• I am using ATT U-Verse DSL and connected the one of the LAN ports to the WAN interface on my Netgate APU. I enabled IP-Passthru on the DSL modem so that my APU WAN interface gets the public IP address.

    Accessing the modem Web management interface requires that I connect to the LAN port with wired to my laptop to make any changes to the modem. I would like to be able to access the modem wireless. I wanted to know if I connect a ethernet connect from the modem to my Cisco switch, create a VLAN on the switch and then make the APU access the tagged VLAN I created, shouldn't I be able to at this point be able to access the modem?

    Any pointers would be greatly appreciated!

  • LAYER 8 Rebel Alliance

  • I have read that before, but I don't believe that works for me. My WAN interface on the APU is using DHCP from the modem. With that I can't create another WAN interface. Again, the WAN interface on the APU is plugged into one of the LAN ports on the modem. If I were to remove the IP-Passthrough, my IP address on my APU would be doled out from the modem.

    I opted to make use of the IP-Passthrough to in order to get rid of double NAT issues and the fact that the Arris firewall sucks rocks and caused issues with my VPN clients.

  • I have a very similar setup to yours, but I'm not using AT&T directly, rather a reseller of AT&T DSL service.

    Anyway, I can hit my modems management page, but... I don't really know how.

    I set it up to be pass-thru, and I've got the public facing IP address setup on my WAN interface for pfsense. I can get in remote from the outside world. So, I know that I successfully set everything up ok. I just don't know how pfsense is able to see the IP address of the modem and get me logged in.

    I type and my Arris modem login page pops up. I did setup the modem to allow my pfsense MAC address to be the pass-thru connection, maybe that has something to do with it. Check your U-Verse modem, it might have an IP address typed on the outside sticker.

    Sorry, I'm not much help. Just wanted to state that I'm able to do it, and I didn't have to do very much to make it happen, even by accident.


  • @akuma1x Thanks for the response. Arris, depending on the model and firmware as far as IP-Passthru may or may not work. When I first received the Arris modem, it was there latest, greatest modem. Despite enabling IP-Passthru, I could not pass the ISP WAN IP address over to my APU. I come to find out, that with the latest modem with the latest firmware, there was a bug in the firmware and could not actually do IP-Passthru.

    Arris BGW210-700 Software Version: 1.6.7

    AT&T sent me another modem, albeit one or two generations older, the modem, now allowed IP-Passthru:

    Arris NVG599 Software Version 9.2.2h3d14

  • @kcallis - Just checked my DSL modem, it's an Arris NVG589, software version 9.2.2h4d16. Mine has a sticker on the outer case with the login info to get into the management screens. How about your modem?

    Don't know if that makes a difference in this discussion, however.

    I think I figured out how I'm able to get the login page thru the 192.168 address - it's my allow LAN to any rule. Checked the states table, and the data is in there.


  • @akuma1x Yes, I have the sticker as well and I don't have any issue logging if I am using my laptop pulled into one of the LAN ports on the modem which is on the subnet.

    Actually Jeff, you solved my issue! I have an alias called "LOCAL_SUBNET", which defines all of my local subnets, and one is I also have an alias called "PRIVATE_NETWORKS" which I had created to allow for RFC1918 networks, but in the standards definition, is a /16. So when I created that alias, I used the /16.

    The set the modem to use, so my rules with both the LOCAL_SUBNET and **PRIVATE_NETWORKS" were bumping one another. A quick change to the alias and one again, peace and tranquility reign throughout the known Universe or at least throughout my network and I was able to reach the web management interface!

    Thanks for helping me fire up some synapses to solve this issue.

  • Now if only I could edit the topic, I could change it to solved!