Accessing WAN Cable Modem WebConfig
-
Hello,
My WAN is supplied by an Arris T25 modem without any wifi or routing. It has a config ip of 192.168.100.1
I would like to be able to access that webconfig through my pfSense lan if possible. 192.168.100.1 is not a valid subnet on any of my pf interfaces. It just hands off the comcast Wan interface a dhcp dynamic ip.
Is it possible for me to access this device that sits on switch port 1. Do I need to setup a static route to get to it? When I had the comcast supplied hardware. 10.0.0.1 did allow me into the bridged cable modem without any special config. I ditched that one to avoid lease fees and finally get rid of the extra wifi SSID RF (alarm, wireless set top boxes) it was spueing out even in bridge mode. Thank you very much
-
@jpvonhemel
Did you try to access it?
It should work by default. -
@jpvonhemel said in Accessing WAN Cable Modem WebConfig:
My WAN is supplied by an Arris T25 modem without any wifi or routing.
Do you get a public WAN IP on the pfSense interface via DHCP?
-
@jarhead I did try it, I had to switch my wan failover group to this specific interface, and it did try to load, gave me the self hosted warning. I overrode it and it just spins. I have tried this both on chrome and on firefox.
I might give the modem a powercycle for good measure and try again.
It sounds like if I want to see the config screen, I need to figure out a policy routing or rule to send the 192.168.100.1 ip when accessed from anywhere, to use the appropriate gateway in the advanced section. But that means nothing if I cannot get it to load at all.
Just tried my ipad and it loaded fine. That is a start. Now to figure why it is not loading on my windows 10 pc where I usually am at.
-
You create an VIP (Virtual IP Address) on your WAN interface that is within the same subnet as the Modem. So you would use 192.168.100.2. You then create an Outbound NAT rule for your LAN network that anything destined for that subnet goes through the VIP. Easiest way. If you need more details let me know.
-
@viragomann As I mentioned to another poster, my WAN is typically using a failover gateway group and set to default, and the comcast is failover tier 2, so the https does not hit that interface port when it is not default. If I switch it to comcast it does load on my ipad but not chrome or firefox. That part is something I need to sort through on my own, maybe try a laptop.
If I get it working, can I create a lan? rule to allow 192.168.100.1 through to either any, or just my office pc host but force it to advanced and to use the comcast gateway? Thank you very much
-
@gtaxl Will do. Thank you very much. Happy Holidays
-
@jpvonhemel said in Accessing WAN Cable Modem WebConfig:
@gtaxl Will do. Thank you very much. Happy Holidays
I set this up the best I could, when I go to 192.168.100.2, I land on the pfsense webconfig page and not the arris config page. Not sure what I did wrong. This was with the gateway group setup to failover default and using comcast as the default. It didn't seem to make a difference with gateway or host used to access. I am pasting my vip and outbound nat rule. Thanks again.
-
@jpvonhemel said in Accessing WAN Cable Modem WebConfig:
when I go to 192.168.100.2, I land on the pfsense webconfig page
The modem is 192.168.100.1.
But also in the VIP settings set the proper network mask, I assume a /24. Otherwise pfSense cannot talk to the modem.
-
@jpvonhemel .2 is your pfSense box's VIP, not the modem. You would go to 192.168.100.1, but also on your VIP your subnet has to be a /24.
On your Outbound NAT you want a source of LAN network and a destination of the modem's subnet, 192.168.100.0 /24 then the translation address of the VIP. Then you have to drag this rule above your default LAN outbound rule, otherwise the default rule will take precedent and this won't work.
-
Just wanted to update my post now that I figured out the problem and solution.
Turns out the reason I could not access the cable modem has to do with my recent change to a WAN failover gateway setup. My fiber provider is tier1 and comcast is tier2. Once I thought through, why can't I get packets to my cable modem, I realized, doh, It is because the cable modem is backup and rarely is the active gateway. I created a firewall lan rule allowing 192.168.100.1 with a gateway override to the comcast cable modem gateway and it now allows this page to load. It is amazing how many problems we can induce when we do not realize it.
