled the gateway firewall, you can uncheck Stealth Mode & Block Ping under Enhanced Security. It is best to leave the timeouts alone. You can also uncheck all of the items under Attack Detection since your pfsense router will be handling these.
Once you get your gateway working, try to avoid changing WAN ports. The Uverse gateway associates that static IP address to your pfsense WAN MAC address. I recently built a new pfsense box and ran into a few problems trying to get the Uverse gateway to let me use that same static IP with a new MAC address. Leave any questions or comments below.