Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access modem / gateway webGUI which is "down" to fix internet connectivity

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattbunce
      last edited by

      LAN: 10.200.0.1/24
      WAN1: 192.168.1.254
      WAN2: 10.0.0.1

      For now, these WAN1 and WAN2 links are standard domestic ADSL modem/routers in router mode (I'll switch them in to bridge mode at a later point, but for now I'm trying to get this problem solved).

      Without any multi-wan configuration I can access the webGUI of WAN1 by going to http://192.168.1.254 in a browser connected to the LAN side of pfSense. As you'd expect, I can access this modem webGUI whether or not the DSL line is working. This is great because I can make config changes or at least start to diagnose any connectivity problems.

      Once I enable multi-wan configuration everything works fine as long as the WAN1 gateway is marked as UP. However, once WAN1 goes down I can no-longer access the webGUI via the LAN (which is frustrating because it's generally when the gateway is down that I would want to access the webGUI to start diagnosing issues). My only option to regain access to the WAN1 webGUI is to disable the WAN2 interface within pfSense. Once WAN2 is disabled (I guess this disabled all multi-wan features) I can once again access the WAN1 webGUI.

      I have noticed that when WAN1 gateway is down I can still ping the modem from pfSense itself, but I cannot ping the modem from the LAN side.

      Any idea what is going on? How can I force this traffic to go via WAN1 even though the WAN1 gateway is down?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        This might be a dumb question but why don't you just access the WebGUI at 10.200.0.1?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          mattbunce
          last edited by

          Sorry I wasn't clearer. I'm trying to access the GUIs of the modems, not pfsense itself.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            This can probably be done with a policy-routing rule directing traffic to the specific modem out the specific WAN interface placed above the one that routes traffic to the gateway group.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              mattbunce
              last edited by

              I think I have tried this, but because the gateway will be marked as down the rule will either be applied without the gateway being considered, or the rule will be skipped all together.

              I think that once the gateway is marked as down, pfSense is avoiding sending any LAN traffic via that gateway. It's just strange that I can ping the modems from pfSense itself, just not from the LAN side…

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                You might have to originate traffic from the firewall to make this happen. I don't see any of the options for gateway down rules helping matters.

                If your modem is on 192.168.100.1 try this:

                ssh -L 8080:192.168.100.1:80 root@pfsense_lan_ip

                Log in, then open a web browser to: 127.0.0.1:8080

                That might work. There is probably a better way but that comes to mind.

                I think putty has the same option but I don't know where it is.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • M
                  mattbunce
                  last edited by

                  Ah, perfect. I managed to follow tutorials on how to get Local Port Forwarding to work in Putty on Windows and it worked a treat.

                  Thanks for the tip

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.