Accessing PPPoE Modem

johniebravo

Why not let the modem do the PPPoE authentication to your ISP, and simply do a IP Passthrough or static assignment of your address to your pfsense box.

This should allow you to connect to your DSL modem through the routing automatically configured through pfsense.

I need more information on why you are trying to set it up the way you are.  In my experience it has always been better to let the DSL modem do the PPPoE authentication as it also sets the correct MTU for the connection and can ultimately cause issues when traversing remote firewalls.  Especially through a VPN.

Talking out of my ass as always… ;)

Peace...

KingJ

@jahonix:

I think this is the post GruensFroeschli referred to:

http://forum.pfsense.org/index.php/topic,5727.0.html

Exactly what I was looking for! Excellent. However, I ran into some trouble executing the commands.

With Databeestje's help we found a solution:

SSH to pfSense and input the following:

pkg_add -r redir
ifconfig fxp0 192.168.0.2/24
redir --lport 8989 --cport 80 --caddr 192.168.0.1 &

In this example 'fxp0' is the real WAN interface (on which pfSense runs PPPoE).
In the example it gets an IP address (192.168.0.2/24) from the modem's subnet (192.168.0.1/24) assigned and
redir puts a Proxy on port 8989 of the pfSense and forwards it to the modem on port 80
You can access the modem by connecting to any of the pfSense's addresses (e.g. LAN) on port 8989 and get redirected to the modem's WEBGUI

I typed in pkg_add -r redir  - no problems, downloaded and added
then ifconfig vr0 10.0.0.1/24    - no problems
then redir –lport 8080 --cport 80 --caddr 10.0.0.2  - command not found: redir. 10.0.0.2 is the address of the modem.

Why is redir not found? I just installed it. Do I need to reboot after adding a package? Can't try that now since i'm about to leave.

Insert Quote
Why not let the modem do the PPPoE authentication to your ISP, and simply do a IP Passthrough or static assignment of your address to your pfsense box.

This should allow you to connect to your DSL modem through the routing automatically configured through pfsense.

I need more information on why you are trying to set it up the way you are.  In my experience it has always been better to let the DSL modem do the PPPoE authentication as it also sets the correct MTU for the connection and can ultimately cause issues when traversing remote firewalls.  Especially through a VPN.

Talking out of my ass as always…

Peace...

Good suggestion, but it's not really a PPPoE modem. Rather, it bridges the PPPoA connection from my ISP to PPPoE into the firewall. I set up the username and password in the firewall, it gets passed via PPPoE to the modem and establishes a PPPoA connection to my ISP (BT Business for those that are interested). This way, I get a modem I can use with devices other than pfSense (as opposed to PCI modems, which you wont see fitting in most home routers) and avoid the doulbe NAT issue that I had with my previous modem.

johniebravo

look at the netopia or westell modem models.  They do a whole lot more for ya, and provide more functionality by taking part in the routing process.

Peace…

KingJ

Needed a reboot, redir is now installed. However,

redir –lport 8080 --cport 80 -caddr 10.0.0.2

addr: host unknown.

Looks like I won't be able to communicate with the modem through the WAN interface. Will have to try adding a second LAN interface.

jahonix

Can you ping and/or connect to your modem when hooked up to a 10.0.0.0/24 subnet on a switch or crossover cable?

KingJ

@jahonix:

Can you ping and/or connect to your modem when hooked up to a 10.0.0.0/24 subnet on a switch or crossover cable?

Short answer yes, but im not sure i've explained myself properly. The modem is a PPPoE to PPPoA bridge, my line goes into the modem and an ethernet cable goes from the modem to a network card in the pfsense box (vr0, WAN). I set up a PPPoE connection in pfSense, with my PPPoA username and password, which gets passed to the modem and initiates the connection via PPPoA to my ISP.

The modem however, has 4 ports on the back. If you plug another computer into one, you can access status page/telnet but not the internet.

I want to be able to access these status pages from the LAN via pfSense. It looks like I won't now be able to do this, unless I add another LAN interface in and plug it into the modem, can I do this and if so, how?

Thanks.

johniebravo

Just out of curiosity what brand/model is the DSL modem?

KingJ

@johniebravo:

Just out of curiosity what brand/model is the DSL modem?

DrayTek Vigor V100

jahonix

@KingJ:

The modem is a PPPoE to PPPoA bridge…

Shouldn't matter what media it bridges to. You got a PPPoE connection to your pfSense's WAN and that's working, right?
Your WAN is static you said. Does it get the same address/IP via DHCP when connecting?

@KingJ:

I typed in pkg_add -r redir  - no problems, downloaded and added
then ifconfig vr0 10.0.0.1/24    - no problems

You should not config your vr0 if manually. This can/might/will break things.
Just leave it the way it is. Redir just forwards to the caddr.

@KingJ:

then redir –lport 8080 --cport 80 --caddr 10.0.0.2  - command not found

You rebooted already…

KingJ

@jahonix:

Shouldn't matter what media it bridges to. You got a PPPoE connection to your pfSense's WAN and that's working, right?
Your WAN is static you said. Does it get the same address/IP via DHCP when connecting?

Yes, I get my external IP showing up on the 'Interfaces' page on pfSense, along with my ISPs DNS and Gateway.

You should not config your vr0 if manually. This can/might/will break things.
Just leave it the way it is. Redir just forwards to the caddr.

Not quite sure what you mean, should I use fxp0, even though thats not currently a valid interface? ng0 was rejected, and when I used vr0, it was accepted but I had to disconnect/connect the PPPoE interface to regain internet connectivity.

You rebooted already…

After I rebooted, redir was found, but didn't work properly, getting the error

redir –lport 8080 --cport 80 -caddr 10.0.0.2

addr: host unknown.

jahonix

@KingJ:

redir –lport 8080 --cport 80 -caddr 10.0.0.2

addr: host unknown.

OK, forget about the comments about the interface in my previous post…

Use your WAN interface (vr0) and assign an IP to it:
ifconfig vr0 10.0.0.1/24

Add the redir proxy then:
redir --lport 8080 --cport 80 -caddr 10.0.0.2 &

You should be able to access the modem through  http://pfsense-lan-ip:8080  then.

Maybe you forgot the trailing '&'?

Just checked it over here. I can access my modem's web server and have access to the internet, of course. The latter shouldn't be affected by this.

jahonix

@johniebravo:

Why not let the modem do the PPPoE authentication to your ISP, …

You don't have your WAN IP in pfSense then.
This prevent using Dyndns from pfSense and you dont see your actual WAN status, e.g. if you're connected with your ISP or not…

KingJ

I never did notice that trailing '&' before. Added it on though and it made no difference.

@pfSense:

ifconfig vr0 10.0.0.1/24

redir –lport 8080 --cport 80 -caddr 10.0.0.2 &

[1] 98991

addr: host unknown.

My modem is definatly 10.0.0.2, just verified it again by connecting my laptop up to it. Subnet mask is 255.255.255.0, could this be causing problems?

eri--

I don't think you need that redir at all since you are using PPPoE with pfSense just set WAN(vr0) with the ip disable the option to block private networks on pfSense if you have not done already and just set up and advanced nat if you're using another subnetwork scheme on you LAN to nat your ip to 10.0.0.0/24 if you're trying to reach port 80.

This should work.

jahonix

@eri--:

I don't think you need that redir at all since you are using PPPoE with pfSense just set WAN(vr0) with the ip …

Everything you send out the WAN is encapsulated in PPPoE. This should not work.

jahonix

@KingJ:

My modem is definatly 10.0.0.2, just verified it again by connecting my laptop up to it. Subnet mask is 255.255.255.0, could this be causing problems?

It shouldn't matter on which (private) subnet the modem responds to and the net mask if /24. Mine is on 192.168.1.1 and it works. Even without disabling 'block private networks'.
Are you sure vr0 is the real interface that WAN is assigned to?

I'm a bit clueless here…

KingJ

@jahonix:

It shouldn't matter on which (private) subnet the modem responds to and the net mask if /24. Mine is on 192.168.1.1 and it works. Even without disabling 'block private networks'.
Are you sure vr0 is the real interface that WAN is assigned to?

Yes

It should be noted i'm running 1.2RC3, built on Wed Nov 7 19:10:57 EST 2007. I should probably update that.

jahonix

10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
What the heck is your ISP doing there?

KingJ

@jahonix:

10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
What the heck is your ISP doing there?

Thats not my ISP, thats me. For some reason, DNS dosen't get passed through to pfSense, so I set it as 10.0.1.3 (Primary server on the wan side) and 10.0.0.2 (old router that this modem setup replaced). Reverted it to just 10.0.1.3, with the option to have it overidden enabled.

Edit: Updated to latest snapshot (1.2-RC3 built on Mon Nov 26 14:47:57 EST 2007) and it now gets my ISP DNS servers on vr0, or it could have been the reboot I don't know, I was pressing disconnect/connect last time and not getting the ISP dns.