Accessing modem from inside firewall pfsense 2.1 and 2.1.1 not work
-
hi all
i have speedtoutch modem pppoa to pptp relay
i have pptp wan connection from pfsense
i read this article
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
and it works fine with 2.03 … i can access my modem
after i upgrade to 2.1 it does not work any more and i can not access my modem
i try 2.1.1 but does not work also
how to make this work with 2.1.1 -
Well I can access my modem just fine on 2.1.1
So how about some details and we can work through what your doing wrong.
2.1.1-PRERELEASE (i386)
built on Thu Feb 13 13:59:46 EST 2014
FreeBSD 8.3-RELEASE-p14Its not rocket science here, you just need to let your modem think your on the same network or have routes to and from it, etc. And depending on what interface your type of internet connection is on. Is it PPPoE interface? Can you post your ifconfig and we can work out what interface on pfsense is physically connected to your modem.
-
[2.1.1-PRERELEASE][root@skysat.localdomain]/root(3): ifconfig
vmx3f0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 00:0c:29:29:81:76
inet 172.168.14.1 netmask 0xffffff00 broadcast 172.168.14.255
inet6 fe80::20c:29ff:fe29:8176%vmx3f0 prefixlen 64 scopeid 0x1
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:9e
inet 11.11.11.200 netmask 0xffffff00 broadcast 11.11.11.255
inet6 fe80::20c:29ff:fe29:819e%vmx3f1 prefixlen 64 scopeid 0x2
inet 11.11.11.66 netmask 0xffffff00 broadcast 11.11.11.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:c6
inet 13.13.13.200 netmask 0xffffff00 broadcast 13.13.13.255
inet6 fe80::20c:29ff:fe29:81c6%vmx3f2 prefixlen 64 scopeid 0x3
inet 12.12.12.66 netmask 0xffffff00 broadcast 12.12.12.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 00:0c:29:29:81:80
inet 13.13.13.66 netmask 0xffffff00 broadcast 13.13.13.255
inet6 fe80::20c:29ff:fe29:8180%vmx3f3 prefixlen 64 scopeid 0x4
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:a8
inet 14.14.14.200 netmask 0xffffff00 broadcast 14.14.14.255
inet6 fe80::20c:29ff:fe29:81a8%vmx3f4 prefixlen 64 scopeid 0x5
inet 14.14.14.66 netmask 0xffffff00 broadcast 14.14.14.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f5: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:8a
inet 15.15.15.200 netmask 0xffffff00 broadcast 15.15.15.255
inet6 fe80::20c:29ff:fe29:818a%vmx3f5 prefixlen 64 scopeid 0x6
inet 15.15.15.66 netmask 0xffffff00 broadcast 15.15.15.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f6: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:b2
inet 16.16.16.200 netmask 0xffffff00 broadcast 16.16.16.255
inet6 fe80::20c:29ff:fe29:81b2%vmx3f6 prefixlen 64 scopeid 0x7
inet 16.16.16.66 netmask 0xffffff00 broadcast 16.16.16.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f7: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:0c:29:29:81:94
inet 17.17.17.200 netmask 0xffffff00 broadcast 17.17.17.255
inet6 fe80::20c:29ff:fe29:8194%vmx3f7 prefixlen 64 scopeid 0x8
inet 17.17.17.66 netmask 0xffffff00 broadcast 17.17.17.255
nd6 options=1 <performnud>media: Ethernet 10Gbase-T
status: active
vmx3f8: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 00:0c:29:29:81:bc
media: Ethernet 10Gbase-T
status: active
plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc
nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33144
enc0: flags=0<> metric 0 mtu 1536
pptp0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp0 prefixlen 64 scopeid 0xf
inet ######## –> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>pptp2: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp2 prefixlen 64 scopeid 0x10
inet ######## --> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>pptp3: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp3 prefixlen 64 scopeid 0x11
inet ######## --> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>pptp4: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp4 prefixlen 64 scopeid 0x12
inet ######## --> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>pptp5: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp5 prefixlen 64 scopeid 0x13
inet ######## --> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>tun2: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000 <linkstate>tun3: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000 <linkstate>tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000 <linkstate>pptp6: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1454
inet6 fe80::20c:29ff:fe29:8176%pptp6 prefixlen 64 scopeid 0x15
inet ######## --> ######## netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>tun4: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000 <linkstate>tun5: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000 <linkstate>tun6: flags=8010 <pointopoint,multicast>metric 0 mtu 1532
options=80000<linkstate></linkstate></pointopoint,multicast></linkstate></pointopoint,multicast></linkstate></pointopoint,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></linkstate></pointopoint,multicast></linkstate></pointopoint,multicast></linkstate></pointopoint,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></broadcast,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></up,broadcast,running,simplex,multicast> -
So did you change these??
16.16.16.200
Or are you pulling public IP space out your ass and using it? So is this the interface (this is clearly vm you should of mentioned that as well) connected to your "modem"?
vmx3f0
172.168.14.1172.128.0.0 - 172.191.255.255
OrgName: America OnlineReally? What is the IP of your modem you want to talk too? I would assume its physically connect to the vmx3f0 interface?? You need to create an outbound nat that nats your source to your interface you have an IP connected to on your so called "modem" network. This is clearly spelled out.. So what interface is on the modems network?
I find it hard to believe that you would change out rfc1918 address in the list to stuff like 15.15.15 so I am thinking you are using those?? BAD BAD BAD!!! habit to get into and ever do.. There is plenty of rfc1918 space to use.. Use that for your private networks.
-
Outbound
-
assign
-
this is my config
-
you have 7 modems? dude draw this network and tell me what is the IP address of your modem(s) you want to access..
11.11.11.200 what??? who setup those networks? your gateway is 11.11.11.138 on this wan connection? You have 7 modems that are WAN connections?
Please draw out this network and what your trying to accomplish with 8 wan connections??
-
you have 7 modems? dude draw this network and tell me what is the IP address of your modem(s) you want to access..
11.11.11.200 what??? who setup those networks? your gateway is 11.11.11.138 on this wan connection? You have 7 modems that are WAN connections?
Please draw out this network and what your trying to accomplish with 8 wan connections??
the modem ips are 11.11.11.138 and 12.12.12.138 , …..., till 17.17.17.138 7 routers
all routers "speed touch" bridge mode pppoa to pptp relay
i connect to isp from pfsense pptp clients
i read this topic
_–-----------------------------------------------
Configure a new InterfaceOn 2.0, a PPPoE WAN is actually assigned to a virtual PPPoE adapter, not the physical port. So the tricks above are not needed and the NAT portion will not work at all.
If you already added the IP alias, remove it. If you added the IP alias via the shellcmd trick above, remove it also.
Instead, under Interfaces > (assign), create a new OPT interface, and assign it to the physical network card that is on WAN. For example, if your WAN on the assignment page is "PPPOE0(fxp0)", choose fxp0, and Save your changes.
Go to Interfaces > (your new OPT interface), and enable the interface. Give it an IP address in the same subnet as your modem, such as 192.168.1.5/24 (For example, the same IP address suggested in for the alias in the previous instructions). Do not set a gateway. If you like, you can rename the interface to something like ModemAccess.
Add an Outbound NAT rule as described above but do NOT choose the WAN interface, choose your new OPT interface.
You should then be able to access the modem from LAN.
-----------------------------_
i configyre pfsense 2.0.3 like that example >>> it works and i can access all my modems
after upgrading to 2.1.1 i cannot access modems
i trying i-386 and amd64 all not working with that configuration
how to access speed touch routers in 2.1.1
thank you for your help -
What the hell is this "11.11.11.138 and 12.12.12.138 , …..., till 17.17.17.138"? You just invented those IPs? Absolutely broken, no wonder it won't work. You do NOT hijack public routable IPs for your local junk!
-
What the hell is this "11.11.11.138 and 12.12.12.138 , …..., till 17.17.17.138"? You just invented those IPs? Absolutely broken, no wonder it won't work. You do NOT hijack public routable IPs for your local junk!
it is very simple .. 11.11.11.138 is a modem in bridge mode … @ pfsense ppp i make a pptp client with isp user and pass just like pppoe ... The question is how to ping this modem ip 11.11.11.138 from pfsense lan .... That is all
-
Dude. 11.11.11.138 belongs to Department of Defense.
NetRange: 11.0.0.0 - 11.255.255.255 CIDR: 11.0.0.0/8 OriginAS: NetName: DODIIS NetHandle: NET-11-0-0-0-1 Parent: NetType: Direct Allocation RegDate: 1984-01-19 Updated: 2007-08-22 Ref: http://whois.arin.net/rest/net/NET-11-0-0-0-1Are you sitting at DoD information center? God Save The Queen if so. ;D ::) The other IPs belong to Xerox, some Japanese co., etc. etc. etc.
There are 10/8, 172.16/12 and 192.168/16 ranges (RFC1918) for this purpose. Go get a clue.
-
Dude. 11.11.11.138 belongs to Department of Defense.
NetRange: 11.0.0.0 - 11.255.255.255 CIDR: 11.0.0.0/8 OriginAS: NetName: DODIIS NetHandle: NET-11-0-0-0-1 Parent: NetType: Direct Allocation RegDate: 1984-01-19 Updated: 2007-08-22 Ref: http://whois.arin.net/rest/net/NET-11-0-0-0-1Are you sitting at DoD information center? God Save The Queen if so. ;D ::) The other IPs belong to Xerox, some Japanese co., etc. etc. etc.
There are 10/8, 172.16/12 and 192.168/16 ranges (RFC1918) for this purpose. Go get a clue.
thank you for this information >>>
i changed all modems ips to 192.168.201.138 , 192.168.202.138 till 192.168.206.138
and lan interface to 172.16.14.1
no one answer me till now how to access modem " 192.168.201.138" from pfsense lan
any answer -
And did you create outbound nat to use that interface to get to 192.168.201.138? You mention you put the modems in "bridge" mode – then why do you even need to access them? You should set your interface connected to that modem to dhcp and get a public IP..
So this VM you have -- has 7 physical nics connected each one of these VM interfaces in pfsense to your modems? Are you trying to do this over vlans?
What are these modem devices? Can you post a model number please - and again draw out this network on how this stuff is connected. The documentation already goes over how to connect to your modem - which is about PPPoE connections btw, not PPTP? Which to me makes no sense if they are in bridge mode why you are coming up with static IPs on your interfaces..
I would love to help you but this seems like one big giant mess to me.. I have to think its just basic concepts your not getting if you put public IP space like that for your "modems" ???
-
And did you create outbound nat to use that interface to get to 192.168.201.138? You mention you put the modems in "bridge" mode – then why do you even need to access them? You should set your interface connected to that modem to dhcp and get a public IP..
So this VM you have -- has 7 physical nics connected each one of these VM interfaces in pfsense to your modems? Are you trying to do this over vlans?
What are these modem devices? Can you post a model number please - and again draw out this network on how this stuff is connected. The documentation already goes over how to connect to your modem - which is about PPPoE connections btw, not PPTP? Which to me makes no sense if they are in bridge mode why you are coming up with static IPs on your interfaces..
I would love to help you but this seems like one big giant mess to me.. I have to think its just basic concepts your not getting if you put public IP space like that for your "modems" ???
yes i create outbound nat to use interface to get to 192.168.201.138 without success >> when using 2.0.3 i can access it but i want 2.1.1 because pptp connect automatic without needing manual connect as 2.0.3
why do you even need to access them?
in order to look at Data Rate some times it down to 4Mbps and i have to call internet company to increase it again to 10MbpsSo this VM you have – has 7 physical nics connected each one of these VM interfaces in pfsense to your modems? Are you trying to do this over vlans?
no i have one nic , physical switch, esxi vm switch and all connected without vlans
What are these modem devices? Can you post a model number please - and again draw out this network on how this stuff is connected. The documentation already goes over how to connect to your modem - which is about PPPoE connections btw, not PPTP? Which to me makes no sense if they are in bridge mode why you are coming up with static IPs on your interfaces..
modem speedtouch 585 v6 thomson
pptp is just like pppoe and when i create my configuration as The documentation it works with 2.0.3 the problem with 2.1.1
-
I'm having what seems to be the same issue.
In my case I have multiple routers with OpenWRT, DD-WRT and stock Linksys firmware, and several OPTx ethernet interfaces.
I can ping them from: Diagnostics -> Ping.
My build:
2.1-RELEASE (i386)
built on Wed Sep 11 18:16:22 EDT 2013FreeBSD 8.3-RELEASE-p11
I've tried manual outbound NAT, plugged them into OPTx interfaces, allowed RFC 1918 networks.
I use my gateway router to connect to a Windows Mobile phone via MicroSoft's crappy RNDIS protocol. It frequently disconnects, so being able to hit the graphical "connect" button is essential.
I'm on 192.168.x.x internal IPs, nothing owned by the U.S. D.O.D.so it's not a scenario out of the 1983 movie, Wargames:
Joshua: Shall we play a game?
David Lightman: Oh!
Jennifer: [giggles] I think it missed him.
David Lightman: Yeah. Weird isn't it?
Jennifer: Yeah.
David Lightman: [typing] Love to. How about Global Thermonuclear War?
Joshua: Wouldn't you prefer a nice game of chess?
[Jennifer laughs]
David Lightman: [typing] Later. Let's play Global Thermonuclear War.
Joshua: Fine.
http://www.imdb.com/title/tt0086567/quotes?item=qt0453835 -
Elludium
I've tried manual outbound NAT, plugged them into OPTx interfaces, allowed RFC 1918 networks
did you success ?
if you success … can you post your outbound nat config with photo if u can
-
What we got here is… failure to communicate.
First, there may be a bit of a language issue. It seems ahmedfac may have English as a Second Language. Then there is the language of pfSense…
I suspect that Ahmed didn't want to release the IP addresses, as they are masked/painted over on the screen shots. SOME information should not be shared, like the XML file which contains unencrypted, plaintext passwords, etcetera, but some info is useful to those trying to help.
Obviously the pfSense box is not allowing communication with the webGUIs of the router/modems in question.
I an NOT the one to ask, Ahmed. I am here with the same issue. I assume johnpoz & doktornotor are more informed, and seem to have offered help. I joined this thread, as it's generally good forum etiquitte to not clog boards with multiple threads for the same issue.
I've looked Here: Use an existing wireless router with pfSense, AND here: Accessing modem from inside firewall, but haven't able to get it done.
Let's not forget that not all of us know BSD commands, the pfSense interface. Not all are 1337 firewall admins. I'm coming over from Ubuntu Linux. In order for me to dump my linux desktop, in my situation, I need to get my pfSense box fully working for me, with either a FreeNAS or a NAS4Free box on an OPTx interface. It might help to clarify what info is requested, and how it's obtained.
For example you can go to:
Diagnostics -> Command Prompt,
or, assuming default pfSense WebGUI IP,
http://192.168.1.1/exec.php
and issue
netstat -rOf course the GUI gives that info:
Diagnostics -> Routes
- OR -
http://192.168.1.1/diag_routes.php
Myself, I woudn't have included screenshots, unless what I posted was seriously in doubt.
No, Ahmed, I do NOT have the answer. I would have offered it up, if I had something.
-
sorry Elludium
it is my bad english language
thank you for replay
i think it is easy to access modem but it look hard as i can not get answer here
i still waiting for answer -
Well, as the others mentioned, your configuration is very "busy". Or, as johnpoz wrote:
@johnpoz:…this seems like one big giant mess to me.
For my present configuration, I have no problem doing:
Diagnostics -> Factory Defaults
- OR -
http://192.168.1.1/diag_defaults.php
Which brings up:
Diagnostics: Factory defaults help
- If you click "Yes", the firewall will:
Reset to factory defaults
LAN IP address will be reset to 192.168.1.1
System will be configured as a DHCP server on the default LAN interface
Reboot after changes are installed
WAN interface will be set to obtain an address automatically from a DHCP server
webConfigurator admin username will be reset to 'admin'
webConfigurator admin password will be reset to 'pfsense' - Are you sure you want to proceed?
That is, if I thought it would help.
The others may be busy themselves, as it's the middle of the work day in North America and many are just winding down from work, in Western Europe.
I have a question. Did you put public IP addresses on your router's LAN and the pfSense WAN and OPT WAN interfaces, so that you would be able to log onto the routers' GUI interfaces, just as a public website?
- If you click "Yes", the firewall will:
