So I promised I would explain how my setup works and here it goes. First some background though. For the last 6 years or so, I’ve been using a Linux box as a router / firewall. About 5 years ago, I started using IPCop, which has both functionalities built into a very stable version of Linux. I did this because I didn’t trust a Linksys machine or anything my ISP could give me. That inherit distrust carried through the years as I added several services / machines behind this gateway. I now run a web server (as you can see), a file server, a proxy server, 2 desktops, and now 2 IPTV set-top boxes courtesy of AT&T.

Typically, the RED interface of the router is connected to the modem. In this case, the modem and the RED interface both plug into the same switch. From there, the rest of the physical connections remain the same (except for how the Residential Gateway is connected).

The RG (Residential Gateway) apparently has some software to (somehow) detect that there is a router behind their router. After talking to 4 levels of tech support, I learned that the RG reserves the first 63 addresses as well as the addresses used by it’s DHCP service. You can disable the DHCP server on the RG, but then you cannot host your own website. I recommend moving all of your interal IPs to 192.168.1.1xx.

I set the GREEN interface to be 192.168.1.102 and all of the internal machines use this as their default gateway. I set the RED interface to pull a DHCP address. This is very important, as it will ultimately give us full control over our connection.

Then I disable all of the firewall services. From the settings page, add all of the services you will be adding to your external access or NAT tables internally. It it important to note that you should be forwarding these ports from the RG to the RED interface detected by the RG. From IPCop, turn on the aforementioned port forwards / external access settings.

Lastly, add your website (if you are hosting one) to the hosts file of each of your internal machines so they can access it. Otherwise, you end up with a wierd loopback connection problem that never resolves itself.

At this point, if you run a port scanner against your public IP, you should finally see port 80 is now available. Now you can use gigabit ethernet internally, have a fiber connection externally, host your own services, and wield full control of your internet connection. I was really on the fence about whether or not I was going to keep the service because of this port 80 issue, but now that it is resolved, I think I’m going to keep it.

I should note that I had troubles with getting DynDns’s Port Redirect service to work, so I’m not sure if that’s a viable option as well, but it may work out for you depending on your situation.