Cant see modem using static address on wan.
-
I have two setups.
1.2.3 at my tiny datacenter in my basement with a cable modem… Linksys modem interface address 192.168.100.1
2.0 at my office with a bridge only dsl modem and a static IP no ppp no login ect... Zoom 5615 modem interface address 10.0.0.2
I can see my cable modem at home using its address with no changes to the firewall.
I cannot see the dsl modem.
Both modems are bridges with static addresses on the wan of the firewall.
Search only brings up info on pppoe systems so far...
Any ideas?
Thanks!
-
I cannot see the dsl modem.
How are you looking and what response do you get to your attempt to see the DSL modem?
-
Cant ping it nor see it using my browser.
Net connectivity is fine but it would be nice to be able to watch my signal levels for changes without having to take things down.
-
Cant ping it nor see it using my browser.
By name or IP address? What is reported on an access attempt?
What do you see in a packet trace on pfSense WAN interface while you attempt a ping to the modem?
-
Sorry long week so far…
By IP.
Firefox can't establish a connection to the server at 10.0.0.2.
Lan trace
21:54:59.859269 IP (tos 0x0, ttl 128, id 6340, offset 0, flags [DF], proto TCP (6), length 48)
172.25.125.53.3620 > 10.0.0.2.80: Flags ~~, cksum 0x8de8 (correct), seq 3214275548, win 65535, options [mss 1460,nop,nop,sackOK], length 0Wan trace
22:03:05.640036 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0
22:03:08.567771 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0
22:03:14.603369 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0~~ -
So in both locations your pfSense WAN address is a publicly addressable IP passed to it by your ISP? Or are you manually assigning static IP's?
If that's the case then I'm surprised you can access the modem at either end as I would expect there to be no route.Have you unchecked 'block private networks' on WAN?
Try adding a route manually to the modem IP via WAN.
Steve
-
Yes- public IP on the wan port that I have set static on the interface…
Not sure what caused those lines on my last post to be struck out- not intended...
Ive tried unchecking the block private network option with no success...
Tried a static route but may need to tweak on it some more...
Oh well, Ill keep trying and report back.
Thanks!
-
Ive tried unchecking the block private network option with no success…
I suspect that it you fiddle with that setting and expect it to take effect without a reboot you will also need to reset firewall states.
Wan trace
22:03:05.640036 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0
22:03:08.567771 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0
22:03:14.603369 IP x.249.55.x.21963 > 10.0.0.2.80: tcp 0This is your system on the LAN side attempting to access the web GUI on your modem?
How will the modem know where to send replies to x.249.55.x? I'm guessing x.249.55.x is not on the same subnet as the modem. If that is so, the modem will need some sort of static route so it knows where to send its reply.
Alternatively, you will have to configure pfSense so it NAT's the access to the modem (in which case the modem should see the web access attempt coming from an address on its subnet.
-
This is your system on the LAN side attempting to access the web GUI on your modem?
Right.
How will the modem know where to send replies to x.249.55.x? I'm guessing x.249.55.x is not on the same subnet as the modem. If that is so, the modem will need some sort of static route so it knows where to send its reply.
Correct- it is not on the same subnet. Im going to run these same traces when I get home on my 1.2.3 box. I can see my cable modem under the same circumstances there and thats where Im confused.
Alternatively, you will have to configure pfSense so it NAT's the access to the modem (in which case the modem should see the web access attempt coming from an address on its subnet.
I understand why thats needed. But then why if I have not done this on my 1.2.3 box can I see that modem also not in my wan ip subnet? Ill post the results later from those traces…
-
But then why if I have not done this on my 1.2.3 box can I see that modem also not in my wan ip subnet?
I don't know enough about your configurations or their history to answer.
-
1.2.3 can see it right out of the box no mods, port forwarding, nat, rules or otherwise…
18:54:46.857157 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 0
18:54:46.857413 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 0
18:54:46.861100 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 349
18:54:46.864786 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 256
18:54:46.881655 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 1460
18:54:46.882129 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 0
18:54:46.883453 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 188
18:54:46.900938 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 1460
18:54:46.901400 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 0
18:54:46.902723 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 228
18:54:46.917539 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 1460
18:54:46.917965 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 0
18:54:46.919252 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 76
18:54:46.934230 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 1460Driving me nuts for sure... 192.168.100.1 is a private address right?? doing a web search now....
Once again from the other box...
19:05:51.751588 IP x.249.55.x.39272 > 10.0.0.2.80: tcp 0
19:05:54.612605 IP x.249.55.x.39272 > 10.0.0.2.80: tcp 0
19:06:00.648228 IP x.249.55.x.39272 > 10.0.0.2.80: tcp 0 -
What I thought I knew…
NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
OriginAS:
NetName: PRIVATE-ADDRESS-CBLK-RFC1918-IANA-RESERVED -
1.2.3 can see it right out of the box no mods, port forwarding, nat, rules or otherwise…
18:54:46.857157 IP 192.168.100.1.80 > 24.113.x.x.43833: tcp 0
18:54:46.857413 IP 24.113.x.x.43833 > 192.168.100.1.80: tcp 0But where was this trace taken? WAN on pfSense? If so, suggests this modem has a route to 192.168.x.y/z
Does the modem in your "pfSense 2.0" configuration have a route to x.249.55.x/y?Also this modem clearly has a public address. In your other configuration the modem has a private address. But I don't know enough about what you have configured or your equipment to judge if this difference is significant.
-
both modems are bridges… that have available maintenance ips...
both pfsense boxes have public ip addresses on their wan interface.
cable modem------24.113.x.x-----------wan pfsense 1.2.3 lan-----172.31.125.0/24
dsl modem-------65.249.55.x-----------wan pfsense 2.0b5 lan------172.25.125.0/24
-
Have you read the article Accessing modem from inside firewall at http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall? This shows how to configure pfSense so that it has an additional WAN address on the modem's subnet. If pfSense is configured as suggested in the article it removes the need for a route on the modem.
-
Thanks for working with me on this wallabybob! I think I found my answer of why one works and the other does not…
From http://homepage.ntlworld.com/robin.d.h.walker/cmtips/ipaddr.html
The IP address 192.168.100.1 will be present even if no web diagnostics are offered on that address.
The cable modem IP address 192.168.100.1 is not in the same sub-net as the user's PC. So, when trying to send to 192.168.100.1, the user PC's IP stack will normally route the packet to the Default Gateway address at the UBR. Since no routes exist to the private address 192.168.100.1 (and there are multiple instances of this IP address on any one CATV segment), the UBR drops the packet. This would mean that in theory the PC could never talk to the cable modem. However, the Surfboard, the 3Com Tailfin, and the ntl:home 100/120 are capable of sniffing the passing traffic through the transparent bridge to intercept any packets addressed to themselves. This only works when the bridge is open, so the cable modem diagnostics cannot be read when the cable modem is booting up or failing to remain in contact with the UBR.
Obviously the Linksys brand cable modems such as the befcmu10 has this feature… And obviously the Zoom brand DSL modem does not...
-
I think I found my answer of why one works and the other does not…
Thanks for the explanation.
And you can now access your DSL modem?
-
I think I found my answer of why one works and the other does not…
Thanks for the explanation.
And you can now access your DSL modem?
Havent got that far yet…
I have to be on site to play with that system to make sure I dont take it offline inadvertently... Tends to piss everyone off... ;D But the weekend is still young.
-
Have you read the article Accessing modem from inside firewall at http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall?
I cant assign a second interface to the same network port as my static wan port…
-
I cant assign a second interface to the same network port as my static wan port…
So your modem is doing ppp and not pfSense? (called 'half bridge' mode by some.)
