Can a modem/router combo & Netgate SG-1100
-
I have a separate access point wired to LAN1 of the SG-1100 which is currently monitoring traffic just fine.
But providing the internet is my Motorola MG-7700 modem/Router combo. It’s what I am using to replace the ISP’s equipment. It has additional lan ports and Wi-fi capabilities but I’m not using those as I am unsure if I can route that traffic through the Netgate since it is connected to the WAN interface.
My question is.... can that Motorola provide the internet connection to the Netgate along with being managed by the pfsense system at the same time? I’m just trying to make use of the WiFi that’s available on the device but I don’t want it to go unmonitored.
-
hi,
the appropriate setting is as follows:
ISP DOCSIS 3.0 Cable - Motorola MG-7700 (in bridge mode) to pfSense (with public IP) - pfSense (fe.) Opt1 interface for wlan APand so on
what pfSense box do you have?
-
@DaddyGo said in Can a modem/router combo & Netgate SG-1100:
hi,
the appropriate setting is as follows:
ISP DOCSIS 3.0 Cable - Motorola MG-7700 (in bridge mode) to pfSense (with public IP) - pfSense (fe.) Opt1 interface for wlan APand so on
what pfSense box do you have?
I use the pfSense that’s built into the Netgate SG-1100.
So if I understand correctly I need to put the Motorola in bride mode, connect the LAN1 of the Motorola to the Netgate WAN, then loop back from Netgate OPT1 to the Motorola LAN2?
-
the idea is half right...-
Watch!
"I need to put the Motorola in bride mode, connect the LAN1 of the Motorola to the Netgate WAN"
absolutly yes!then loop back from Netgate OPT1 to the Motorola LAN2?
by no means!@pi "I have a separate access point "
configure your own AP on a separate VLAN or the OPT1 interface
(this is the safest)- forget this, not good:
then loop back from Netgate OPT1 to the Motorola LAN2?
- forget this, not good:
-
This would only setup OPT1 for another piece of equipment such as an AP. I’m trying to get some use out of the Motorola modem/router combo wireless. I know I can connect to the Motorola wireless as it currently is but I dont believe it’s getting funneled through pfsense on the Netgate. That’s what I’m trying to achieve.
-
if you do not allow all traffic through the firewall then you cannot protect them
is an ISP CPE device, it does have wifi, but if you configure it separately it is not protected by a firewall
WLAN devices are never configured with sensitive network components (desktops, NAS, etc. internal stuff)
just see the plenty of Youtube videos that show how to crack WEP, WPA encryption
it would be necessary to buy some smarter AP (VLAN capable):
https://www.cisco.com/c/en/us/products/wireless/wap361-wireless-ac-n-dual-radio-wall-plate-access-point-poe/index.htmlhttps://www.ui.com/unifi/unifi-ap-ac-lr/
https://www.ebay.com/itm/Lot-of-2-Cisco-WAP371-Wireless-AC-N-Wireless-Access-Points-w-Mounting-Brackets/254639949950?hash=item3b49b9487e:g:Vu4AAOSwMMNe-3gH
-
@pi said in Can a modem/router combo & Netgate SG-1100:
I’m trying to get some use out of the Motorola modem/router combo wireless.
Hello!
Typically, when you put a modem/router/wireless gateway into bridge mode (modem only) you will lose the functionality of the router/wireless.
I am not familiar with the mg7700, but I do not believe it is an exception...
https://motorolamentor.zendesk.com/hc/en-us/articles/115007129847-How-Do-I-Put-My-Cable-Modem-Router-Combo-also-called-a-Gateway-into-Bridge-Mode-So-I-Can-Connect-Another-Router-behind-It-
You might still be able to access the admin interface on the mg7700 when it is in bridge mode, but that is another topic.
John
-
@serbus said in Can a modem/router combo & Netgate SG-1100:
Typically, when you put a modem/router/wireless gateway into bridge mode (modem only) you will lose the functionality of the router/wireless.
@serbus - this cannot be stated in general!
one of the devices is only a simple modem in bridge mode, but there is an example this manufacturer (Sagemcom DOCSIS series) does not turn off wifi in bridge mode
https://support.sagemcom.com/en/gateways/fst-3686ac-dnaor
Technicolor TG78.....series
there is a separate bridge mode which is delegated to the 4 ethernet ports and the wifi continues to work NAT-enabled++++edit:
the lesson is that it is manufacturer and possibly custom ISP CPE FW dependent -
I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.
I guess I could imagine using it to access the modem for admin purposes.
Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.Steve
-
Just a interesting information for everyone about what I mentioned above
it is an Altice Network solution on FTTH
ISP ONT + Modem / router (in NAT and bridge mode)in this case, the system has two public IP addresses:
- a public IP for the NAT-based router mode (IP phone + IP TV + WiFi, etc)
- a public IP (separated) for the bridge mode on port 4.....to pfSense
the two public IP addresses are not the same!!!
the ONT has an IPoE connection
-
Ah, two public IPs. Novel.
-
and all for the price of one IP (1000 / 500)
(clever things)
so no problem, with IPTV (multicast) + IP phone things work behind NAT on the other ports, separated -
@stephenw10 said in Can a modem/router combo & Netgate SG-1100:
I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.
I guess I could imagine using it to access the modem for admin purposes.
Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.Steve
I second this. I think you have to choose if you want it to be a modem or wifi access point. If your ISP is charging a modem rental fee, then replacing it makes sense. Put it in bridge mode, you'll most likely sacrifice the wifi capability, but you'll be avoiding that fee. If the ISP is giving you the modem for free, then use the Motorola as a wifi access point. Disable, all services like DHCP and only use the LAN ports on the Motorola. The LAN from the Motorola can go to Opt 1.
-
@stephenw10 said in Can a modem/router combo & Netgate SG-1100:
I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.
I guess I could imagine using it to access the modem for admin purposes.
Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.Steve
Thanks for the feedback. I bridged the modem/router and did lose WiFi functionality. So I returned it to routing mode and assigned a static ip on the LAN based on the Netgate’s MAC address. Now the modem is feeding internet through one of its LAN ports to the Netgate WAN. Netgate is still passing traffic with no visible issues. Then I enabled wireless on the modem/router so that’s forking out unfiltered traffic. As I am new to pfSense I have borked the system a few times and it upsets my wife’s Facebook activities and that gets her going on a tangent. So I am using that unfiltered wireless to provide internet to my wife’s devices. For the time being it’ll keep me out of trouble while I learn the system.
Again, thanks for the feedback.
-
@Raffi_ said in Can a modem/router combo & Netgate SG-1100:
@stephenw10 said in Can a modem/router combo & Netgate SG-1100:
I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.
I guess I could imagine using it to access the modem for admin purposes.
Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.Steve
I second this. I think you have to choose if you want it to be a modem or wifi access point. If your ISP is charging a modem rental fee, then replacing it makes sense. Put it in bridge mode, you'll most likely sacrifice the wifi capability, but you'll be avoiding that fee. If the ISP is giving you the modem for free, then use the Motorola as a wifi access point. Disable, all services like DHCP and only use the LAN ports on the Motorola. The LAN from the Motorola can go to Opt 1.
This sounds like a good idea. I’ll try that out
-
@pi said in Can a modem/router combo & Netgate SG-1100:
@Raffi_ said in Can a modem/router combo & Netgate SG-1100:
@stephenw10 said in Can a modem/router combo & Netgate SG-1100:
I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.
I guess I could imagine using it to access the modem for admin purposes.
Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.Steve
I second this. I think you have to choose if you want it to be a modem or wifi access point. If your ISP is charging a modem rental fee, then replacing it makes sense. Put it in bridge mode, you'll most likely sacrifice the wifi capability, but you'll be avoiding that fee. If the ISP is giving you the modem for free, then use the Motorola as a wifi access point. Disable, all services like DHCP and only use the LAN ports on the Motorola. The LAN from the Motorola can go to Opt 1.
This sounds like a good idea. I’ll try that out
Make sure to check with the ISP on the modem fee though. Because even ISP's that state the modem is "free", it never really is, they just include it in the cost. What I mean by that is unless you explicitly ask if there is a discount on your bill for BYOD, they will get away with billing you for that "free" modem. In other words, they should give you credit for your own device even if they're not billing you for their modem. If they don't offer credit, or they really aren't billing you for it, then wifi it up.
