Trying to access my Comcast modem via the LAN

chpalmer

@JKnott said in Trying to access my Comcast modem via the LAN:

@chpalmer said in Trying to access my Comcast modem via the LAN:

The modem doubles as the local router for Comcast's purposes.

Other companies do similar, by "Comcast's purposes", do you mean public "Xfinity" WiFi?

No not the public WIFI crap. Speaking of crap we usually call them Comcrap due to "crap" like this.

By their purposes I mean in order to provide the static IP's they use a local router. (probably not the best use of "their purposes" but I digress.. The Modem/Router combination truly does the routing on site. If the OP was to show his "quality" logs you would see the ping is very small to the gateway router because that is indeed in the modem in this situation.

johnpoz

Back on subject just create a vip

On your wan create a vip, lets call it 10.1.10.2, then create an outbound nat to that vip... There you go access.

bazzacad

Thanks for all the help everyone. Sorry this became a longer topic then I expected. I'll try the VIP option this evening...

bazzacad

So I want the VIP to be the destination for the outbound NAT?

johnpoz

No the vip would be the interface for the nat, dest would be the IP your trying to get to or just the network.. One sec show you a pic.. I don't need it to access my modem.. But I can set one up real quick to show you. My modem which is bridged can still be access via is 192.168.100.1 address..

So create vip on wan say 192.168.100.2 - one sec brb.

here you go. Notice how I selected the vip as the translation in the outbound. You only need to use hybrid not manual.. So now anything coming from 192.168.9.0/24 network going to a 192.168.100.0/24 network will go out the wan using that IP..

And there you go access

bazzacad

Thanks for the screen shots. They're very helpful.
So I'm thinking this is what I'll try. Does it look correct...?
Also, my NAT mode is already set to Manual. Needed it for some PBX rules.

johnpoz

Yeah that looks right.

bazzacad

I added the VIP & NAP, but no luck. :-(
I can ping the VIP & modem from the LAN.

johnpoz

Well you got something back.. Or you wouldn't have gotten that page.. So you got a syn,ack I would assume.. So your vip is working.

Sniff on the wan when you try and open the page.. do you see the syn,ack come back from your syn.. If so pfsense is doing what you told it to do.

Why did you do a /32? Set that to /24

bazzacad

OK I fixed the /32 thx.
By Sniff do you mean WireShark?
Or can I do it in pfSense?

stephenw10

You can do it within pfSense:
https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html

Steve