Accessing 4G modem from inside the firewall



  • Hi all,

    As the subject says, I am trying to access my modem from inside the firewall. I have set my LAN on 10.10.10.x subnet. I have two 4G modems and two DSL modems. The two 4G WAN connections are configured as DHCP on their respective interfaces in pfSense. The two DSL WAN connections are set as PPPoE. I can't properly configure pfSense so that I could access my 4G modems IP from my computer. Now, I know there are official documentations explaining as to how I can access the DSL modems, but as for the 4G modems I can't figure it out. The attached diagram should properly illustrate my setup. If you could help me, I'd be genuinely grateful. I tried to setup a virtual IP and create a manual rule in Outbound NAT but that didn't work. Thanks guys…
    ![firewall diagram.PNG](/public/imported_attachments/1/firewall diagram.PNG)
    ![firewall diagram.PNG_thumb](/public/imported_attachments/1/firewall diagram.PNG_thumb)



  • Hi all,

    I still have this question gone unanswered. I'd be grateful if someone helped me out. Many thanks.



  • Hello all,

    Any one interested in helping this poor fellow out? The question is simple. If your LAN is on 10.x.x.x and your modem's IP is on 192.168.x.x, how can I setup pfSense so that I could access the modem from a device inside the firewall ? The answer apparently not so much so.  :-\



  • Do you still have the Default allow LAN to any rule enabled under LAN rules? From what I understand, for non-PPPoE connections, that rule should allow you to access the modem by default. If you've disabled that to filter outgoing traffic (as I have), you'll need to create a LAN rule allowing access to that network.



  • @grokdesigns:

    Do you still have the Default allow LAN to any rule enabled under LAN rules? From what I understand, for non-PPPoE connections, that rule should allow you to access the modem by default. If you've disabled that to filter outgoing traffic (as I have), you'll need to create a LAN rule allowing access to that network.

    Hi. Yes, it's enabled. Though it sits right beneath my loadbalance rule. My assumption was this had to be done with VIP and 1:1 NAT.


  • Rebel Alliance



  • @ptt:

    @aah57:

    it sits right beneath my loadbalance rule

    https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

    Hi PTT. Thank you for pointing that out. The new rule gives me access to the modems (finally  :D), but as it trumps the loadbalance rule, all connections go through only the default gateway. Essnetially, no more MultiWAN. Although, I can drag the rule under the LB one, and whenever I need to access the modems I can revert the order. But that doesn't sound the correct way to go about fixing this issue. Thanks again.

    Edit: As the image below illustrates, the second rule (bypass rule) and the fourth one (default allow LAN to any) rule are redundant. So, ultimately the load balancing and LAN rule cannot work simultaneously side-by-side?



  • Rebel Alliance

    Just Change the "Destination" from "*" (ANY) to the Modem IP address… ;)

    You don't need to use "*" (ANY) in all your rules.... You can have "more strict" rules to get better/speciffic control of the traffic.


Log in to reply