Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access modem on wan from lan on pfsense 2.2 rc

    Scheduled Pinned Locked Moved Firewalling
    39 Posts 5 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Online
      johnpoz LAYER 8 Global Moderator
      last edited by

      Yeah that setup makes no sense..  If you want to leave your AP connected, I would put it on its own segment so you can firewall your wifi from the rest of the network.  Your sending all your broadcast/multicast traffic out your wifi for no point.  And you have no security between wifi and your wired unless your wanting to to be transparent?

      If you want it on the same broadcast domain then just plug it into the switch.

      As to the deca, again pointless to bridge it to your lan.  Why not put that on its own segment as well if you want to have better setup and you have the interfaces..  It is only 100mbps connection as well - what does it talk to on your network?  If it does talk to stuff on your network then just connect it to your switch.

      You could use a bridge if you wanted to have a transparent firewall between devices on each side of the bridge..  But in your setup I would break put those on their own segments wireless and wired.  As to the deca, not sure what use there is of putting that on same segment as your lan or wifi - from my understand it only uses that ethernet connection for internet.

      "With DECA coax networking, the DVRs only use your home network for internet access"

      So that really should just be on its own segment, bridging it to your network would only slow down your other networks.

      So you could still leverage your nics on your pfsense, but just segment your 3 networks..  So you would have LAN network, say 10.0.0/24 and your modem networks (10.0.1,2/24) and then your deca could be 10.0.4/24 and your wifi could be 10.0.5/24 – this gives you easy to mange filewall controls and 3 different broadcast domains to keep the broadcast and multicast noise off those other networks.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      1 Reply Last reply Reply Quote 0
      • D Offline
        DemonfangArun
        last edited by

        reason it's all the same is because any device on any of the three networks has to be able to talk to any device on any other network (for instance remote monitoring of applications on wifi devices from a wired desktop. i'm not sure exactly what all the deca bridge does, supposedly it's supposed to allow devices on the network to stream from it, but i've not had much luck with that (also not had the best of luck keeping the receiver from locking up, and that's after updating it). i'll probably stuff everything on the switch once i build a smaller computer that will sit where the ap is now and get some shorter cords so it's less of a mess.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          "reason it's all the same is because any device on any of the three networks has to be able to talk to any device on any other network"

          Then they should all be connected to switch, your bridge is not buying you anything but slower connectivity.  My wifi devices can talk to my wired devices - but I have them on 2 segments because my wifi devices sure an the hell don't need to see my wired networks broadcast or multicast traffic.

          Everything I read about the deca stuff is your whole home dvr stuff is on the coax network..  The ethernet is just for internet..  What equipment do you have, I am directv user for example - both of my dvrs are on network just from from connection on the back of them.  To stream recorded shows to your mobile I do believe you need genie to go..  I don't have genie yet - but I can watch recorded shows from my dvrs on my PC and they are not on the same network segment, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • D Offline
            DemonfangArun
            last edited by

            yeah, i have the genie, got it as a free upgrade for "moving" after a house fire late last year, eventhough new house is on the same plot of land, just a different area, but i'm not gonna argue with that logic if it means i get free premium stuff.

            1 Reply Last reply Reply Quote 0
            • J Offline
              jmven
              last edited by

              Same here, anybody had any success accesing modem gui?

              1 Reply Last reply Reply Quote 0
              • D Offline
                doktornotor Banned
                last edited by

                @jmven:

                Same here, anybody had any success accesing modem gui?

                Works just fine here - see below (modem on 192.168.255.1)

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jmven
                  last edited by

                  My modem is on bridge mode, im not using ppoe, can i use this adding 2nd interface method?

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    doktornotor Banned
                    last edited by

                    My modem is on bridge mode as well… Not sure how's PPPoE related here. This is using a dedicated NIC on pfS with cable plugged to modem's LAN port. This will work as long as your modem has some LAN IP address outside your normal LAN subnet defined on pfSense. If it has none, well then there's nothing to access.

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      jmven
                      last edited by

                      Ok yes now i got the idea, yes with one extra nic physically connected to the modem, fixed ip on the modem's subnet you can access it

                      But i was thinking on the original idea of one virtual ip and the outbound nat rule involving this virtual ip you dont need the extra nic. In fact i had this configuration in 2.0 and it was working ok, but now i cannot get it to work again. Thanks doktornotor

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        doktornotor Banned
                        last edited by

                        Are you referring to this? https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

                        I don't think that howto is intended for bridged modem setup at all (the NAT just makes no sense for this setup.) As for extra NIC, well… not really needed if using PPPoE, you could recycle WAN for that - but, first of all, that sounds like a hack to me, plus - this NIC is onboard POS unused for anything since it sucks badly.

                        1 Reply Last reply Reply Quote 0
                        • G Offline
                          gbpfsense
                          last edited by gbpfsense

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.