Access router (modem) in front of WAN interface

demux

Hi,

I do have a DSL router (Vigor 130) as a modem in front of pfSense, means pfSense does the PPPoE login stuff. This router has an http port open on an IP address of 192.168.199.250 where it can be configured.

As long as there is no DSL connection the WAN port of pfSense does not have an IP address and I am not able to access the Vigor. Is there any way to get through the WAN port and access the Vigor even if the PPPoE connection is down?

I tried an IP alias, policy routing, static routes... did not work.

Thanx!
-demux

viragomann

@demux
How to access the modem is well explained in the pfSense docs: Accessing a CPE/Modem from Inside the Firewall

demux

@viragomann

Uiii, did not know about that part of the documentation. Thanks !!!!

neogrid

Do what this dude has done https://www.linuxserver.io/blog/2019-11-10-modem-webui-pfsense

demux

I just wanted to add the interface but the interface is not listed as available.

When adding an interface and changing the interface port afterwards I get this:

The following input errors were detected:
Port igb1 was assigned to 2 interfaces: WAN1 (WAN) OPT4 (OPT4)

viragomann

@demux
So there is already assigned an interface to the port.
What is WAN1? How is it configured?

Do you have multiple WAN connections or just a single?
As you stated above, your WAN is configured for PPPoE, so you can also use the native port for modem access.

demux

@viragomann

It works fine for the PPPoE interface, I successfully added a second interface.
Yes, there are multiple WAN connections. I just tried that for the other interface (DHCP). We need to access two modems.
(Sorry forgot to mention that.)

viragomann

@demux
The suggested method works on a PPPoE interface, as you mentioned you want to do.

On a DHCP ctivated interface you cannot add an additional IP configuration and this is also not needed at all.

So the modem is in bridged mode?
However, before you go further with the DHCP, ensure that the modem is replying to it's private IP on the same port.
Some modems you can only be accessed on different ports then the bridged one.

demux

@viragomann

It is in bridged mode. And it does respond. It is on 192.168.100.1
But I cannot get through pfSense.

viragomann

@demux
So you have add a virtual IP to that interface out of the modems private subnet. Firewall > virtual IPs. Use type IP alias.

Assuming the modems private subnet is 192.168.100.1/24, assign e.g. 192.168.100.10/24 to the interface.
Add an outbound NAT rule for the destination 192.168.100.0/24 (or at least 192.168.100.1/32) and set the translation address to 192.168.100.10.

demux

@viragomann

Means basically the same as with PPPoE/VDSL except that not adding a separate interface but adding an IP alias. Right?

viragomann

@demux
Yes, it's the same use case. You need an IP within the modems private subnet which you're natting the source packets to to communicate with the modem.
Since the interface has already an IPv4 from the DHCP, you need to add the additional IP as a virtual one.