Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cablem Modem Access - Behind Pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    32 Posts 11 Posters 27.7k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      ghkrauss
      last edited by

      I need to be able to access the cable modem log access interface at IP 192.168.100.1 from behind the pfsense firewall. What is the best way and the firewall configuration to accomplish this. Thanks for any thoughts.

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        What model of cable modem do you have?

        All my cable connections work just fine from default.

        http://192.168.100.1

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • G Offline
          ghkrauss
          last edited by

          It is a Netgear CM500. I have TCP access no loss but can not seem to open the web interface. Does not resolve the address.

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            you might need to add a virtual ip on wan ( 192.168.100.2 )

            1 Reply Last reply Reply Quote 0
            • G Offline
              ghkrauss
              last edited by

              Thanks for the suggestion. I tried the virtual IP on the wan but stilll not access.

              1 Reply Last reply Reply Quote 0
              • jahonixJ Offline
                jahonix
                last edited by

                https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN
                if it is PPPoE you're using.

                1 Reply Last reply Reply Quote 0
                • G Offline
                  ghkrauss
                  last edited by

                  Chris:

                  It is not PPPoE.I have check the cable modem out directly and the administrative pages can be accessed via IP 192.168.100.1 but I can seem to get the correct configuration for the Pfsense firewall to allow access from a LAN client.

                  Howard

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    you really shouldn't have to do anything here.  I access my cable modem on 192.168.100.1 without doing anything in pfsense at all.  It gets a public IP 24.13.x.x and I have no issues accessing my cable modem interface..  Works out of the box.

                    While it shouldn't matter the only rule I have disabled is the block rfc1918 and bogon on the wan because I see no point to them, they do nothing in the real world since networks they block don't route on the internet anyway.  And I have my port forwards open to the planet so what is the point in having a rule to block something that doesn't even route ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • chpalmerC Offline
                      chpalmer
                      last edited by

                      What is your LAN subnet and what do your LAN firewall rules look like?  Screenshots would be wonderful.

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • chpalmerC Offline
                        chpalmer
                        last edited by

                        My guess is one of these issues-

                        Your LAN is 192.168.100.0/x

                        You have built LAN rules that block your LAN from accessing 192.168.100.1 (maybe without realizing it..)

                        This modem is rented and your ISP has turned off the the GUI (which you have already disproved)

                        If 192.168.100.1 is outside your LAN subnet you will have no problem reaching it by default. If it is inside your LAN subnet it will be unreachable as your client machines wont even pass the request to your pfSense box but instead try and find it locally.

                        Triggering snowflakes one by one..
                        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                        1 Reply Last reply Reply Quote 0
                        • G Offline
                          ghkrauss
                          last edited by

                          Here are screen shots of the current firewall rules. The cable modem is my own hardware. The GUI for the cable mode is operational if I make a direct connection with a notebook computer (no firewall).

                          Capture1.PNG
                          Capture1.PNG_thumb
                          Capture2.PNG
                          Capture2.PNG_thumb

                          1 Reply Last reply Reply Quote 0
                          • jahonixJ Offline
                            jahonix
                            last edited by

                            You block RFC1918 networks on WAN. 192.168.x.y is one of those private RFC1918 networks.
                            At  Interfaces | WAN  you should uncheck "Block private networks".

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              cmb
                              last edited by

                              @jahonix:

                              You block RFC1918 networks on WAN. 192.168.x.y is one of those private RFC1918 networks.
                              At  Interfaces | WAN  you should uncheck "Block private networks".

                              That's only for ingress traffic. Reaching the modem is egress. Don't change that, it's fine as-is.

                              1 Reply Last reply Reply Quote 0
                              • jahonixJ Offline
                                jahonix
                                last edited by

                                Sure and I would think so too.
                                I have a VDSL modem in router mode (…don't ask) with an RFC1918 IP on WAN of my pfSense and I had to explicitly uncheck this to get modem access working.
                                Don't know why this solved it this way but I had to get VoIP working first and didn't care about it later.

                                1 Reply Last reply Reply Quote 0
                                • M Offline
                                  macboy6
                                  last edited by

                                  I can access my cable modem IP of 192.168.100.1 with 0 changes to pfsense config.  It just works.

                                  Make sure you have a firewall rule on your LAN interface that allows you to reach any destination IP address.  If you are restricting access from LAN interface to RFC1918 addresses, then you will have to have a rule above it that allows you to reach destination 192.168.100.1.

                                  No reason why this shouldn't work.

                                  1 Reply Last reply Reply Quote 0
                                  • chpalmerC Offline
                                    chpalmer
                                    last edited by

                                    @chpalmer:

                                    What is your LAN subnet  ?

                                    Please!  ;)

                                    Here are screen shots of the current firewall rules. The cable modem is my own hardware. The GUI for the cable mode is operational if I make a direct connection with a notebook computer (no firewall).

                                    Can you also post what your firewall logs say when you try to connect?  Is there anything there that would indicate a block?  (my guess is you will see nothing there.)

                                    Try from your desktop-  c:/>ping 192.168.100.1

                                    Try from your pfsense box..  /diagnostic/ping  192.168.100.1

                                    Triggering snowflakes one by one..
                                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                    1 Reply Last reply Reply Quote 0
                                    • G Offline
                                      ghkrauss
                                      last edited by

                                      Thanks  for all the help in trying to understand the issue. I checked the firewall log after multiple attempts to access 192.168.100.1 (no entry). I noticed that the browser (firefox) shows https://192.168.100.1. Interesting it is https. The ip traffic passes through the firewall via the ping process. I have attached a screen capture. Could the issue be some sort of dns problem? The LAN subnet is 192.168.1.0, 255.255.255.0

                                      Capture3.PNG
                                      Capture3.PNG_thumb
                                      ![Capture 4.PNG](/public/imported_attachments/1/Capture 4.PNG)
                                      ![Capture 4.PNG_thumb](/public/imported_attachments/1/Capture 4.PNG_thumb)

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Online
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        so clearly you can ping it.. So are you running a proxy.. That could cause you issues, or captive portal?

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                        1 Reply Last reply Reply Quote 0
                                        • G Offline
                                          ghkrauss
                                          last edited by

                                          No proxy running on the firewall or elsewhere. The web browsers on the workstation are direct connect ie. no proxy. I am trying to examine everything to figure out what's in the world is causing the issue. Thanks for your suggestions. I am just going to continue until the source is discovered!

                                          Best,

                                          Howard

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ Online
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            what I would do is sniff on your wan.. You see the request going out to 192.168.100.1 - what do you get back if anything?  Makes no sense that if you can ping it, and its has a gui that is there that you would not be able to access it.

                                            You don't have any floating rules do you?  Some people that have really tight tinfoil hats like to lock down on outbound anything to rfc1918.. There been some threads about it, Its also a way to make sure you don't leak noise packets.  So it can be a good thing… I tried it for a while, but when I got no hits on it ever.  I wasn't leaking rfc1918 out to the internet I saw no use of it - and yeah it prevented me from talking to my modem.

                                            See attached, where the rfc1918 float rule is disabled.  But I do still have my anti noise netbios rule.  Window machines has a nasty habit of doing a directed query to even public IPs via netbios..  Just no reason to let that out just trying to be a good netizen and keep my network from adding to the noise of the internet.

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.