AON example for accessing modem monitoring interface



  • I've searched and found lots of examples of using redir to get access to the management interface on a DSL modem, and references to using Advanced Outbound NAT to achieve the same thing. But I haven't found an example of an AON setup that I can look at. redir would be OK, but I'd like to use Munin to monitor the modem parameters, and that's easiest done with SNMP. I admit that I haven't tried SNMP over TCP, but I wouldn't expect that to work on the modem. (It's a BroadMax HSA300A-304)

    Besides…this really is a routing problem. :)

    So, can someone point me at an example of how to configure AON to let the LAN get to a private subnet configured as an alias on the WAN interface?

    Network topology is:

    ISP              Modem          pfSense                    LAN
    64.xxx.yyy.1 ==== <bridge>===== 64.xxx.yyy.94 (em0) ======= 192.168.94.1 (em1)
                      192.168.0.1 == 192.168.0.94  (em0 alias)

    The alias on em0 is set up in the xml config, and I can ping the modem from the shell on the pfSense box.

    How do I configure AON to allow the LAN access to the modem, while still routing all other traffic to the ISP gateway?

    Thanks in advance, and I apologize if I didn't search hard enough. :)</bridge>



  • You may have sorted this out by now but I had the same issue where I have my ADSL 2+ router in a bridge so that I can assign my internet-facing static IP's directly to the WAN interface on PFsense..

    The problem was that I wanted a secure way to manage/reboot the router should there be an issue and at one point there were many…

    I ended up enabling another interface on the pfsense machine but the catch is that if you plug the new interface into the router as well as the WAN interface, PFSENSE sees the same MAC address on two interfaces and obviously confuses the routing.

    What I did was to enable a two interface VM image that was presented with two unused pysical NICS. I patched the new interface on the physical PFSENSE firewall into the LAN interface of the virtual one and then the WAN interface from the VM went into the router...

    Long winded I know...but all I then had to do was use a AoN from my LAN network that translated via my WAN2 interface (the new one on the physical PF) and dump a static route on the physical PF to direct 10.0.0.0 traffic to the LAN interface of the VM PF from where it would be routed to the router...

    I needed it to work and I was having straight routing issues which was preventing one LAN interface from talking to another...don't ask me why...still haven't resolved it so the AoN NAT translation was the only thing that allowed this to work properly.


Log in to reply