Accessing DSL modem
-
I am using ATT U-Verse DSL and connected the one of the LAN ports to the WAN interface on my Netgate APU. I enabled IP-Passthru on the DSL modem so that my APU WAN interface gets the public IP address.
Accessing the modem Web management interface requires that I connect to the LAN port with wired to my laptop to make any changes to the modem. I would like to be able to access the modem wireless. I wanted to know if I connect a ethernet connect from the modem to my Cisco switch, create a VLAN on the switch and then make the APU access the tagged VLAN I created, shouldn't I be able to at this point be able to access the modem?
Any pointers would be greatly appreciated!
-
Check out https://www.netgate.com/docs/pfsense/interfaces/accessing-modem-from-inside-firewall.html
-Rico
-
I have read that before, but I don't believe that works for me. My WAN interface on the APU is using DHCP from the modem. With that I can't create another WAN interface. Again, the WAN interface on the APU is plugged into one of the LAN ports on the modem. If I were to remove the IP-Passthrough, my IP address on my APU would be 172.16.0.100 doled out from the modem.
I opted to make use of the IP-Passthrough to in order to get rid of double NAT issues and the fact that the Arris firewall sucks rocks and caused issues with my VPN clients.
-
I have a very similar setup to yours, but I'm not using AT&T directly, rather a reseller of AT&T DSL service.
Anyway, I can hit my modems management page, but... I don't really know how.
I set it up to be pass-thru, and I've got the public facing IP address setup on my WAN interface for pfsense. I can get in remote from the outside world. So, I know that I successfully set everything up ok. I just don't know how pfsense is able to see the IP address of the modem and get me logged in.
I type 192.168.1.254 and my Arris modem login page pops up. I did setup the modem to allow my pfsense MAC address to be the pass-thru connection, maybe that has something to do with it. Check your U-Verse modem, it might have an IP address typed on the outside sticker.
Sorry, I'm not much help. Just wanted to state that I'm able to do it, and I didn't have to do very much to make it happen, even by accident.
Jeff
-
@akuma1x Thanks for the response. Arris, depending on the model and firmware as far as IP-Passthru may or may not work. When I first received the Arris modem, it was there latest, greatest modem. Despite enabling IP-Passthru, I could not pass the ISP WAN IP address over to my APU. I come to find out, that with the latest modem with the latest firmware, there was a bug in the firmware and could not actually do IP-Passthru.
Arris BGW210-700 Software Version: 1.6.7
AT&T sent me another modem, albeit one or two generations older, the modem, now allowed IP-Passthru:
Arris NVG599 Software Version 9.2.2h3d14
-
@kcallis - Just checked my DSL modem, it's an Arris NVG589, software version 9.2.2h4d16. Mine has a sticker on the outer case with the login info to get into the management screens. How about your modem?
Don't know if that makes a difference in this discussion, however.
I think I figured out how I'm able to get the login page thru the 192.168 address - it's my allow LAN to any rule. Checked the states table, and the data is in there.
Jeff
-
@akuma1x Yes, I have the sticker as well and I don't have any issue logging if I am using my laptop pulled into one of the LAN ports on the modem which is on the 172.16.0.0/24 subnet.
Actually Jeff, you solved my issue! I have an alias called "LOCAL_SUBNET", which defines all of my local subnets, and one is 172.16.0.0/24. I also have an alias called "PRIVATE_NETWORKS" which I had created to allow for RFC1918 networks, but in the standards definition, 172.16.0.0 is a /16. So when I created that alias, I used the /16.
The set the modem to use 17.16.0.0/24, so my rules with both the LOCAL_SUBNET and **PRIVATE_NETWORKS" were bumping one another. A quick change to the alias and one again, peace and tranquility reign throughout the known Universe or at least throughout my network and I was able to reach the web management interface!
Thanks for helping me fire up some synapses to solve this issue.
-
Now if only I could edit the topic, I could change it to solved!
