Modem Management when using pfSense multizone setup

oldsportbiker

in my old setup, Netgear WiFi Router with just 192.168 LAN, I would address my Netgear modem as 192.168.100.1. My new setup has 192.168, 172.16, and 10.0.0 zones. Firewall rules aside, can I still address the modem, (for mgmt purposes), by entering 192.168.100.1 into a PC browser? I'm assuming that the PC must be wired into my 192.168 switch. Do I have to be cautious about DHCP trying to allocate that modem IP address to some other device?

viragomann

@oldsportbiker
Is the router / modem running in bridge or in router mode?
Does it provide a DHCP server on its LAN?

Do you get the public IP on pfSense WAN now?

stephenw10

As long as you don't have the modem subnet assigned locally you should still be able to access it there.

You might have to add a VIP in the modem subnet to WAN and NAT to it if the modem really is a modem and the pfSense WAN has a public IP.

https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html

If the upsteam device is still a router you don't need to do any of that.

Steve

SteveITS

@stephenw10 FWIW no special setup is needed for Comcast/Xfinity in my case. I can access my self-owned Netgear cable modem from my LAN via its IP even though pfSense gets a public IP. I figure it must capture it.

AT&T DSL was the same for me, I could still connect to their DSL router even in bridge mode.

@oldsportbiker If your modem is 192.168.100.1 just try that IP, as long as your pfSense network is not 192.168.100.x/24 (e.g. 192.168.2.x/24) then it might just work. It won't work if two interfaces of pfSense hold/contain/use 192.168.100.x/24, it won't know where to send the packets.

stephenw10

Yes it depends on the modem. If it has a route to the pfSense WAN you don't need to do anything. Some modems do not and require you NAT to their subnet so they can reply.