Port forward to WAN
-
Hi,
I like to be able to access the modem interface from outside my network.
The modem (Connect Box from IPS Ziggo, The Netherlands) is running in bridge, but can still be accessed on 192.168.100.1So incoming port (example 1234) has to go to IP 192.168.100.1 on the WAN port.
Is there a way without setting using the VPN?Thanks,
^Rich -
NAT?
-
@Mellowlynx said in Port forward to WAN:
So incoming port (example 1234) has to go to IP 192.168.100.1 on the WAN port.
Exactly @Mellowlynx you can make a nat --port forwarding and inteface incoming WAN address port:"80 (for example)" desntiny LAN_IP and the same port.
-
Why would anyone expose the modem Web GUI to the Internet?
What‘s the problem with VPN?-Rico
-
@Rico Its a example... can make any port that him need. for example an application p2p example emule.
-
@Rico Modem is acting weary lately, and I like to monitor in temporarily.
No VPN is needed so hope that I can use a NAT rule. -
@klausneil When I do this, the traffic will be forwarded to the LAN port right?...
I need it to go the the WAN port, the modem is upstream, not down.Modem
(can locally be access on 192.168.100.1) -> WAN port pfSense -> Lan (192.168.1.0/24)Hope you have a option for me to try.
-
Are you able to access it from LAN?
If yes, have you tried the NAT already?
If yes and it isn't accessible from outside, are you sure that your network is generally accessible from the Internet?
-
@viragomann Yes, I can access it from the LAN.
I did setup a NAT rule to the IP and it will not load.
If I edit it to a VOIP phone IP, I get the WEB UI from the phone. -
Have you also added an outbound NAT rule for the modem?
-
@viragomann I have made this rule. screenshot
Should I make one on the LAN interface? port 80 to 192.168.100.1 port 80? -
This post is deleted! -
No, that rule has to be on the interface where the traffic is coming in. If it WAN it ok.
But you also need an outbound NAT rule on that interface the modem is connected to.
-
This post is deleted! -
@Mellowlynx said in Port forward to WAN:
Correct me if i'm wrong, but it has to come in first trough to firewall an that go back out to the WAN right?
Yes it should go this way. This requires that your modem is in bridge mode as you stated above and pfSense WAN has a public IP. So 192.168.100.1 must not be the default gateway.
This is how I understand your set up. -
@viragomann I see now, never used Outbound in NAT before.
Do you have a example for me? or what I should fill in.Yes, Modem is in bridge mode and pfSense has Internet IP on wan.
I can access Web config on WAN IP and the VIOP phone on the same IP with other port.The bridge mode of the modem also gives it a local IP (192.168.100.1) to be able to connect to it and see connection info.
-
So the pfSense WAN interface has already a second IP in the modem subnet?
That's the premise for accessing from LAN. That's why asked above for accessibility from LAN.@Mellowlynx said in Port forward to WAN:
I see now, never used Outbound in NAT before.
So your outbound NAT may still work in automatic mode, which is default.
Switch into the hybrid mode. Then add a rule:
Interface: WAN
source: any
destination: 192.168.100.1
port: 80???
Translation interface address.You wrote above, you use port 80 to access the modem WebGUI. So the communication is not encrypted. The login credentials may be transferred in clear text! I strictly recommend to use an encryption like https if possible when you connect from the internet. Otherwise look for an other way to access it like VPN or a proxy with SSL.
-
@viragomann I can't set the IP as destination.
I can set it to Any or a network range. (I tried both)
But still noting. I did at one point got a redirect error in Chrome.But it looks like setting up the VPN is the way to go.
So will set that up tomorrow.Thanks you for you time and info, I did learn something today :)
-
@Mellowlynx
To set a single IP in the outbound NAT, you have to select Network, enter the IP and select 32 for the mask.