ADSL Modem Access from LAN - Not in Bridge Mode

ak

I cannot run my modem straight to PFSense via PFsense PPPOE interface. I have to run a double NAT.

If my LAN is 192.168.1.0/24 and my WAN is 192.168.2.0/24, how can I configure PFSense to allow access to my modem web interface from the LAN. All examples I have found point to having a PPPOE interface to the modem which I don't have.

jahonix

Why shouldn't it have access immediately?
Which IP is shown as your gateway on WAN? Something like 192.168.2.1 maybe? Go there by trying http://192.168.2.1 or https://192.168.2.1. Your modem's UI should respond then.

From  Interfaces: WAN  you could as well try not to "Block private networks and loopback addresses" but that shouldn't matter for an outgoing connection and its answers.

ak

No idea why it can't be seen. Hence the question.

I have setup box with a couple of OpenVPN clients, squid and haproxy. This all works. I have Gateway Groups setup to use different gateways etc.

My WAN say, is 192.168.2.1 and the modem is 192.168.2.254.
The LAN is 192.168.1.0/25.

I can hit pfsense on 192.168.1.1 from the LAN, but when trying 192.168.2.254 for the modem from the LAN, there is no access. I can ping from the lan the modem and get a response, but I can't telnet to port 80 or 443 for the web UI. traceroute shows first the pfsense and then the modem.

I thought it might be my lan rules for selecting gateways so i added a rule at the top for source LAN, dest WAN, use WAN_DHCP gateway. But still no luck

So all quite confusing what I need to do.

jahonix

@ak:

The LAN is 192.168.1.0/25.

Are you sure about the /25 or is that a typo? But shouldn't do much in regards to your problem.

@ak:

but I can't telnet to port 80 or 443 for the web UI.

Telnet?
Port 80 and 443 are HTTP/HTTPS ports, which means you go there with your browser, not a telnet client.

JKnott

Telnet?
Port 80 and 443 are HTTP/HTTPS ports, which means you go there with your browser, not a telnet client.

Telnet is often used to connect to other ports for testing etc.  For example try "telnet www.google.com 80", which will connect to Google on port 80.  After you do that, type "ls" to see what you get.

ak

• That is a typo - its 24.

• As JKnott says, telnet is just a socket client. You can hand craft a HTTP request if you want via this. Type something like ''GET /index.html HTTP/1.0' and you can get the index page

Anyway - still stumped.

ak

For completeness, I have resolved or worked around the issue.

I ensured that pfsense can see the modem (well it should!) and can telnet to the modem port.  I then created a HAProxy front end on my lan, and a backend to the modem. This workaround came about from another problem I had with HAProxy, Web UI exposed to the WAN side on 443 etc.

https://forum.pfsense.org/index.php?topic=137776.0