Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing PPPoE Modem

    Scheduled Pinned Locked Moved General pfSense Questions
    23 Posts 5 Posters 9.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johniebravo
      last edited by

      Why not let the modem do the PPPoE authentication to your ISP, and simply do a IP Passthrough or static assignment of your address to your pfsense box.

      This should allow you to connect to your DSL modem through the routing automatically configured through pfsense.

      I need more information on why you are trying to set it up the way you are.  In my experience it has always been better to let the DSL modem do the PPPoE authentication as it also sets the correct MTU for the connection and can ultimately cause issues when traversing remote firewalls.  Especially through a VPN.

      Talking out of my ass as always… ;)

      Peace...

      1 Reply Last reply Reply Quote 0
      • K
        KingJ
        last edited by

        @jahonix:

        I think this is the post GruensFroeschli referred to:

        http://forum.pfsense.org/index.php/topic,5727.0.html

        Exactly what I was looking for! Excellent. However, I ran into some trouble executing the commands.

        With Databeestje's help we found a solution:

        SSH to pfSense and input the following:

        
        pkg_add -r redir
        ifconfig fxp0 192.168.0.2/24
        redir --lport 8989 --cport 80 --caddr 192.168.0.1 &
        
        

        In this example 'fxp0' is the real WAN interface (on which pfSense runs PPPoE).
        In the example it gets an IP address (192.168.0.2/24) from the modem's subnet (192.168.0.1/24) assigned and
        redir puts a Proxy on port 8989 of the pfSense and forwards it to the modem on port 80
        You can access the modem by connecting to any of the pfSense's addresses (e.g. LAN) on port 8989 and get redirected to the modem's WEBGUI

        I typed in pkg_add -r redir  - no problems, downloaded and added
        then ifconfig vr0 10.0.0.1/24    - no problems
        then redir –lport 8080 --cport 80 --caddr 10.0.0.2  - command not found: redir. 10.0.0.2 is the address of the modem.

        Why is redir not found? I just installed it. Do I need to reboot after adding a package? Can't try that now since i'm about to leave.

        Insert Quote
        Why not let the modem do the PPPoE authentication to your ISP, and simply do a IP Passthrough or static assignment of your address to your pfsense box.

        This should allow you to connect to your DSL modem through the routing automatically configured through pfsense.

        I need more information on why you are trying to set it up the way you are.  In my experience it has always been better to let the DSL modem do the PPPoE authentication as it also sets the correct MTU for the connection and can ultimately cause issues when traversing remote firewalls.  Especially through a VPN.

        Talking out of my ass as always…

        Peace...

        Good suggestion, but it's not really a PPPoE modem. Rather, it bridges the PPPoA connection from my ISP to PPPoE into the firewall. I set up the username and password in the firewall, it gets passed via PPPoE to the modem and establishes a PPPoA connection to my ISP (BT Business for those that are interested). This way, I get a modem I can use with devices other than pfSense (as opposed to PCI modems, which you wont see fitting in most home routers) and avoid the doulbe NAT issue that I had with my previous modem.

        1 Reply Last reply Reply Quote 0
        • J
          johniebravo
          last edited by

          look at the netopia or westell modem models.  They do a whole lot more for ya, and provide more functionality by taking part in the routing process.

          Peace…

          1 Reply Last reply Reply Quote 0
          • K
            KingJ
            last edited by

            Needed a reboot, redir is now installed. However,

            redir –lport 8080 --cport 80 -caddr 10.0.0.2

            addr: host unknown.

            Looks like I won't be able to communicate with the modem through the WAN interface. Will have to try adding a second LAN interface.

            1 Reply Last reply Reply Quote 0
            • jahonixJ
              jahonix
              last edited by

              Can you ping and/or connect to your modem when hooked up to a 10.0.0.0/24 subnet on a switch or crossover cable?

              1 Reply Last reply Reply Quote 0
              • K
                KingJ
                last edited by

                @jahonix:

                Can you ping and/or connect to your modem when hooked up to a 10.0.0.0/24 subnet on a switch or crossover cable?

                Short answer yes, but im not sure i've explained myself properly. The modem is a PPPoE to PPPoA bridge, my line goes into the modem and an ethernet cable goes from the modem to a network card in the pfsense box (vr0, WAN). I set up a PPPoE connection in pfSense, with my PPPoA username and password, which gets passed to the modem and initiates the connection via PPPoA to my ISP.

                The modem however, has 4 ports on the back. If you plug another computer into one, you can access status page/telnet but not the internet.

                I want to be able to access these status pages from the LAN via pfSense. It looks like I won't now be able to do this, unless I add another LAN interface in and plug it into the modem, can I do this and if so, how?

                Thanks.

                1 Reply Last reply Reply Quote 0
                • J
                  johniebravo
                  last edited by

                  Just out of curiosity what brand/model is the DSL modem?

                  1 Reply Last reply Reply Quote 0
                  • K
                    KingJ
                    last edited by

                    @johniebravo:

                    Just out of curiosity what brand/model is the DSL modem?

                    DrayTek Vigor V100

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      @KingJ:

                      The modem is a PPPoE to PPPoA bridge…

                      Shouldn't matter what media it bridges to. You got a PPPoE connection to your pfSense's WAN and that's working, right?
                      Your WAN is static you said. Does it get the same address/IP via DHCP when connecting?

                      @KingJ:

                      I typed in pkg_add -r redir  - no problems, downloaded and added
                      then ifconfig vr0 10.0.0.1/24    - no problems

                      You should not config your vr0 if manually. This can/might/will break things.
                      Just leave it the way it is. Redir just forwards to the caddr.

                      @KingJ:

                      then redir –lport 8080 --cport 80 --caddr 10.0.0.2  - command not found

                      You rebooted already…

                      1 Reply Last reply Reply Quote 0
                      • K
                        KingJ
                        last edited by

                        @jahonix:

                        Shouldn't matter what media it bridges to. You got a PPPoE connection to your pfSense's WAN and that's working, right?
                        Your WAN is static you said. Does it get the same address/IP via DHCP when connecting?

                        Yes, I get my external IP showing up on the 'Interfaces' page on pfSense, along with my ISPs DNS and Gateway.

                        You should not config your vr0 if manually. This can/might/will break things.
                        Just leave it the way it is. Redir just forwards to the caddr.

                        Not quite sure what you mean, should I use fxp0, even though thats not currently a valid interface? ng0 was rejected, and when I used vr0, it was accepted but I had to disconnect/connect the PPPoE interface to regain internet connectivity.

                        You rebooted already…

                        After I rebooted, redir was found, but didn't work properly, getting the error

                        redir –lport 8080 --cport 80 -caddr 10.0.0.2

                        addr: host unknown.

                        1 Reply Last reply Reply Quote 0
                        • jahonixJ
                          jahonix
                          last edited by

                          @KingJ:

                          redir –lport 8080 --cport 80 -caddr 10.0.0.2

                          addr: host unknown.

                          OK, forget about the comments about the interface in my previous post…

                          Use your WAN interface (vr0) and assign an IP to it:
                          ifconfig vr0 10.0.0.1/24

                          Add the redir proxy then:
                          redir --lport 8080 --cport 80 -caddr 10.0.0.2 &

                          You should be able to access the modem through  http://pfsense-lan-ip:8080  then.

                          Maybe you forgot the trailing '&'?

                          Just checked it over here. I can access my modem's web server and have access to the internet, of course. The latter shouldn't be affected by this.

                          1 Reply Last reply Reply Quote 0
                          • jahonixJ
                            jahonix
                            last edited by

                            @johniebravo:

                            Why not let the modem do the PPPoE authentication to your ISP, …

                            You don't have your WAN IP in pfSense then.
                            This prevent using Dyndns from pfSense and you dont see your actual WAN status, e.g. if you're connected with your ISP or not…

                            1 Reply Last reply Reply Quote 0
                            • K
                              KingJ
                              last edited by

                              I never did notice that trailing '&' before. Added it on though and it made no difference.

                              @pfSense:

                              ifconfig vr0 10.0.0.1/24

                              redir –lport 8080 --cport 80 -caddr 10.0.0.2 &

                              [1] 98991

                              addr: host unknown.

                              My modem is definatly 10.0.0.2, just verified it again by connecting my laptop up to it. Subnet mask is 255.255.255.0, could this be causing problems?

                              1 Reply Last reply Reply Quote 0
                              • E
                                eri--
                                last edited by

                                I don't think you need that redir at all since you are using PPPoE with pfSense just set WAN(vr0) with the ip disable the option to block private networks on pfSense if you have not done already and just set up and advanced nat if you're using another subnetwork scheme on you LAN to nat your ip to 10.0.0.0/24 if you're trying to reach port 80.

                                This should work.

                                1 Reply Last reply Reply Quote 0
                                • jahonixJ
                                  jahonix
                                  last edited by

                                  @eri--:

                                  I don't think you need that redir at all since you are using PPPoE with pfSense just set WAN(vr0) with the ip …

                                  Everything you send out the WAN is encapsulated in PPPoE. This should not work.

                                  1 Reply Last reply Reply Quote 0
                                  • jahonixJ
                                    jahonix
                                    last edited by

                                    @KingJ:

                                    My modem is definatly 10.0.0.2, just verified it again by connecting my laptop up to it. Subnet mask is 255.255.255.0, could this be causing problems?

                                    It shouldn't matter on which (private) subnet the modem responds to and the net mask if /24. Mine is on 192.168.1.1 and it works. Even without disabling 'block private networks'.
                                    Are you sure vr0 is the real interface that WAN is assigned to?

                                    I'm a bit clueless here…

                                    1 Reply Last reply Reply Quote 0
                                    • K
                                      KingJ
                                      last edited by

                                      @jahonix:

                                      It shouldn't matter on which (private) subnet the modem responds to and the net mask if /24. Mine is on 192.168.1.1 and it works. Even without disabling 'block private networks'.
                                      Are you sure vr0 is the real interface that WAN is assigned to?

                                      Yes

                                      It should be noted i'm running 1.2RC3, built on Wed Nov 7 19:10:57 EST 2007. I should probably update that.

                                      1 Reply Last reply Reply Quote 0
                                      • jahonixJ
                                        jahonix
                                        last edited by

                                        10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
                                        What the heck is your ISP doing there?

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          KingJ
                                          last edited by

                                          @jahonix:

                                          10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
                                          What the heck is your ISP doing there?

                                          Thats not my ISP, thats me. For some reason, DNS dosen't get passed through to pfSense, so I set it as 10.0.1.3 (Primary server on the wan side) and 10.0.0.2 (old router that this modem setup replaced). Reverted it to just 10.0.1.3, with the option to have it overidden enabled.

                                          Edit: Updated to latest snapshot (1.2-RC3 built on Mon Nov 26 14:47:57 EST 2007) and it now gets my ISP DNS servers on vr0, or it could have been the reboot I don't know, I was pressing disconnect/connect last time and not getting the ISP dns.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.