Revised New Build
-
-
stephenw10:
You mentioned you had experience with something similar to the Viking card. I was able to install the card in my PfSense router and place it in bridge mode. I adjusted VPI/VCI to 0 and 35 per the Westel modem I use with my Verizon DSL account. All seemed to go well until I plugged my DSL telephone line into the card. The power and LAN lights are on but the DSL light just flashes slowly–the card does not appear to be trying to negotiate a sync with the DSLAM in my local central office. I will check to see if it a simple problem with my phone cord, but it seems odd that everything else has gone o.k. with the setup and then the card will not sync to my DSL service. I already tried changing the settings between ADSL2, ADSL2Plus, etc. Any ideas? ???
-
The Pulsar adsl card was a true modem rather than a router on a PCI card like the Viking is.
There will almost certainly be some logging available on the Viking card. If not on the web interface maybe on a telnet interface?Steve
-
I can't seem to get the web interface to work. I am using IPMI with the console. I guess I have to download the command index file and do some more research. I may not have hit on the right ADSL settings as yet.
-
How do you have it setup?
This should still apply to your situation:
http://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN#For_2.0Steve
-
Steve:
It turns out that my Viking card was not getting 12VDC (to power its DSL front end) through my PCIe slot. My riser card adapter, however, has a 12VDC power connector; once I found the right adapter cable I was able to install it and supply 12VDC to the adapter and Viking cards (in addition to the 5VDC already present). The Viking card now works, yippie! :D
-
Steve:
The ability to access my modem's web interface is something in which I still might be interested. The instructions in the link you supplied, however, are a little confusing. My modem has a default address of 192.168.1.1 (I don't know yet if it can be changed) but my LAN network is on 192.168.0 etc. Is it possible for me to access the modem's web interface and how EXACTLY (please) should I set up PfSense to do so?
Thanks.
-
Most modem/routers (but not all!) have a web interface that is still accessible even when it's in 'pass through' or 'bridge' mode in order to see the line stats etc. This is useful!
You can almost certainly change the default subnet of the router and I would because you may end up using 192.168.1.1 later on (indeed it's the default address of the pfSense LAN). Set it to something less common, say, 192.168.200.1.
You may have to play about with the modem settings to do this. You might end up having to reset it, I did!Which part if the instructions are you unclear on?
Steve
-
Steve:
I did change the router subnet: I set my LAN to 192.168.0.1-254
My modem card default address is 192.168.1.1I tried following the instructions, added the "opt" interface o.k. but I am completely bewildered as to configuring NAT in the firewall.
Do I make up an address for the modem in my LAN subnet, e.g. 192.168.0.30, and use it to access my 192.168.1.1 modem? How do I configure NAT under firewall to do so. I see six rules when I save under "Manuel." Which one do I use? The instructions in the link you provided lack, as we use to say, "human engineering."
-
I tried following the instructions, added the "opt" interface o.k. but I am completely bewildered as to configuring NAT in the firewall.
Take a deep breath and proceed slowly.
http://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN#For_2.0 says
Add an Outbound NAT rule as described above but do NOT choose the WAN interface, choose your new OPT interface.
Scroll upwards through the document from the "For 2.0" section and you will come to the "Configure NAT" section which explains why NAT (Network Address Translation) is needed/recommended. Where this section says WAN you will need to give the OPTx name of the interface you have just added.
Now, where exactly in that section do you get stuck?
Do I make up an address for the modem in my LAN subnet, e.g. 192.168.0.30, and use it to access my 192.168.1.1 modem?
No.
How do I configure NAT under firewall to do so. I see six rules when I save under "Manuel." Which one do I use?
None, you add a new rule as described in the "Configure NAT" section of the document.
The instructions in the link you provided lack, as we use to say, "human engineering."
You are probably correct. I sympathise with technical writers. Many readers are used to scanning (rather than reading) technical documentation and seem to get flustered if they come across "too many" unfamiliar terms "too quickly". And it can be quite difficult for a full-time developer/part-time technical writer who is very familiar with a field to enter into the mind set of a technically competent person who is unfamiliar with the details of a field and so doesn't have a lot of the context that people working in the field naturally assume is shared.
-
They say, "A picture is worth a thousand words." The instructions need to work from the general to the specific and then give a specific example while defining terms and conditions ahead of time; e.g., they might say, "if you have set your router to an address of 192.168.0.200 and your modem has a default address of 192.168.1.1, here is the information you should specify when you edit the outbound firewall rule . . ." It would be easier to reverse-engineer the process that way–I am still bewildered by what I should specify in the outbound firewall rule and what IP address I would type into my browser to access my modem when all is said and done. ???
-
Ok, once you have added the extra interface and it's in the same subnet as the modem here is the problem:
Your modem does not have a route to your client box.
This is because the modem is set up to expect to have gateway on it's WAN but in bridge mode it never connects. The only thing it can see is the new interface on your pfSense box but it doesn't know to use that as a gateway.
I can think of at least 4 ways of solving this problem.
1. Make your pfSense box NAT the connection to the new interface by adding a manual rule. That way traffic arriving at the modem appears to have come from the new interface and it can reply there. This is what you are trying to do.
2. Make your pfSense box NAT the connection to the new interface by adding an extra gateway on the new interface.
3. Add a gateway to modems LAN connection. This isn't always possible via its GUI, my modem couldn't do it.
4. Expand the modems LAN subnet to include addresses in your pfSense LAN. This way it knows which interface to send replies out of. e.g. 192.168.0.1/16. This is what I have done.The NAT rule for option 1 should be:
Interface: your new interface
Source: network 192.168.1.1/24
Destination: network 192.168.0.1/24
Translation: Interface addressSteve
-
:D
O.K, let's try this again, if you have the patience for me. Please title your next post, "Network Translation for Dummies" and assume NOTHING. Steve, I tried your suggestions 1 and 4, but everytime I try to get into my modem card's web interface I get directed to the pfsense dashboard instead.
:( -
Ah, sorry about that. ;)
Ok, that's weird.
If you have the NAT rule in place you should now be able to access the modem on 192.168.0.1.Do you have any thing left over from previous attempts?
Can you post a screen shot opf your NAT rule?
Can you ping the modem?
Steve
-
Steve:
Every time I try to add the NAT rule (per your option 1) using as you suggested,
The NAT rule for option 1 should be:
Interface: your new interface
Source: network 192.168.1.1/24
Destination: network 192.168.0.1/24
Translation: Interface addresswhat happens is the rule automatically defaults to:
Source: network 192.168.1.0/24
Destination: network 192.168.0.0/24Also, "interface" does not give an option to enter the IP address I created when I generated my (modem card) interface.
I am using the latest version of the PfSense embedded software.
Could you elaborate on how you did your option 4 please?
-
Also, "interface" does not give an option to enter the IP address I created when I generated my (modem card) interface.
Hmm, that would be a problem. Is the new interface enabled and 'up'?
The networks defaulting to .0 instead of .1 is not a problem.On my modem, a Draytek V120, I have changed the LAN IP to 192.168.0.1/16. It has the option of entering the LAN subnet via it's webgui so I set it to 255.255.0.0
Now it has a route to other IPs within that /16 so it can send return packets.This trick is a bit nasty and I know it doesn't work with all routers/modems. I have a router here I use as a wifi AP and that still can't return packets.
Steve
-
I have to get to my modem first before I can change its settings.
:D
Perhaps you can elaborate upon option 2?
I read in another forum that one has to disable PPPoE in order to talk to the modem card.
-
Ok, option 2.
pfSense automatically NATs the connection between WAN and LAN in it's default configuration. In fact it will automatically NAT between any internal interface and any interface that has a gateway, which it then treats as a WAN type.
So you can get pfSense to NAT between your LAN and the new interface you created by simply adding a gateway to it.1. Make sure you have NAT set to automatic in Firewall: NAT: Outbound:
2. Add a gateway to your new interface. Goto Interfaces: Yournewinterface: Gateway: 'add a new one'. Set the gateway to the IP address of your modem.In order to setup my modem as it is shown I had to unplug it and connect to it directly with a laptop manually configured to be in the same subnet. I believe you can do something similar with the Viking by using the extra port on the back and moving some jumpers?
It may be that it disabled the web GUI when set to PPPoE bridge mode, but it seems unlikely as you'd then have no access to it. Do you have a link to that post?You can test to see if the modem is responding to anything by pinging it from the pfSense box directly. This will also check that your new interface is configured correctly. You can do this without any other trickery because the two devices are already in the same subnet. Taking this a step further you may be able to telnet to your modem from pfsense and reconfigure it that way. Here's me doing that:
[2.0.1-RELEASE][root@pfsense.fire.box]/root(1): ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.536 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.290 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.286 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.285 ms ^C --- 192.168.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.285/0.349/0.536/0.108 ms [2.0.1-RELEASE][root@pfsense.fire.box]/root(2): telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. Password: ***** Type ? for command help > ? % Valid commands are: upnp ddns exit internet ip ipf csm ddos urlf log portmaptime quit srv sys show mngt wan adsl wol vigbrg tsmail > show? % Command missing, Valid commands are: upnp ddns exit internet ip ipf csm ddos urlf log portmaptime quit srv sys show mngt wan adsl wol vigbrg tsmail > show % Valid subcommands are: lan1 lan2 dhcp dmz dns openport nat session status adsl > show lan1 %% 1st subnet settings: %% IP address: 192.168.0.1 %% Subnet mask: 255.255.0.0 %% RIP : [Disable]Your modem telnet interface will be different (if it exists!).
Steve
-
O.K., my PfSense router is at the address 192.168.0.100 I added the Viking card interface as "static" with an address of 192.168.0.102 I enabled the interface and created a gateway with the address of the Viking card (192.168.1.1). What happens is that when I attempt to save the gateway I get the message "one moment please . . ." and the arrow in the circle just sits and spins forever–it never completes. P.S., should I click "default gateway?"--it does not seem to make a difference anyway, the arrow just spins ad nauseum.
-
The Viking card interface must be in the same subnet as the router part of the Viking card.
I thought you said you had set it to 192.168.0.1?
It doesn't matter as long as it's in a different subnet to the pfSense LAN interface.So if the Viking modem/router is at 192.168.1.1 the you could set the viking interface as 192.168.1.10 and have the pfSense LAN as 192.168.0.100.
Don't set it as the default gateway. Only traffic to the modem webgui will use it.
Steve
