Managed to bypass the Actiontec firewall through CLII did a little poking around telnetting into the Actiontec v1000h last night, and had some major success. I wanted to set my v1000h up so that I can use one of my linux boxes to handle all of the firewall and routing, but still retain wireless inside the actiontec. Note, this will also work for people who want to use multiple external IP addresses and have one machine outside the firewall from the rest.
Here's what I did:
1. Log into the v1000h web intreface with the root username/password, and enable local telnet access.
2. telnet into the v1000h (192.168.1.254) using your standard admin username/password (root works too).
3. type "sh" to get into a busybox shell:
From this point on, the router is basically a small linux machine. if you look at the network interfaces, there are quite a few. "atm0" is your DSL modem, "eth0-3" are the ethernet ports on the back, "eth4" is your HPNA port, "wl0" is your wireless. By default there is a bridge set up with wl0 and eth0-4 which is your internal network. For my first test, I re-mapped one of the ports (eth2 in this case) on the back of the router to be "external"
5. Set up a new bridge with one of the ports and the internal DSL interface:
brctl addbr br1
brctl delif br0 eth2
brctl addif br1 eth2
brctl addif br1 atm0
ifconfig br1 up
At this point, the router functioned exactly as it did before, however the computer plugged into eth2 now had a Telus IP address, and was completely separate from the rest of my network. In effect, this computer was outside of the firewall.
6. Set up another new bridge that we will use for the internal network:
brctl addbr br2
brctl delif br0 eth0
brctl delif br0 eth1
brctl delif br0 eth3
brctl delif br0 wl0
brctl addif br2 eth0
brctl addif br2 eth1
brctl addif br2 eth3
brctl addif br2 wl0
ifconfig br2 up
This is done because all of the existing firewall and routing rules inside the v1000h are pointed to the br0 interface. Rather than change all of them, I just moved everything over to another bridge. Now all I need to do is plug the external NIC of my linux box into the eth2 port, and the internal NIC of my linux box into one of the other ports on the V1000h (eth0, eth1, eth3) and my internal network including the wireless is now under my control, not the v1000h's control.
Note that HPNA was left alone as I don't use it. It's very likely that in this setup your TV will still work as that's been un-touched.
Keep in mind that these settings don't stick during a power cycle, and neither does enabling the telnet interface so any time your Actiontec is rebooted, you will need to go back in and re-enable the telnet interface, then re-setup the bridges (or have a script do it for you). There may be a way to make this permanent by setting it up in the configuration file, but I haven't looked too much into it yet.
Edit: you may be able to do it inside an init.d script, but I'm unsure if the /etc/ filesystem is read-only.