Access to the modem web page

stephenw10

Yes, looks like you might need an extra connection there. But test it from pfSense as I outlined, that is in the same subnet so is able to connect (if you don't need an extra connection).

Usually with this type of setup you need to NAT the traffic as most "modems" have no facility for adding a route of gateway on the LAN side. They can only talk back to devices in the subnet.

Steve

johnpoz

Comcast business gateways are like this... 1 Port of the switch on them can be put in bridge mode, and the other ports are natted..

Your not going to be able to hit the LAN ip from the bridged interface.. Your going to need to connect to one of the non bridged ports.

mrvarga

I connect another lan cable to pfsense router lan3 port to the model lan1 port. Set the interface to dhcp but this is the result:
0_1542317982836_9bcface7-c832-4e30-b8df-ac90f3ba4a1e-image.png
If I set the iterface to static ip 192.168.8.100/24 and I try to ping the router:
0_1542320214224_ccbb9106-4964-449c-b03a-fa4c95e6a34d-image.png

Derelict

If you have to access the modem (honestly, how often does one really have to do this?) connect a laptop.

mrvarga

@derelict yes this is right, but is just for learn new things.
I think the error is in the modem ip address, the right is 192.168.1.1 and not the 192.168.8.1.
When I arrive home I will try...

johnpoz

From what I researched the default IP is the 8, but sure that could of been changed... My point was that once you put it in bridge mode that lan IP of what is actually a gateway and not a "modem" is not going to be available on the bridged interface.. So you will have to access if via one of its other switch ports.

This is completely different than say a "cable" modem that bridges your connection to the router behind (pfsense) and then also listens on 192.168.100.1 address on the same L2..

I concur with Derelict there is really little reason to just not connect a box to one of the "natted" switch ports on that gateway device if you need to access it... But its also possible to to connect and interface to pfsense..

The question comes down to the details of that device - which I have no actual experience with other than that thread you listed and I breezed through. But what I do have experience with is other "cable" gateways where you can put 1 port of the switch in bridge mode and device connected will get a public IP.. and other devices on other ports will get a natted ip - but in such cases dhcp is still running and connecting a device set for dhcp should get an address.

mrvarga

Can be my setting wrong, because somtimes (once every two days I lost the wan connection and the wan IP is 0.0.0.0) so I don't have internet and and have to manualy reboot the modem...
The modem is Huawei E5186 put in bridge mode by this guide (https://forums.whirlpool.net.au/archive/2670005), and the WAN interface setting si:
0_1543155915302_37a37d0d-dc0c-4694-8e52-597cdf7ef85b-image.png
And this is the result:
0_1543156043557_b2172a24-630e-455d-aa23-7481b7a73e41-image.png
I have also a lot of this log....
0_1543156562531_2902a840-1e28-4ca9-a889-1b0e31fdd565-image.png

Babiz

@mrvarga Hi!

Here is my current working layout of pfSense, I can login to modem web ui
at 192.168.254.1 when it is propely configured with pppoe 8/35 link , dhcp server and bridge mode!
Because I add another MODEM interface side by side to PPPoe interface.

pfSense do all work and no need to make additional hybrid nat rule with this simple layout.
I also setup ipsec vpn and for reach remote device for mamaging watching remote stuffs, I do on remote site some hybrid nat and vips to re routing traffic on my local subnet. yes it's really amazing
alt text

Cheers.

mrvarga

@babiz

stephenw10

If you're seeing an odd IP on the WAN you should check the dhcp logs to see if it's actually being handed to you. You migyht need to reject DHCP leases from the 'modem' itself. Though 0.0.0.0 is not normally something you would see in that situation.

https://www.netgate.com/docs/pfsense/book/interfaces/ipv4-wan-types.html#dhcp

Steve

discy

PC on lan at 192.168.9.100, just put 192.168.100.1 in the browser and bing bang zoom... No vips, not odd nats, no disable reply-to.. No floating rules.

Same for me. Nothing to be done. 192.168.100.1 Ziggo/UPC/Vodafone "Connect-box" in bridge.

Just had to add a rule on top of LAN from LAN-NET to the modem on WAN_DHCP gateway because other rules mess it up.

MarioNava

Hello there.
I had the same problem, accessing my router behind PfSense.
Internal lan is 192.168.0.x Pfsense on 192.168.0.254
Router is 192.168.1.254
There was no way to access it. Then i checked my network card IPs.
I had 2 assigned. 192.168.0.22 and 192.168.1.22
Removed 192.168.1.22 amd then BANG! router interface is reachable.
Is really THAT simple as other people wrote. NO need to mess up anything.
Hope this helps someone.
Have a nice day,

Mario