Accessing DSL modem

kcallis

I am using ATT U-Verse DSL and connected the one of the LAN ports to the WAN interface on my Netgate APU. I enabled IP-Passthru on the DSL modem so that my APU WAN interface gets the public IP address.

Accessing the modem Web management interface requires that I connect to the LAN port with wired to my laptop to make any changes to the modem. I would like to be able to access the modem wireless. I wanted to know if I connect a ethernet connect from the modem to my Cisco switch, create a VLAN on the switch and then make the APU access the tagged VLAN I created, shouldn't I be able to at this point be able to access the modem?

Any pointers would be greatly appreciated!

Rico

Check out https://www.netgate.com/docs/pfsense/interfaces/accessing-modem-from-inside-firewall.html

-Rico

kcallis

I have read that before, but I don't believe that works for me. My WAN interface on the APU is using DHCP from the modem. With that I can't create another WAN interface. Again, the WAN interface on the APU is plugged into one of the LAN ports on the modem. If I were to remove the IP-Passthrough, my IP address on my APU would be 172.16.0.100 doled out from the modem.

I opted to make use of the IP-Passthrough to in order to get rid of double NAT issues and the fact that the Arris firewall sucks rocks and caused issues with my VPN clients.

akuma1x

I have a very similar setup to yours, but I'm not using AT&T directly, rather a reseller of AT&T DSL service.

Anyway, I can hit my modems management page, but... I don't really know how.

I set it up to be pass-thru, and I've got the public facing IP address setup on my WAN interface for pfsense. I can get in remote from the outside world. So, I know that I successfully set everything up ok. I just don't know how pfsense is able to see the IP address of the modem and get me logged in.

I type 192.168.1.254 and my Arris modem login page pops up. I did setup the modem to allow my pfsense MAC address to be the pass-thru connection, maybe that has something to do with it. Check your U-Verse modem, it might have an IP address typed on the outside sticker.

Sorry, I'm not much help. Just wanted to state that I'm able to do it, and I didn't have to do very much to make it happen, even by accident.

Jeff

kcallis

@akuma1x Thanks for the response. Arris, depending on the model and firmware as far as IP-Passthru may or may not work. When I first received the Arris modem, it was there latest, greatest modem. Despite enabling IP-Passthru, I could not pass the ISP WAN IP address over to my APU. I come to find out, that with the latest modem with the latest firmware, there was a bug in the firmware and could not actually do IP-Passthru.

Arris BGW210-700 Software Version: 1.6.7

AT&T sent me another modem, albeit one or two generations older, the modem, now allowed IP-Passthru:

Arris NVG599 Software Version 9.2.2h3d14

akuma1x

@kcallis - Just checked my DSL modem, it's an Arris NVG589, software version 9.2.2h4d16. Mine has a sticker on the outer case with the login info to get into the management screens. How about your modem?

Don't know if that makes a difference in this discussion, however.

I think I figured out how I'm able to get the login page thru the 192.168 address - it's my allow LAN to any rule. Checked the states table, and the data is in there.

Jeff

kcallis

@akuma1x Yes, I have the sticker as well and I don't have any issue logging if I am using my laptop pulled into one of the LAN ports on the modem which is on the 172.16.0.0/24 subnet.

Actually Jeff, you solved my issue! I have an alias called "LOCAL_SUBNET", which defines all of my local subnets, and one is 172.16.0.0/24. I also have an alias called "PRIVATE_NETWORKS" which I had created to allow for RFC1918 networks, but in the standards definition, 172.16.0.0 is a /16. So when I created that alias, I used the /16.

The set the modem to use 17.16.0.0/24, so my rules with both the LOCAL_SUBNET and **PRIVATE_NETWORKS" were bumping one another. A quick change to the alias and one again, peace and tranquility reign throughout the known Universe or at least throughout my network and I was able to reach the web management interface!

Thanks for helping me fire up some synapses to solve this issue.

kcallis

Now if only I could edit the topic, I could change it to solved!