Access Modem GUI Behind Firewall
-
@Globaltrader312 Ok, the firewall rule for LAN with destination is not needed, btw.
Your NAT Outbound rule looks ok, although it's easier to use "LAN subnets" as source and "VIGOR subnets" but it should work.
Have you changed the IP of the Vigor167? Meaning are you sure the subnet is 192.168.5.0/ ? If you check the ARP table you see the modem?
-
@patient0 no i have not changed the vigor subnet and i am 100% sure that it is correct i was connected directly to the macbook via LAN 2 days ago and could access it. just not via the pfsense
-
@Globaltrader312 I see.
To be sure:
- you're connecting to the internet by PPPoE using the Vigor167, yes?
- Are you able to connect to the internet right now with the pfSense?
- On what interface is PPPoE set?
- The VIGOR interface is assigned to the same interface as the PPPoE?
- Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table"
- When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.
-
you're connecting to the internet by PPPoE using the Vigor167, yes? yes
Are you able to connect to the internet right now with the pfSense? yes with all 3 WAN interfaces
On what interface is PPPoE set? bge1
The VIGOR interface is assigned to the same interface as the PPPoE? yes bge1
Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table" yes
When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.when i connect to the mac i assign the ip manually in the settings with 192.168.5.3
-
@Globaltrader312 Ok, then I'm out of ideas.
In the ARP table you only see your own IP/MAC but not of the modem. Below is mine:
.Is there a route for 192.168.5.0/24 in the routing table (Diagnostics > Routes)?
Did you connect your Mac to the same port on Vigor that you now use to connect the pfSense?
-
Please look at the bottom of the modem for the 48bit MAC address and please see what IP is assigned to it in the ARP table.
Also try to see if the modem will issue a dhcp address if you set that interface to dhcp and not static, see if that populates the arp table entry.
-
-
@Globaltrader312 what does your iMac get as an IP address when directly connected? That demarcation point maybe provides layer 3 address via dhcp directly from that modem to the connected device, if it’s working automatically with a direct connected device open a term window and try ifconfig, and or windows command dos prompt ipconfig. If might issue layer 3 by dhcp and you have it static set to the wrong subnet on interface configuration page.
-
so the modem has no DHCP server activated but only modem mode and private IP is only assigned manually.
direct connection with Mac on the same port with manual ip configuration
with 192.168.5.3. GW 192.168.5.1 and Dns 192.168.5.1 works
same as with my ER 6P and ER 12 I used before the only difference with ER 6P and ER 12 was that I always had to run a second cable to the vigor but only because it can't do 2 assigment on the same ETH port.
-
@Globaltrader312 set the static with the last octet as .3 if that address works. It doesn’t show in the arp table that is weird to me. Are you using a rollover cable, I don’t know if that is a thing anymore however your modem might want a rollover cable. You can also try to spoof the MAC address of the iMac on the interface to test if the arp entry populates. That gateway is that what you have set statically on the interface also?
-
I use a normal Ethernet cable, nothing more.
see photo this is what it looks like on the mac when i connect directly.
-
@Globaltrader312
Upstream gateway?? None?
What about 5.1?
-
@patient0 what is your upstream gateway set as?
-
@Globaltrader312 said in Access Modem GUI Behind Firewall:
you're connecting to the internet by PPPoE using the Vigor167, yes? yes
Are you able to connect to the internet right now with the pfSense? yes with all 3 WAN interfaces
On what interface is PPPoE set? bge1
The VIGOR interface is assigned to the same interface as the PPPoE? yes bge1
Can you see the modem MAC and/or IP in the ARP table (Diagnostics > ARP table" yes
When you connected using the Mac, did you assign the IP to your Mac yourself or did it get one? And the IP your Mac got was .192.168.5.x not 192.168.1.5? 192.168.1.1 is the default network for the Vigor according to the docu.when i connect to the mac i assign the ip manually in the settings with 192.168.5.3
Is the gateway in the same subnet? It seems like we are isolating it to the gateway, can you do a tracert command and see when it fails? And or turn on logging and see what shows up when you try a connection to the gui?
-
@JonathanLee
yes i have not selected an upstream gateway as it says so in the instructions -
@Globaltrader312 5.0/24 shows bge1 interface. Do you have acls on bge1 ?
-
@Globaltrader312 so it’s not the modem it’s a pfSense configuration mix up, we need to isolate the interface and gateway
-
@JonathanLee no i have not set an ACL because it is not in the instructions
I have created an upstream gateway with 192.168.5.1 for testing purposes, but unfortunately this does not work either
i just don't understand why the access doesn't work i followed the instructions 100%.
could it be the multi WAN setup?
-
This post is deleted! -
@Globaltrader312 That is a lot of hops for just a link to the modem something is off with the gateway and or nat. You show the .5.0/24 on bge1 also. I have not watched the video. Correct me if I am wrong you are just attempting to access the GUI on the modem from the LAN however you have 3 WANs one is VOIP you are attempting to access the .5.0/24 network from the VIGOR interface, however this network resides in the routing table on the bge2 what is bridged with bge1?
(shows interface bge1)How did you bridge this connection?
(shows loopback interface not bge1)
(Shows vigor not bge1)
(vigor showing .5.2/24)
(your acl shows a source network that is different its 192.168.1.0/24 how does clients get layer 3 on the vigor interface of 1.0 if you have it set to 5.0/24??)Please show how bge1 is configured.. Does bge1 show any ACLs configured?
Keep in mind I am just trying to isolate this in my head I wish I could see more but it is what it is. I am thinking that bge2 has a mix up as the trace route can't even see the first hop