Access Modem GUI Behind Firewall
-
@johnpoz said in Access Modem GUI Behind Firewall:
dude is the interface you created this 192.168.5.2 address connected to your modem?
What is pfsense wan?? What specific vigor "modem/router" do you have.. If the thing is doing nat already and pfsense gets a 192.168.5.x address there is NOTHING to do to access your modems interface from behind pfsense.. Any traffic coming from your lan would be natted to pfsense wan IP.
A simple drawing of your network and how the device connects to pfsense and what interface, and are you getting internet through this connection? Is pfsense wan a 192.168.5 network, or is pfsense getting a public IP because the device is bridge mode, or are you using PPPoe for the connection, etc..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 23.09.1 | Lab VMs 2.7.2, 24.03i have put the digram online via link because i can't upload it
Network Diagramdude is the interface you created this 192.168.5.2 address connected to your modem? yes
What is pfsense wan?? i have 3 WAN with Multiwan and Failover setup
WAN 1 Vodafone Cable DHCP Public IP static Per DHCP
WAN SVDL PPPOE Public IP Static per PPPOE
WAN 3 Mobile behind router Mikrotik Chateau 5G DHCP
all are in one gateway group Failover GW
What specific model vigor 167
the Vigor only does MODEM mode no VLAN tagging or anything else
the Vigor has only one subnet to access the subnet is 192.168.5.0/24 the GUI is reachable at 192.168.5.1
the interface Vigor at Assignments is the interface on bge1 which is only available for accessing the modem GUI.
this has the static IPV4 192.168.5.2/24
The following setup 2 modems 1 router
Multimedia socket Coax connection Technicolor TC4400
Modem connected via COAX cable to the multimedia socket and a Lan cable to bge 0 on the Pfsense establishes the connection via DHCP and gets the Static Public iPv4 and V6 via Static DHCP.Telephone socket 1 TAE cable to Vigor then 1 LAN cable from Vigor to bge1 to pfsense pfsense dials in via PPPOE with Static IPV4 Public assigned by the provider's RAS server.
Router Mikrotik Chatau 5G with Sim card Telekom Germany connected via LAN cable to PFsense bge2 connection is established via DHCP only Private IPv4 address 192.168.88.0/24
-
@patient0 I have now changed it but unfortunately I still cannot access the GUI of the Vigor.
-
@Globaltrader312 Ok, the firewall rule for LAN with destination is not needed, btw.
Your NAT Outbound rule looks ok, although it's easier to use "LAN subnets" as source and "VIGOR subnets" but it should work.
Have you changed the IP of the Vigor167? Meaning are you sure the subnet is 192.168.5.0/ ? If you check the ARP table you see the modem?
-
@patient0 no i have not changed the vigor subnet and i am 100% sure that it is correct i was connected directly to the macbook via LAN 2 days ago and could access it. just not via the pfsense
-
@Globaltrader312 I see.
To be sure:
- you're connecting to the internet by PPPoE using the Vigor167, yes?
- Are you able to connect to the internet right now with the pfSense?
- On what interface is PPPoE set?
- The VIGOR interface is assigned to the same interface as the PPPoE?
- Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table"
- When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.
-
you're connecting to the internet by PPPoE using the Vigor167, yes? yes
Are you able to connect to the internet right now with the pfSense? yes with all 3 WAN interfaces
On what interface is PPPoE set? bge1
The VIGOR interface is assigned to the same interface as the PPPoE? yes bge1
Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table" yes
When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.when i connect to the mac i assign the ip manually in the settings with 192.168.5.3
-
@Globaltrader312 Ok, then I'm out of ideas.
In the ARP table you only see your own IP/MAC but not of the modem. Below is mine:
.Is there a route for 192.168.5.0/24 in the routing table (Diagnostics > Routes)?
Did you connect your Mac to the same port on Vigor that you now use to connect the pfSense?
-
Please look at the bottom of the modem for the 48bit MAC address and please see what IP is assigned to it in the ARP table.
Also try to see if the modem will issue a dhcp address if you set that interface to dhcp and not static, see if that populates the arp table entry.
-
-
@Globaltrader312 what does your iMac get as an IP address when directly connected? That demarcation point maybe provides layer 3 address via dhcp directly from that modem to the connected device, if it’s working automatically with a direct connected device open a term window and try ifconfig, and or windows command dos prompt ipconfig. If might issue layer 3 by dhcp and you have it static set to the wrong subnet on interface configuration page.
-
so the modem has no DHCP server activated but only modem mode and private IP is only assigned manually.
direct connection with Mac on the same port with manual ip configuration
with 192.168.5.3. GW 192.168.5.1 and Dns 192.168.5.1 works
same as with my ER 6P and ER 12 I used before the only difference with ER 6P and ER 12 was that I always had to run a second cable to the vigor but only because it can't do 2 assigment on the same ETH port.
-
@Globaltrader312 set the static with the last octet as .3 if that address works. It doesn’t show in the arp table that is weird to me. Are you using a rollover cable, I don’t know if that is a thing anymore however your modem might want a rollover cable. You can also try to spoof the MAC address of the iMac on the interface to test if the arp entry populates. That gateway is that what you have set statically on the interface also?
-
I use a normal Ethernet cable, nothing more.
see photo this is what it looks like on the mac when i connect directly.
-
@Globaltrader312
Upstream gateway?? None?
What about 5.1?
-
@patient0 what is your upstream gateway set as?
-
@Globaltrader312 said in Access Modem GUI Behind Firewall:
you're connecting to the internet by PPPoE using the Vigor167, yes? yes
Are you able to connect to the internet right now with the pfSense? yes with all 3 WAN interfaces
On what interface is PPPoE set? bge1
The VIGOR interface is assigned to the same interface as the PPPoE? yes bge1
Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table" yes
When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.when i connect to the mac i assign the ip manually in the settings with 192.168.5.3
Is the gateway in the same subnet? It seems like we are isolating it to the gateway, can you do a tracert command and see when it fails? And or turn on logging and see what shows up when you try a connection to the gui?
-
@JonathanLee
yes i have not selected an upstream gateway as it says so in the instructions
-
@Globaltrader312 5.0/24 shows bge1 interface. Do you have acls on bge1 ?
-
@Globaltrader312 so it’s not the modem it’s a pfSense configuration mix up, we need to isolate the interface and gateway
-
@JonathanLee no i have not set an ACL because it is not in the instructions
I have created an upstream gateway with 192.168.5.1 for testing purposes, but unfortunately this does not work either
i just don't understand why the access doesn't work i followed the instructions 100%.
could it be the multi WAN setup?
