New NIC - Now can't access cable modem GUI

alhaunts · Dec 5, 2023, 3:47 PM

Networking noob here. Running CE 2.7.1 with a 192.168.1.0/24 LAN subnet. Basic default configuration. WAN gets an external IP via DHCP from a bridged cable modem. I was able to access the modem admin GUI at 192.168.100.1 just fine UNTIL I upgraded the NIC.

Now everything seems to work well EXCEPT I can no longer reach the modem GUI. The attempt simply times-out. Any help is appreciated.

alhaunts · Dec 5, 2023, 3:45 PM

I should add that I can successfully ping the modem at 192.168.100.1 from the LAN, but get no other response.

stephenw10 · Dec 5, 2023, 4:49 PM

Which NIC did you upgrade? From what to what?

I assume you have a public IP on the WAN side?

Steve

alhaunts · Dec 5, 2023, 7:16 PM

@stephenw10

Upgraded from Realtek RTL8111 1Gb NICs with the re(x) driver to Intel i226-v 2.5Gb NICs with igc(x) driver.

Yes, I have a public IP on the WAN and internet access is working perfectly. It's weird to me because I can ping the modem at 192.168.100.1 and get 2ms response times, but trying to access the same IP with a browser now just times out. This was no a problem before the NIC upgrade.

I'm stumped.

stephenw10 · Dec 5, 2023, 8:31 PM

Mmm, that shouldn't make any difference.

Can you ping the modem from a LAN side client as well as pfSense itself?

Do you have outbound NAT set to manual mode? You might be missing a required rule there.

alhaunts · Dec 5, 2023, 9:30 PM

@stephenw10

Yes. Pingable from both pfSense diagnostics & LAN side clients. About 2ms response time from both.

Outbound NAT is set to automatic. (firewall/routing rules are the defaults)

Cable modem is a Sagemcom F@ST 3896 in bridged mode (if it matters).

JKnott · Dec 5, 2023, 9:36 PM

@alhaunts

Some cable modems have to be rebooted when the NIC or computer has been changed.

tinfoilmatt · Dec 5, 2023, 9:45 PM

Some cable modems have to be rebooted when the NIC or computer has been changed.

i'd venture to say 'all' but would settle for 'most.' L2/ARP cache thing.

another thing i've personally wrestled with before: doesn't sound like you are, but make sure you're not using any 'custom' DNS entry for the modem and attempting access only via its IP address. modern browser certificate checks, not-worth-tracking-down-in-browser-settings and whatnot kinda thing.

multiple non-cached browsers to corroborate one another.

alhaunts · Dec 5, 2023, 10:16 PM

@JKnott Yes, had to reboot modem and then router to regain internet access, but no joy with the modem login.

NOCling · Dec 5, 2023, 10:19 PM

You need a virtual IP an WAN like this:
🔒 Log in to view

stephenw10 · Dec 5, 2023, 10:32 PM

Yup probably that^.

Hard to explain how that worked with the other NIC though...

tinfoilmatt · Dec 5, 2023, 10:40 PM

@alhaunts pull the power on the modem (technically a 'gateway device' since it functions as both modem and router) for at least 30 seconds. failing that you could...

1.) call ISP to ensure they don't need to whitelist your access. new NIC's MAC address would be the operative piece of information.
2.) buy your own modem.

there's at least a few technical reasons i can think of, based on your description of everything, why you were able to access this GUI before—and now you can't after simply swapping a NIC. but it's not worth delving into if you're simply failing to clear caches through a simple power-cycle and/or need the ISP's assistance.

and it can't be overstated: buy your own modem if the ISP permits it.

tinfoilmatt · Dec 5, 2023, 10:43 PM

@NOCling said in New NIC - Now can't access cable modem GUI:

You need a virtual IP an WAN like this:
🔒 Log in to view

@stephenw10 said in New NIC - Now can't access cable modem GUI:

Yup probably that^.

Hard to explain how that worked with the other NIC though...

no. not unless OP is filtering outbound traffic on the LAN side, which i think we can safely assume is not the case.

@alhaunts just thought of something else while writing this reply—are you using the 192.168.100.1/24 (or smaller) subnet anywhere else on your network?

stephenw10 · Dec 5, 2023, 11:03 PM

Many modem devices will require a VIP and NAT to it so they have a route back to reply. But that would not change with the NIC.

tinfoilmatt · Dec 5, 2023, 11:07 PM

@stephenw10 if the gateway device is echoing pings... there's already a route out and back.

provels · Dec 6, 2023, 1:41 PM

Can you telnet to 192.168.100.1 on port 80?

stephenw10 · Dec 5, 2023, 11:14 PM

This post is deleted!

stephenw10 · Dec 6, 2023, 1:13 AM

@cyberconsultants True!

johnpoz · Dec 6, 2023, 1:26 AM

So ran into something like this a while back.. Where you had to do something with reply-to or something.. Let me see if can dig up that thread..

I currently can access mine on 192.168.100.1 but I know I had to change my rules a bit and could duplicate what the poster was seeing.. give me bit, brb.

edit: ok this is the thread I was thinking about.

https://forum.netgate.com/topic/181715/solved-problems-with-understanding-advanced-egress-filtering

We kind of went down the wrong rabbit hole for a bit.. But this is what I currently have set

🔒 Log in to view

Notice reply-to is set to disabled. If I allow the reply-to it doesn't work..

My vip is set to 192.168.100.2 and my modem is at 192.168.100.1

Have to reread over the thread, but I think if you turned off the whole blocking outbound to rfc1918 it worked without having to disable reply-to.

I kept meaning to dive into the reply-to and outbound blocking and order deeper, but then got side tracked.

stephenw10 · Dec 6, 2023, 1:43 AM

That's outbound on WAN?

That might be bypassed by adding a VIP so it appears as a local subnet. Hmm.

Still wouldn't change by using a different NIC though