Cablem Modem Access - Behind Pfsense
-
With my Motorla SB6120, I could access the GUI on 192.168.100.1 with no changes to pfSense. With my Cisco DPC3848, I cannot (though I can still ping it). I believe that a lot of modems will allow any source IP address to connect (netmask 0.0.0.0) while others require the source IP address to be in the same subnet (192.168.100.0/24).
Below is how I got it working. Create a virtual IP (I use 192.168.100.2), and then create an outbount NAT rule to translate your computer's IP address to 192.168.100.2 when accessing 192.168.100.1 so that your modem won't ignore it. I had to reboot the pfSense firewall after doing this for it to take effect.
- Firewall -> Virtual IPs
- Type: IP Alias
- Interface: WAN
- Address Type: Single address
- Address: 192.168.100.2 (if your modem's GUI is on 192.168.100.1)
- VHID Group: 1
- Advertising frequency: Base - 1, Skew - 0
- Firewall -> NAT -> Outbound
- choose "Hybrid Outbound NAT rule generation
- Add a new rule:
a) Interface: WAN
b) Protocol: Any
c) Source: Any
d) Destination: Type - Network
e) Destination network for the outbound NAT mapping: 192.168.100.1/32
f) Translation: Address - 192.168..100.2()
g) Description: "Cable modem access"
-
What port did you specify in the Firewall Outbound setup?
-
I left all the ports blank ('all ports').
-
What is the absolute error on your browser when you try? HTTPS might just be a certificate error and refusal to connect.
-
No certificate error. But just wondered if htts might be an issue. I am still working on this today to see if I can make any progress. It may be just some issue with the Netgear CM 500 cable modem. I had an older Arris SB 6141 cable modem and had absolutely no issue. If these firm could just have a "engineering standards approach there would be less issues!
-
Have you tried forcing http? I can reach my cable modem with http://192.168.100.1, but not https://192.168.100.1.
*update: Mine is a Netgear CM600.
-
Thanks for tip. I tried it and it started to connect but then just stalled after I put in the user and password. I then tried to repeat the process and no connection was available. Some strange process…
-
Well- I gotta thank you. You have talked me out of buying the Netgear modem. Im going to wait for Zoom to come out with a 32X8 modem.
-
You are making the correct decision! I am not having any issues with the Netgear CM500 other than the remote login. We are about to go to 200MB traffic service so it was time to upgrade and I did research and felt Netgear would be ok? The Netgear modem is in a machine room with the Pfsense router and a GB switch so I now will have to go down and checkout matters locally if an investigation is required. I am very please with the many Pfsense board members that made suggestions. The Pfsense community is a great group.
-
What is your LAN subnet ?
Please! ;)
Here are screen shots of the current firewall rules. The cable modem is my own hardware. The GUI for the cable mode is operational if I make a direct connection with a notebook computer (no firewall).
Can you also post what your firewall logs say when you try to connect? Is there anything there that would indicate a block? (my guess is you will see nothing there.)
Try from your desktop- c:/>ping 192.168.100.1
Try from your pfsense box.. /diagnostic/ping 192.168.100.1
Sorry i have the same problem but
firewall ping router succesfully using diagnostic tools
i don't ping router from my pc using cmddoes anyone has suggestion?
Version 2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6Thanks
VanyiePfsense
 -
Solved, sorry, thanks to all.
I don't know what was going wrong.
I changed modem IP, changed Firewall Wan IP. Now everithing works and i can reach router from Firewall LAN???
Thanks
-
If that all happens through your WAN port, maybe the block bogons option on your WAN interface is getting in the way? I’ve never had to disable that before to hit 100.1, but maybe it’s a “feature” of newer versions of pfSense (I haven’t touched pfSense in almost 2 years)
