[kman42]

I just got ATT UVerse installed and I had to do all sorts of crazy stuff (to me anyway) to get it to work and I'd like some help in understanding what it all means.

I used to have my cable modem plugged into my Airport Extreme which served IP addresses via DHCP to my computers and my Airport Express (working just for iTunes).

I now have my Airport Extreme connected to the residential gateway and in DMZ mode. What is this and is it secure?

I can no longer assign IPs to my computers using DHCP from my Airport Extreme. I had to set it to Bridge mode and the computers now seem to get IPs from the residential gateway (?).

Everything seems to work, including my iTunes to my living room Airport Express, but I am concerned because I don't really understand how all this is working. This gives my security stress. It all made sense to me when I just had my cable modem plugged into my Airport Extreme and it created a closed wireless network with a good password and only allowed my computers/iPhone's MAC addresses to connect and assigned the IP addresses.

Can someone explain to me how this DMZ and Bridge mode works and what I should look for and configure to get things secure again?

thanks,
kman

[Mastrap]

DMZ = demilitarized zone. This means that you're putting a machine outside your firewall and it is about as non-secure as it gets. Useful for streaming music etc, but not to be recommended for anything else.

[kman42]

But that's not the whole story, right? It's not my computers that are being DMZ'd, it's my Airport Extreme. When it was connected to my cable modem it was also outside the firewall. I guess my big concern is the Bridge mode that the Airport is in and that my computers are getting their IPs from the Residential Gateway and not the Airport.

kman

[Doofy]

OK, on my router at least:

The DMZ is still protected by the firewall, but can't access "internal" computers. So, "internal" can reach the net and the DMZ... ...the DMZ can only reach the net, not the "internal" segment. I still have to port forward anything I want to serve from the DMZ. YMMV (depends on your router/mode, I guess).

Bridge mode, the computers will be picking up outside IP addresses and probably won't be protected unless you've taken special measures. It's just like a straight through pipe to the outside world.
Check your computer on the bridged segment and see whether they're picking up inside addresses (192.168.x.x) or outside addresses. Outside is probably a bad thing. I'd generally only run bridged to make the AE act as a switch and if I had a firewall dishing out DHCP addresses upstream.

Make sure your AE is in "share a public address" mode then go from there. That should sort it.

Hope that made some sense. I'm new to AE myself (a couple of days) but this should be the correct info. Mine's actually in bridge mode because I have a mil-spec firewall upstream of it.

[kman42]

Well, I put the AE in the DMZ and it has an outside IP address. When I had it serving IP addresses to my computers (Share a public IP address mode), I couldn't access the internet. I talked to ATT and the incredibly unhelpful person said that any internal router could not serve DHCP IPs, so I put the AE in bridge mode. This got everything working and my computers all get their IPs from the residential gateway (they are internal 192.168... addresses).

I'm going to upgrade to 802.11n when I get my AppleTV and I don't want my network crippled by the slow residential gateway. Since my computers and my Airport Express are getting their IPs from the residential gateway then all the traffic will be going through that slower device, right?

I really just want the residential gateway to act as a modem and give my AE an IP as it used to be set up with my cable modem.

kman

[goMac]

If your UVerse box is behind your Airport you may not be able to turn on address sharing on your Airport. This is the one good reason I can think of for why your Airport Extreme was put into DMZ mode.

[kman42]

My Airport is actually behind the UVerse box. Cable line-->UVerse box-->WAN on the Airport