Time Capsule 3T Double NAT

AT&T modem/router - 2Wire 3600HGV with wireless services turned off and in bridge mode via DMZPlus

According to the article you quoted DMZplus is actually half-bridge.

8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.

So something has gone wrong. The 2wire or the Time Capsule has something wrong in the setup.. it actually could be the 2wire.. because it has retained the MAC address of the old TC.. and is therefore passing a private IP to the new TC instead of the public IP.

I would reset both to factory and start over. You will need to know the AT&T configuration for the modem.. username and password for whatever authentication method is used.. If it is PPPOE then don't start without knowing it. A lot of ISP now use IPOE which does not require any authentication on your end.

Also a good idea before you start to save configuration in both 2wire and TC so you can easily get back to a working setup.. even if it works less well than you would like.

I have no idea how to do it in 2wire.. in the airport you need to use airport utility.. click on the TC icon and click edit in the summary that comes up.

You can then export the configuration.

I would test a few things first.

Setup the 2wire as standard modem router.. ignore the TC for the moment. Check it gets a public IP on the WAN.

If it gets a private IP or a special set of public IP your setup is now under CGNAT.

See https://en.wikipedia.org/wiki/Carrier-grade_NAT

And notice the 100.64.0.0/10 addresses which seem public but are actually behind a NAT.

Or do you get IPv6 address?

Once you figure out how the 2wire is working.. try again using the DMZplus for the TC.. if it fails or is slow then I think your are really better following Bob's suggestion and stick to the TC in bridge..

But the alternative is to use Static IP and DHCP (no NAT).

I posted the details for this here.

No DNS error, Airport roaming network

I find it works better than bridge in a situation where I am forced to use an alternative main modem router.

There is no port mapping required because there is no NAT. All port forwards are therefore handled by the 2wire..

You should therefore turn off DMZplus.

If you need specific help in the setup of the TC give us a few screenshots of the LAN setup of the 2wire.. its IP address and DHCP configuration.. I can then give you exact TC instructions for the setup.

If you are wondering where the slow down is in your current setup.. I would be looking at DMZplus.. we used to use 2wire modems here.. Australia.. and that half-bridge (also called DHCP spoofing) method was never great.

Also if your ISP is now using IPv6 which seems likely it may not be necessary or might actually work really poorly in DMZplus.

I can not get rid of the Double NAT error.

You have a Double NAT error because you have two devices......the AT&T modem/router and the Time Capsule both trying to act as DHCP and NAT routers for the same network. This is a fundamental no no in networking.

You only want one device on a network to act as a router.

Configure the Time Capsule to operate in Bridge Mode. Apple calls this "Off (Bridge Mode)"

If you find that the AT&T 2 Wire 3600 HGV cannot be set up in a true Bridge Mode configuration......and you want to stay with the current DMZ mode on the 2 Wire......then the DHCP Only setting on the Time Capsule might allow you to use the Time Capsule to assign IP addresses to local devices......IF.....the 2 Wire is providing a Private IP address to the Time Capsule......something in the 192.168.x.x, or 10.0.x.x, or 172.16.x.x range.

In theory.....( I don't have a 2 Wire 3600 here to test)....this would allow the Time Capsule to provide DHCP service to your network devices while the 2 Wire continued to provide NAT service. This would eliminate the Double NAT error while allowing the Time Capsule to still function as a DHCP router.

Whether or not you would still have to set up the Time Capsule to open ports manually is open to question. You might not have to do this at all on the Time Capsule if the 2 Wire supported UPnP in the DMZ or Passthrough Mode.

Frankly, the simplest setup of all might be to set up the 2 Wire to handle DHCP and NAT and port forwarding (if not handled by UPnP), and then set up the Time Capsule in Bridge Mode.

Here, I am assuming that AT&T does not offer a simple Bridge Mode modem only option.

Currently, the AT&T modem/router is in Bridge mode, as stated in my original post . . .

No, it's not. You would not have a Double NAT if the AT&T device was set up in Bridge Mode.....because NAT is turned off in Bridge Mode.

I have yet to find an AT&T modem/router that can be set up in true Bridge Mode, but don't have your AT&T model here to test. I would be amazed if it can be set up in Bridge Mode though. Usually, the best that you can do is try to set up DMZ or IP Passthrough mode. Unfortunately, you will still have NAT enabled in these settings.

If you have set up all the port forwarding, etc on the AT&T modem/router, the Time Capsule in Bridge Mode will simply pass those settings through unaltered from the AT&T router to any connected devices.

Double NAT is known to significantly reduce connection speeds, in addition to other issues as well.