-
The Previous Posting
« MySQL Server on Windows Vista x64 Setup Guide, An Install That Works!!! -
The Next Posting
Disable Microsoft Software Wavetable Synthesizer, My Music’s Cutting Out… »
AT&T U-verse 2wire Gateway and DD-WRT Router in DMZ Mode…
We’ve recently upgraded our ISP to AT&T U-verse. With this switch AT&T provided a 2wire gateway. So far the service has been excellent. Recently we setup a live chat support feature on the website, as you can see to the right. With this feature we also plan to integrate a remote desktop feature, to allow us to provide our clients with live and instant support.
While setting up our new live services, it became apparent that we would need an external IP address issued to our WRT54GL router running DD-WRT. Our first attempt led to success, but our connection was dropping every 10 minutes. This was causing our dowloads to drop and fail, IM disconnects, and live support dropping our support sessions. After reading the router logs, we found that our WAN DHCP lease was running out after 10 minutes. After that 10 minute time frame the connection was dropped, and the lease renewed. Obviously this is a major problem.
With a bit more research we found that the DD-WRT SPI firewall is blocking responses from the DCHP server. UDP requests are sent to the DHCP server at 50% intervals, but the response is actually coming from a different server, and is thus blocked by the firewall.
The easiest fix for this is to add the following command to your firewall rules.
1
iptables -I INPUT -p udp --sport 67 --dport 68 -j ACCEPT
After entering this command into our firewall rules, our issues with dropped downloads, and intermittent web signals vanished. It ended up just being a case of a powerful firewall, doing its job just a little to well.
Let us know if this article was helpful to you. We provide all of our articles free of charge, and free of ads, with the hope that our users find them useful. We even find ourselves referring to our own articles while in the field making repairs. Happy computing. 
¡Muchísimas gracias! This article helped me so much!
I was so glad someone posted this. I was on the phone with att support for 4 hours before looking through ddwrt command database and figuring this out on my own.
The sad part is the fact that no one at Att could tell me why there DMZ+mode assigned 10 minute lease times, nor how it impersonates (bridges) the public dhcp server.
never had this problem with Comcast, but at least my connection stays up for more than 30 days at time with att…
Just wanted to thank you for posting this. I have had Youtube and large (long timeframe) download interruptions since I switched to Uverse with my DD-WRT router and didn’t know why. I had searched before and this time found your site.
Thanks!
Thanks alot. Just got Uverse yesterday and my DDWRT router was hanging up on large downloads. This seems to have fixed it.
Where exactly do you add this rule with DD-WRT?
Thanks!
Under the “Administration” tab, click the “Command” tab. Copy the rule into the “Commands” box and click “Save Firewall” below that. You may or may not need to restart your router. If you’re successful, you should see your lease time being renewed every 5 minutes. You can validate this by going to the “Status” tab, and under that the “WAN” tab. Your lease should be for 10 minutes, with a renewal at the 5 minute mark. So essentially, if you see anything under 5 minutes under Remaining Lease Time you need to check that you’ve added the rule correctly. Good Luck…
Thank you so much. Now I can watch youtube and use skype without drops.
You, sir, are a genius! Thank you so much for posting this. Fantastic tip.
Thank you so very much for this article. It literally has saved me from ripping out my hair trying to figure out why I could never finish downloading the iPhone firmware updates for my phone from Apple. The past twenty or so attempts that I had tried all failed at seemingly random points in the download and after applying this firewall rule I was able to directly download the firmware file on the first attempt.
Is it okay if I republish this information on my own site and provide a link back to this address? I want to be able to preserve this valuable information in case I need it again quickly.
Thanks again!
[…] up empty-handed for a long time, I was ready to throw in the towel. And then I stumbled across this article. It turns out that the 2wire device only gives a ten minute lease time for the public IP address it […]
Thank you so much for this tip. Like others have stated, it has save my hair from the wrath of frustration!
This has been an issue for me for some time now. Each time I would stream audio, it would crash after a few minutes (maybe 10 as it turns out) or so. Thanks!
Brilliant!!! I have been struggling with this for months — Youtube streaming, downloading files, Android phone updates… what a mess. The DMZ+ “feature” has caused me multiple headaches, but I’m hopeful that this is the last one I will need to fix!
Thanks again!
This was exactly what I was looking for. You guys saved me countless headaches.
The partial podcasts and downloads were one thing. Having to drive into work on the weekends for failing file downloads/uploads was another.
Thanks so much!
Brilliant article/fix.
I too upgraded to Uverse and had file download interruptions once I configured the 2Wire router to put my DD-WRT router into the DMZ and supply it with a public IP to play with.
I did not need to reboot the router after inputting the firewall ip tables command given in the above article. Saving the firewall rule forced the router to restart the WAN connection in real-time after which it stayed up.
Thanks!
Was losing my mind.… found some other firewall rules, but yours was working great (Tomato and ATT Uverse with the 2wire).
Just one question: is there any way to lock down the open ports to the MAC address of the modem?
I have the exact same configuration (DD-WRT device behind U-VERSE RG) and I’ve been trying to solve this problem for months, I’ve tried three different routers and everything I could possibly think of. Thank you soooooooo much!!!!