How to configure pfSense using a Hitron router?
-
@w0w:
Hmm… May be your ISP assigns static IP by MAC address of your
modemHitron and you need to do a spoof of MAC… I am not sure.No, VB (Virgin Business in case you hadn't figured that yet) have a stupid section in the Hitron where you have to set up a tunnel to connect to the STATIC IP. Unlike other providers who assign a static IP direct to the router, VB assign a Dynamic and then you're required to log in to this tunnel in order to get the static.
Anyway, I think I have good news. Having tinkered with NAT and Firewall rules, I think I may have sorted it even with the BLOCK rules in place. All I changed was the "Filter Rule Association" on the "Firewall->NAT->Port Forward" page to "Pass" instead of "Create new associated filter rule" and it all appears to be working. I can access my sites and I can connect to my mail server and SSH.
I'm not sure if this will create any security issues or not (I'm hoping not) but at least it's working.
If this is likely to cause security loopholes or issues, please let me know and I will have to speak direct with VB in order to try and get this resolved.
Thanks again to everyone for your help. Not sure if there is any "kudos" or "rep" on this forum, but I'd certainly like to give some if it's possible.
-
http://community.virginmedia.com/t5/Networking-and-wireless/Business-Hitron-Router/td-p/3045782/page/2
Looks like your static IP is received by GRE. I am pretty sure it can be configured on pfsense side. Since I am not so familar with GRE I can't comment would it be best to use it on pfSense side or leave it on hitron. May be somebody more competent can comment it.
-
So on your isp router.. you need to forward what you want to forward, 80 443 to 192.168.0.2, or put 192.168.0.2 (pfsense wan IP) into the DMZ of your isp router..
I have one client location where his ISP uses a Zyxel modem/router combo. I used the DMZ option johnpoz mentioned here and as soon as the pfSense router was placed into the DMZ all the port scanning and door knockers on ports 22, 23 and others started showing up on the pfSense firewall log that were not there before. I knew then that pfSense router was then exposed to the world and not behind the Zyxel's firewall anymore. This is certainly one way to pass that traffic (and see all the door knockers on your ports from CN, RS, IN, etc).
-
@w0w:
http://community.virginmedia.com/t5/Networking-and-wireless/Business-Hitron-Router/td-p/3045782/page/2
Looks like your static IP is received by GRE. I am pretty sure it can be configured on pfsense side. Since I am not so familar with GRE I can't comment would it be best to use it on pfSense side or leave it on hitron. May be somebody more competent can comment it.
Thanks for the heads up. I'll take a look at this tomorrow although believe it or not I searched high and low (or at least thought I did) on the VM site for info on this. Perhaps I was searching the VB rather than VM site.
GRRR - modified this post then added kudos (or Karma as it's called her) to a couple of people and lost my edit because I forgot to save! Anyway, as I was saying…
I reviewed a lot of the 13 pages of posts on the above site but most of it was about people ranting and raving about flaky speeds and not being able to use the fixed IP on anything but the Hitron itself. Needless to say I posted my $0.01 (or more like $2.00) worth on the forum to let them know of my recent experience.
-
There is a problem with the hitron router in modem mode and pfsense.
I have never managed to get it to sucessfully assign me an ip address via dhcp. As we need the modem/bridge mode because we can hit large no of states we eventually found a workarround. We spoofed the pfsense wan firewall address on a pc and attached that directly to the modem which then assigned us an ip address. After that it appears to be happy until the ip address expires Every 12-14months then we have to repeat the execise but it works and so far i have been unable to configure pfsense to the point where it will do it. -
Well, at least I can confirm that those Hitron devices are junk.
Three+ years ago I got one from my cable provider. Issues were too numerous to remember. Contract ended 24 month after it began and I happily returned this crap.
I would dismiss a future great deal if it would imply having to use one of those devices. -
Agreed. Hitron devices are junk. But with the right firmware, wifi disabled and bridge mode my Hitron have 9 months uptime on a Gbps connection.
-
Mine was commissioned from ISP via TR-069, no bridge-mode and WiFi always on for "free fonero WLAN" or so. Crap^2
A firmware-update rendered the device useless for about 1 week or so. -
I keep seeing references to posts that claim that it is possible to configure pfsense to establish the gre tunnel with the hitron in modem mode in order to login for the stAtic ip on virgin. Has anyone managed this?
I cant even get pfsense to get a dynamic address when the existing smarthub 2 is in modem mode and have to spoof the mac address. -
I keep seeing references to posts that claim that it is possible to configure pfsense to establish the gre tunnel with the hitron in modem mode in order to login for the stAtic ip on virgin. Has anyone managed this?
I cant even get pfsense to get a dynamic address when the existing smarthub 2 is in modem mode and have to spoof the mac address.The Hitron and Smarthub are two completely different devices, aren't they?
