Revised New Build
-
Steve:
Every time I try to add the NAT rule (per your option 1) using as you suggested,
The NAT rule for option 1 should be:
Interface: your new interface
Source: network 192.168.1.1/24
Destination: network 192.168.0.1/24
Translation: Interface addresswhat happens is the rule automatically defaults to:
Source: network 192.168.1.0/24
Destination: network 192.168.0.0/24Also, "interface" does not give an option to enter the IP address I created when I generated my (modem card) interface.
I am using the latest version of the PfSense embedded software.
Could you elaborate on how you did your option 4 please?
-
Also, "interface" does not give an option to enter the IP address I created when I generated my (modem card) interface.
Hmm, that would be a problem. Is the new interface enabled and 'up'?
The networks defaulting to .0 instead of .1 is not a problem.On my modem, a Draytek V120, I have changed the LAN IP to 192.168.0.1/16. It has the option of entering the LAN subnet via it's webgui so I set it to 255.255.0.0
Now it has a route to other IPs within that /16 so it can send return packets.This trick is a bit nasty and I know it doesn't work with all routers/modems. I have a router here I use as a wifi AP and that still can't return packets.
Steve
-
I have to get to my modem first before I can change its settings.
:D
Perhaps you can elaborate upon option 2?
I read in another forum that one has to disable PPPoE in order to talk to the modem card.
-
Ok, option 2.
pfSense automatically NATs the connection between WAN and LAN in it's default configuration. In fact it will automatically NAT between any internal interface and any interface that has a gateway, which it then treats as a WAN type.
So you can get pfSense to NAT between your LAN and the new interface you created by simply adding a gateway to it.1. Make sure you have NAT set to automatic in Firewall: NAT: Outbound:
2. Add a gateway to your new interface. Goto Interfaces: Yournewinterface: Gateway: 'add a new one'. Set the gateway to the IP address of your modem.In order to setup my modem as it is shown I had to unplug it and connect to it directly with a laptop manually configured to be in the same subnet. I believe you can do something similar with the Viking by using the extra port on the back and moving some jumpers?
It may be that it disabled the web GUI when set to PPPoE bridge mode, but it seems unlikely as you'd then have no access to it. Do you have a link to that post?You can test to see if the modem is responding to anything by pinging it from the pfSense box directly. This will also check that your new interface is configured correctly. You can do this without any other trickery because the two devices are already in the same subnet. Taking this a step further you may be able to telnet to your modem from pfsense and reconfigure it that way. Here's me doing that:
[2.0.1-RELEASE][root@pfsense.fire.box]/root(1): ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.536 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.290 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.286 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.285 ms ^C --- 192.168.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.285/0.349/0.536/0.108 ms [2.0.1-RELEASE][root@pfsense.fire.box]/root(2): telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. Password: ***** Type ? for command help > ? % Valid commands are: upnp ddns exit internet ip ipf csm ddos urlf log portmaptime quit srv sys show mngt wan adsl wol vigbrg tsmail > show? % Command missing, Valid commands are: upnp ddns exit internet ip ipf csm ddos urlf log portmaptime quit srv sys show mngt wan adsl wol vigbrg tsmail > show % Valid subcommands are: lan1 lan2 dhcp dmz dns openport nat session status adsl > show lan1 %% 1st subnet settings: %% IP address: 192.168.0.1 %% Subnet mask: 255.255.0.0 %% RIP : [Disable]Your modem telnet interface will be different (if it exists!).
Steve
-
O.K., my PfSense router is at the address 192.168.0.100 I added the Viking card interface as "static" with an address of 192.168.0.102 I enabled the interface and created a gateway with the address of the Viking card (192.168.1.1). What happens is that when I attempt to save the gateway I get the message "one moment please . . ." and the arrow in the circle just sits and spins forever–it never completes. P.S., should I click "default gateway?"--it does not seem to make a difference anyway, the arrow just spins ad nauseum.
-
The Viking card interface must be in the same subnet as the router part of the Viking card.
I thought you said you had set it to 192.168.0.1?
It doesn't matter as long as it's in a different subnet to the pfSense LAN interface.So if the Viking modem/router is at 192.168.1.1 the you could set the viking interface as 192.168.1.10 and have the pfSense LAN as 192.168.0.100.
Don't set it as the default gateway. Only traffic to the modem webgui will use it.
Steve
-
My Viking card is in bridge mode and is still at the default 192.168.1.1 address. I tried your latest suggestion, but the "one moment please . . ."
arrow just keeps spinning when I click save, sort of like Ezekiel and the Wheel. -
I just did another hour of experimenting. The only way that I can access my Viking modem is via telnet, and the only way I can telnet to it is if I disable its PPPoE WAN interface in PfSense.
-
Ah well it may be that the Viking card doesn't provide a web gui in bridge mode.
Where are you telneting from? Can you ping it?
Are you seeing anything in the firewall logs? You shouldn't be but worth checking.Steve
-
I have to telnet the Viking card in my PfSense box (via IPMI from one of my networked computers). I dropped an e-mail to the manufacturer's tech support group about the matter to see if there is a telnet command that activates an access override on the web interface.
-
If it is responding to telnet then you should be able to telnet to it from a LAN machine if you have NAT setup correctly.
Steve
-
But I can only telnet to it when the WAN port is deactivated. :(
-
Well like I said not all modems offer a webgui in bridge mode. :(
I'm surprised though. Can you ping it?Steve
-
I can ping the card, but, again, only when the WAN port is deactivated. I'm still waiting to hear from the manufacturer as I know there are more telnet commands of which I am not aware.
-
Steve:
I finally figured out how to access the Viking card through pfSense–see the new thread I created earlier today under the "Firewall" forum.
