PfSense blocking password access to my modem?

stephenw10

@eiger3970:

When I plug the modem out of pfSense and into the computer, the computer (now in static IP mode) cannot ping or browse to 192.168.0.50.

What IP/subnet is the client machine using when statically configure as above? If its still the same as behind pfSense then it's in a different subnet so it won't be able to connect to the modem.

Is the modem in bridge mode? Is the pfSense WAN receiving a public IP or using one in the 192.168.0.X subnet?
If it's public then you should have another interface (on the same NIC) to connect to the modem.

None of that really explains why you are able to connect but not login to the modem.  :-\ Perhaps it is redirecting you to an https page and trying to open a new connection. Check the firewall logs for blocked traffic coming from the modem IP.

Steve

doktornotor

@eiger3970:

pfSense is on subnet 255.255.255.0 with IP address 192.168.1.155 and
the modem is on subnet 255.255.0.0 with IP address 192.168.0.50.

Whut?

192.168.1.155/24 is a part of 192.168.0.0/16

stephenw10

Indeed.
I use this little trick to access the DSL modem my WAN uses here at home.
The modem has very little by way of networking options especially when it's in bridge mode. There is no way to add a downstream gateway to its LAN interface. I the WAN interface running PPPoE and the same NIC running as a local subnet in order to access the modem. In order to leave outbound NAT as auto and not add any superflouos gateways in pfSense I set the subnet mask of the modem LAN to /16. That includes all my local subnets on various interfaces. Doing that gives the modem a route back so it can reply to connections to its webgui.
It's a bit of a horrible hack but works fine. I assume that's what the OP is doing but we'll find out.

Steve

eiger3970

The local machine is on IP 192.168.1.102.
The local machine's subnet is 255.255.255.0.

pfSense machine is on LAN IP 192.168.1.155 on NIC 2 of 2.
pfSense machine's subnet is 255.255.255.0.

The modem doesn't have bridge mode. I forward all packets to 192.168.0.2 which is pfSense's WAN IP on NIC 1 of 2.
pfSense WAN is not receiving a public IP.
Yes, pfSense WAN is set to 192.168.0.2, to received the modem 192.168.0.50 on the subnet 255.255.0.0.
pfSense has 2 NICs for WAN 192.168.0.2 and LAN 192.168.1.155.

stephenw10

In that case Doktornotor is right. The pfSense WAN subnet mask should be /24 (255.255.255.0).

Steve

eiger3970

Thank you for the reply.

I'm not sure how to change pfSense's WAN IP to Subnet 255.255.255.0 as pfSense's WAN IP is DHCP and receives the WAN IP 192.168.0.2 from the modem.

I checked the settings in pfSense > Interfaces > WAN > DHCP Client Configuration > Alias IPv4 address: 192.168.0.2/24.

Is there another configuration that could fix this issue?

doktornotor

So why don't you move your LAN to something from the 10/8 or 172.16/12 range? Your LAN machines are effectively on the modem's WAN IP range, nothing good can come out of this and frankly whether you can or cannot logon to the modem would be the least of my concerns here.  :o

Note #1: Do NOT use /8 or /12, create a normal /24 subnet.
Note #2: I'd honestly get rid of the garbage modem, this is insane.

cmb

@doktornotor:

So why don't you move your LAN to something from the 10/8 or 172.16/12 range? Your LAN machines are effectively on the modem's WAN IP range, nothing good can come out of this and frankly whether you can or cannot logon to the modem would be the least of my concerns here.  :o

Note #1: Do NOT use /8 or /12, create a normal /24 subnet.
Note #2: I'd honestly get rid of the garbage modem, this is insane.

This.

Addressing the original "stopping me logging into my modem's password", that's impossible, either you can reach it our you can't. Or in the case of this messed up network, maybe intermittently either way. Fix the subnets and your problem likely goes away.

eiger3970

Well spent a bit of time with some help, on this issue and it seems the modem may need a replacement, so waiting for this Friday for a technician to come out.

Fully reinstalled pfSense and tested on multiple computers and the modem seems to be the issue.
The weird thing is that now, nothing can get onto the Internet when connected via pfSense, but can get onto the Internet when directly connected to the modem.

With pfSense connected, computers can ping others on the network, can ping pfSense, can ping the modem, but can't ping the Internet.

I hope a new cable modem will fix this.

doktornotor

Your computers are assigned IPs that are on WAN. Until you have fixed that completely invalid configuration, there is no point in messing with cables, modems or anything else.

stephenw10

@eiger3970:

With pfSense connected, computers can ping others on the network, can ping pfSense, can ping the modem, but can't ping the Internet.

A common cause of that is adding a gateway to the LAN interface. You should have only one system gateway and it should be on WAN and set as default. Check in System: Routing Gateways:

Steve