Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall

    General pfSense Questions
    5
    13
    712
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Rebel Alliance @guardian
      last edited by

      @guardian again I’ve never had to do this, but the gist of the article is to get a working IP in the modem’s network. Maybe try an alias 192.168.100.2/24 on WAN? Ping from pfSense should work at that point I’d think. And then outbound NAT using that IP to get to .1.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer @guardian
        last edited by

        @guardian

        I am going to assume that this is a cable modem. What model?

        Some cable companies do turn off the ability for the user to see the GUI of their own cable modem. Sucks but..

        Unless you have some type of VPN or PPPoe then you should be able to access the modem.. any ISP. If it does not answer based on its settings then there is nothing you can do except argue with your ISP about it. Good luck with that.

        Can you ping 192.168.100.1 ? Try it from both your device and from pfSense diagnostic page.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • G
          guardian Rebel Alliance @SteveITS
          last edited by

          @SteveITS said in Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall:

          @guardian What’s the IP of your ISP modem? In my experience with AT&T and Comcast nothing extra is needed and I can just browse to it.

          @SteveITS -- Interestingly I am able to access 192.168.100.1 at the moment while the service is operating correctly.

          My problem is, when I lose connectivity (IPv4 address goes away), I can no longer reach 192.168.100.1 -- which is exactly when I need to look at it. I need to go get a laptop, unplug pfsense, connect the laptop to see what is happening with the modem.

          Do I need some sort of NAT or other setup so that I can still access the Modem when the internet is down?

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @guardian
            last edited by

            @guardian well that sounds like a completely different issue. Is the link dropping in pfSense system log? If pfSense is losing its IP I’d kind of expect so, so nothing is going to work.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @SteveITS
              last edited by

              @SteveITS said in Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall:

              o nothing is going to work.

              If you have a vip set, this IP would not go away... As long as the interface was up on pfsense.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @johnpoz
                last edited by

                @johnpoz That’s correct of course… in my head I was following the “link down” I alluded to and didn’t write it well.

                Overall why does OP’s WAN IP disappear? Modem reboot, DHCP not renewed, bad cable, bad port, etc, etc.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @SteveITS
                  last edited by

                  @SteveITS said in Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall:

                  Overall why does OP’s WAN IP disappear? Modem reboot, DHCP not renewed, bad cable, bad port, etc, etc.

                  All very valid questions ;) if the port is down not going to matter if pfsense interface has an IP or not.. heheh

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    guardian Rebel Alliance @johnpoz
                    last edited by

                    @johnpoz said in Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall:

                    @SteveITS said in Having Trouble with Instructions for Accessing a CPE/Modem from Inside the Firewall:

                    Overall why does OP’s WAN IP disappear? Modem reboot, DHCP not renewed, bad cable, bad port, etc, etc.

                    All very valid questions ;) if the port is down not going to matter if pfSense interface has an IP or not.. heheh

                    @johnpoz thanks for coming in on this. When pF sense is loses it's IP, it's on the RF side of the modem.

                    The link is still up but the public IP has disappeared. I believe if I had a static IP in the
                    192.168.100.1/24 range I would still be able to access the Modem Diagnostic GUI (WDG).

                    When I disconnect pfSense and plug in a laptop which is configured for DHCP, it can access the WDG. I wasn't paying attention when I did this, but I'm pretty sure that the laptop got configured by DHCP - I just entered http://192.168.100.1 in a web browser, and it displayed the WDG.

                    I put in a restriction in pfSense to not accept a an IP in the range 192.168.100.1/24 from DHCP based on advice from this forum because when the public IP would go away, and the gateway's internal DHCP would assign pfSense an IP in the 192.168.100.1/24 range. When the public IP came back, pfSense was not dropping this IP and requesting a public IP.

                    Is it possible to put a static VIP on the WAN (ethernet em0)? Would this solve the problem? If so, how do I do this since it isn't possible to assign 2 interfaces to a single ethernet port as per the instructions given in other replies.

                    If you find my post useful, please give it a thumbs up!
                    pfSense 2.7.2-RELEASE

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Rebel Alliance @guardian
                      last edited by

                      @guardian in a nutshell you can add an IP alias: https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html

                      Then the Configure NAT step from https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html#configure-nat should work. I’d expect pfSense itself should be able to ping it as well with the alias functioning.

                      Basically you’re adding an extra IP to WAN.

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Yup that^. Just be sure that your outbound NAT rule is highly targeted so it only ever matches traffic trying to reach the modem.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.