Access router (modem) in front of WAN interface

viragomann

@demux
How to access the modem is well explained in the pfSense docs: Accessing a CPE/Modem from Inside the Firewall

demux

@viragomann

Uiii, did not know about that part of the documentation. Thanks !!!!

neogrid

Do what this dude has done https://www.linuxserver.io/blog/2019-11-10-modem-webui-pfsense

demux

I just wanted to add the interface but the interface is not listed as available.

When adding an interface and changing the interface port afterwards I get this:

The following input errors were detected:
Port igb1 was assigned to 2 interfaces: WAN1 (WAN) OPT4 (OPT4)

viragomann

@demux
So there is already assigned an interface to the port.
What is WAN1? How is it configured?

Do you have multiple WAN connections or just a single?
As you stated above, your WAN is configured for PPPoE, so you can also use the native port for modem access.

demux

@viragomann

It works fine for the PPPoE interface, I successfully added a second interface.
Yes, there are multiple WAN connections. I just tried that for the other interface (DHCP). We need to access two modems.
(Sorry forgot to mention that.)

viragomann

@demux
The suggested method works on a PPPoE interface, as you mentioned you want to do.

On a DHCP ctivated interface you cannot add an additional IP configuration and this is also not needed at all.

So the modem is in bridged mode?
However, before you go further with the DHCP, ensure that the modem is replying to it's private IP on the same port.
Some modems you can only be accessed on different ports then the bridged one.

demux

@viragomann

It is in bridged mode. And it does respond. It is on 192.168.100.1
But I cannot get through pfSense.

viragomann

@demux
So you have add a virtual IP to that interface out of the modems private subnet. Firewall > virtual IPs. Use type IP alias.

Assuming the modems private subnet is 192.168.100.1/24, assign e.g. 192.168.100.10/24 to the interface.
Add an outbound NAT rule for the destination 192.168.100.0/24 (or at least 192.168.100.1/32) and set the translation address to 192.168.100.10.

demux

@viragomann

Means basically the same as with PPPoE/VDSL except that not adding a separate interface but adding an IP alias. Right?

viragomann

@demux
Yes, it's the same use case. You need an IP within the modems private subnet which you're natting the source packets to to communicate with the modem.
Since the interface has already an IPv4 from the DHCP, you need to add the additional IP as a virtual one.