• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Troubleshooting question

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 5 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    guardian Rebel Alliance
    last edited by Jan 20, 2024, 5:23 AM

    I am having connectivity issues which I believe are caused by my provider.

    It would be really helpful if I had a way to log into my internet gateway/modem (attached to the pfSense LAN port) which has a web interface on 192.168.100.1 .

    Is there any way that I can access this normally non-routable address from my workstation?

    If you find my post useful, please give it a thumbs up!
    pfSense 2.7.2-RELEASE

    G S 2 Replies Last reply Jan 20, 2024, 6:22 AM Reply Quote 0
    • G
      Gertjan @guardian
      last edited by Jan 20, 2024, 6:22 AM

      @guardian said in Troubleshooting question:

      Is there any way that I can access this normally non-routable

      My LAN uses 192.168.1.1/24, a seocnd LAN uses 192.168.2.2.1/24, a third 192.168.4.1/24 and my OpenVPN server uses 192.168.3.1/24.

      My ISP router has been set up to use 192.168.10.1/24 on it's LAN - pfSEnse obtained, using 192.168.10.4. pfSense uses the default 'dhcp' on it's WAN.

      Usinga PC on LAN, having 192.168.1.x, when I want to see the ISP router's GUI, I enter 192.168.10.1 - which means that 192.168.1.x get routed through to 192.168.10.1 just fine.
      I can see and use the ISP router's GUI just fine.

      4fb97ed8-1555-4808-aa78-5d0141f35e7f-image.png

      Something is missing in your question ;)
      If you pfSense WAN interface doesn't have a RFC1918 IP, then a 'trick' is needed.
      pfSense got you covered, it's in the manual : Accessing a CPE/Modem from Inside the Firewall.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      G 1 Reply Last reply Jan 20, 2024, 5:44 PM Reply Quote 0
      • S
        stephenw10 Netgate Administrator @guardian
        last edited by stephenw10 Jan 20, 2024, 1:25 PM Jan 20, 2024, 1:24 PM

        @guardian said in Troubleshooting question:

        my internet gateway/modem (attached to the pfSense LAN port)

        Do you mean the actual LAN interface? Or is it attached to the WAN?

        You may need to add a VIP in the 192.168.100.X subnet and NAT traffic to it. See:
        https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html

        (Ooops same link!)

        1 Reply Last reply Reply Quote 0
        • G
          guardian Rebel Alliance @Gertjan
          last edited by Jan 20, 2024, 5:44 PM

          Thanks very much for the quick reply @Gertjan @stephenw10 and answering the question I should have asked. I knew that the RFC1918 was not routable and some sort of workaround was necessary--I just didn't ask the question properly. Thanks very much for the correction/answering the right question. I'll give this a shot and let you know if I have questions/run into trouble.

          @stephenw10 said in Troubleshooting question:

          You may need to add a VIP in the 192.168.100.X subnet and NAT traffic to it. See:
          https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html

          @Gertjan said in Troubleshooting question:

          Something is missing in your question ;)
          If you pfSense WAN interface doesn't have a RFC1918 IP, then a 'trick' is needed.
          pfSense got you covered, it's in the manual : Accessing a CPE/Modem from Inside the Firewall.

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          1 Reply Last reply Reply Quote 0
          • A
            AndyRH
            last edited by Jan 21, 2024, 10:40 PM

            In case that does not work, what I did was route the ISP through my switch so all I have to do is either add a USB NIC to my PC or change my PC's VLAN and then I am on the ISP side of pfSense.

            o||||o
            7100-1u

            G 1 Reply Last reply Jan 22, 2024, 5:52 AM Reply Quote 1
            • G
              guardian Rebel Alliance @AndyRH
              last edited by Jan 22, 2024, 5:52 AM

              @AndyRH said in Troubleshooting question:

              In case that does not work, what I did was route the ISP through my switch so all I have to do is either add a USB NIC to my PC or change my PC's VLAN and then I am on the ISP side of pfSense.

              Interesting Idea -- You have given me an idea to try.

              If you find my post useful, please give it a thumbs up!
              pfSense 2.7.2-RELEASE

              J 1 Reply Last reply Jan 22, 2024, 7:57 PM Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator @guardian
                last edited by Jan 22, 2024, 7:57 PM

                @guardian There are many uses for running the connection from your modem through a switch. One being yea its easy to add something to this network for whatever reason, span port if you want to sniff traffic.. For say troubleshooting something like dhcp where its hard to say get the sniff going on pfsense while it boots up..

                Also if you have a switch between just because your modem interface goes down, pfsense won't (unless your switch goes down as well). Sure it won't be able to renew its IP or actually get anywhere but the interface won't reset, it just won't be able to get to the internet.

                You could if you so desire put acls on on the ports to filter traffic. You could rate limit at the switch ports. Depending on the feature set of the switch your using.

                You could shut the switch port off to pfsense at the switch via a simple command at the switch.

                There is all kinds of reasons why its beneficial to have switch between pfsense wan and the modem..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                G 1 Reply Last reply Jan 27, 2024, 7:11 AM Reply Quote 1
                • G
                  guardian Rebel Alliance @johnpoz
                  last edited by Jan 27, 2024, 7:11 AM

                  @johnpoz said in Troubleshooting question:

                  @guardian There are many uses for running the connection from your modem through a switch. One being yea its easy to add something to this network for whatever reason, span port if you want to sniff traffic.. For say troubleshooting something like dhcp where its hard to say get the sniff going on pfsense while it boots up..

                  Also if you have a switch between just because your modem interface goes down, pfsense won't (unless your switch goes down as well). Sure it won't be able to renew its IP or actually get anywhere but the interface won't reset, it just won't be able to get to the internet.

                  You could if you so desire put acls on on the ports to filter traffic. You could rate limit at the switch ports. Depending on the feature set of the switch your using.

                  You could shut the switch port off to pfsense at the switch via a simple command at the switch.

                  There is all kinds of reasons why its beneficial to have switch between pfsense wan and the modem..

                  @johnpoz I appreciate the input, unfortunately I don't have spare ports on a switch I can use -- and I agree that is a great way to go.

                  Given the setup that I have, is there a way that I can setup a virtual IP on the ethernet port in the 192.168.100/0/24 subnet so I can get to the modem regardless of if I have a public IP or not?

                  If you find my post useful, please give it a thumbs up!
                  pfSense 2.7.2-RELEASE

                  J 1 Reply Last reply Jan 27, 2024, 10:29 AM Reply Quote 0
                  • J
                    johnpoz LAYER 8 Global Moderator @guardian
                    last edited by Jan 27, 2024, 10:29 AM

                    @guardian the instructions how to get to your modem have already been given multiple times.

                    I do it this way.. I have a 192.168.100.2 vip on my wan, that is connected to my modem..

                    vip.jpg

                    Do you have any outbound rules in floating that block rf1918? Do you have any rules on your lan where where your client is trying to access 192.168.100.1 that would block or policy route?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received