Reroute or NAT



  • Hi there I have a piece of hardware that has a hard coded ip for the firmware updates, so I cannot change it and it seems the firmware server has changed a few years back. So I think the following might work…

    iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -j DNAT --to-destination yyy.yyy.yyy.yyyy

    , but I don't know how to do this using pfsense,  thanks for any help or pointers or any other advise.

    Cheers Qinn


  • LAYER 8 Global Moderator

    huh??  What sort of moronic company would hard code an IP for firmware updates?

    Can you not locally load the firmware?

    What hardware is this exactly?  But sure you can do a port forward forward to accomplish what you want.. But just seems moronic that any company would do such a thing??  Have you contacted this company about it?



  • Thanks for the quick reply  :)

    @johnpoz:

    huh??  What sort of moronic company would hard code an IP for firmware updates?

    It's a Vonets VAR11N-300 and yes it's moronic company, but that's the way it is http://www.vonets.com/serviceView.asp?D_ID=123

    @johnpoz:

    Can you not locally load the firmware?

    Nope, there are no open ports only 80 (webserver) and pusing the upgrade button is the only way. Second best option is to remove the casing and connect directly to the print, which is my last resort.

    @johnpoz:

    What hardware is this exactly?  But sure you can do a port forward forward to accomplish what you want.. But just seems moronic that any company would do such a thing??  Have you contacted this company about it?

    It's being used as a wireless bridge for a Dreambox and they are a Chinese company :(, see link above, so not much hope there.


  • LAYER 8 Global Moderator

    I don't see anywhere in that link where it says its a hardcoded IP that its looking for??

    Just shows you how to connect to it and click the upgrade button.  So how did you determine what the IP it is looking for, and what is the new ip it needs to be sent too?



  • @johnpoz:

    I don't see anywhere in that link where it says its a hardcoded IP that its looking for??

    Just shows you how to connect to it and click the upgrade button.  So how did you determine what the IP it is looking for, and what is the new ip it needs to be sent too?

    Yes and a conformation http://bbs.vonets.com/forum.php?mod=viewthread&tid=16845&extra=page%3D1&page=2


  • LAYER 8 Global Moderator

    Wow..  So yes this 121.201.111.2 answers on 80.. Get the default II7 page.. Just Fing wow!!!

    You want to use this hardware why???

    But sure you can do a redirect from that OLD IP if that is what your box is asking for.. 211.154.131.164 to the above one

    Here.. Make sure you use LAN or whatever interface you have this connected to on pfsense..  You can then go to the OLD IP in your browser and get sent to the new IP on 80..

    Hope that helps.. Is quite possible could be using some other port than 80, but doubt it.. you could always sniff on pfsense when you click the update button and see exactly what its trying to do and go.




  • @johnpoz:

    Wow..  So yes this 121.201.111.2 answers on 80.. Get the default II7 page.. Just Fing wow!!!

    You want to use this hardware why???

    But sure you can do a redirect from that OLD IP if that is what your box is asking for.. 211.154.131.164 to the above one

    Here.. Make sure you use LAN or whatever interface you have this connected to on pfsense..  You can then go to the OLD IP in your browser and get sent to the new IP on 80..

    Hope that helps.. Is quite possible could be using some other port than 80, but doubt it.. you could always sniff on pfsense when you click the update button and see exactly what its trying to do and go.

    Thanks for your help and time so far, I tried the rule, but no updates so far. So I tried Wireshark to analyze the data outgoing from the Vonets, but I get too much info (or my knowledge of Wireshark is to low). Is there an easy way using pfS to see whats happeing, the moment I press upgrade? You hinted at that?


  • LAYER 8 Global Moderator

    do the sniff on pfsense on the lan or interface your device is connected to and put in its IP as the source.  Then download that so you can open in wireshark.. Post up this wireshark sniff and I can take a look to where its trying to go.

    Did you validate that the site works via calling up the IP in your browser and getting that IIS7 default page I showed?

    The wireshark sniff will show us exactly what its trying to do, maybe its trying to go to a different IP?  Or use a different port, etc.


  • Banned

    RMA this shit. Problem solved.



  • I guess they need to provide a firmware update, with the new address.  ;)


Log in to reply