Modem Management when using pfSense multizone setup
-
in my old setup, Netgear WiFi Router with just 192.168 LAN, I would address my Netgear modem as 192.168.100.1. My new setup has 192.168, 172.16, and 10.0.0 zones. Firewall rules aside, can I still address the modem, (for mgmt purposes), by entering 192.168.100.1 into a PC browser? I'm assuming that the PC must be wired into my 192.168 switch. Do I have to be cautious about DHCP trying to allocate that modem IP address to some other device?
-
@oldsportbiker
Is the router / modem running in bridge or in router mode?
Does it provide a DHCP server on its LAN?Do you get the public IP on pfSense WAN now?
-
As long as you don't have the modem subnet assigned locally you should still be able to access it there.
You might have to add a VIP in the modem subnet to WAN and NAT to it if the modem really is a modem and the pfSense WAN has a public IP.
https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html
If the upsteam device is still a router you don't need to do any of that.
Steve
-
@stephenw10 FWIW no special setup is needed for Comcast/Xfinity in my case. I can access my self-owned Netgear cable modem from my LAN via its IP even though pfSense gets a public IP. I figure it must capture it.
AT&T DSL was the same for me, I could still connect to their DSL router even in bridge mode.
@oldsportbiker If your modem is 192.168.100.1 just try that IP, as long as your pfSense network is not 192.168.100.x/24 (e.g. 192.168.2.x/24) then it might just work. It won't work if two interfaces of pfSense hold/contain/use 192.168.100.x/24, it won't know where to send the packets.
-
Yes it depends on the modem. If it has a route to the pfSense WAN you don't need to do anything. Some modems do not and require you NAT to their subnet so they can reply.
