Pages Menu
Categories Menu

Posted by on Dec 28, 2011 in Blog, Computer Hardware | 3 comments

AT&T U-verse with DD-WRT router in DMZ mode

I recently got AT&T’s U-verse service at home and have been enjoying it so far.  The internet has been working much better than my Mediacom service had been doing.  My only issue was that I wanted more control over the router and I wanted to setup VPN access into my home network.  So, I installed DD-WRT on my Cisco E4200 wireless access point/router then got the AT&T setup in DMZ mode to pass traffic to the E4200.

This setup was working great for almost all aspects except when I would VPN into work or even do a SSL remote desktop session outside my network.  After about 5 minutes the remote desktop session would become unresponsive and I’d have to reconnect.  This was driving me crazy because I couldn’t work for more than 5 minutes at a time.  I did a bit of Googling and found the answer on the following site:

Basically, the DMZ mode on the AT&T router was causing the DD-WRT to renew it’s lease every 5 to 10 minutes.  The DHCP responses were being blocked by the DD-WRT firewall.
Adding the following command to the DD-WRT firewall fixed the problem and I haven’t had a remote desktop timeout since:

iptables -I INPUT -p udp –sport 67 –dport 68 -j ACCEPT

(Click the Administration tab, then Command tab.  Enter the above command in the text box and click Save Firewall then reboot.)

Be sure to check out the above website where I got the fix from.  They have a lot of tips and fixes for other issues as well.


  1. Jason,

    I am trying to do the same thing that you have done with an E series Cisco router. I am not having much luck. My uverse RG keeps telling me that the port that I am trying to do DMZ on can’t because it is static and the dd-wrt router for some reason dies if I try to change it’s IP address by not bringing back the web interface. Do you have any insight?


  2. One issue that I ran into when I first started setting it up was that my Astaro box was somehow pulling 2 ip addresses from the ATT router. It took me forever to figure that out and I couldn’t get it to stop. So, I ended up reloading the Astaro box. After that it worked. Not sure that will help you any though.

  3. Hey – thanks for the tip. Note that your blogging software turned the two hyphens in front of sport and dport into an em-dash. Also, this tip also works for dd-wrt variants like gargoyle, but you need to ssh to your router (ssh root@your-router-ip) using your normal admin password, then just type or paste in the iptables command.


Post a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>