Access modem from inside the firewall



  • Hello everyone,

    I am new to pfSense and just got 2.0.2 installed yesterday. I tried to follow this guide: http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall to access my modem from inside of the firewall. I can ping the modem ip (192.168.2.1) on the pfSense box (use SSH shell) or choose the interface (modemaccess) created via webgui. However I can't ping it if choose LAN interface. Also I can not ping or access the modem from any other machines within the LAN.

    My lAN  is 192.168.15.0/24 and modem ip is 192.168.2.1/24.

    I can't figure out which part was wrong. Probably something with NAT?

    Please help.

    Thanks,


  • LAYER 8 Global Moderator

    So your modem is 192.168.2.1, but your pfsense wan gets a public IP??  Or does your pfsense wan get a 192.168.2.x address and your behind a double nat?



  • I believe it is double NAT because the great Bell Canada. They only have one modem for VDSL (25M/10M) and it has been discussed at dslreport for quite some time. It only allow PPOE pass through at this moment.

    So the modem has a static ip 192.168.2.1. pfSense PPOE will get a public IP. And also the modem will get another public IP. Regardless, the internet works fine for now. Speed is ok. I normally get the same speed either use that modem as router/modem or use pfSense as router. It is just that the model will stop responding after  a couple hours of 80% load.  pfSense works great so far.



  • Can anyone help? I am trying second time to explain my situation. My LAN is 192.168.15.0/24. Modem has IP 192.168.2.1. It has 4 port LAN so if I take a laptop, set the IP to 192.168.2.5 and connect to the modem then I can access the web gui of the modem.
    I followed the doc for the setup on pfSense. I can ping 192.168.2.1 is using SSH console. I can ping 192.168.2.1 if I choose the interface I created for modem access using pfSense web gui. I can NOT ping 192.168.2.1 if I choose LAN interface. I can NOT ping 192.168.2.1 or access the web gui of the modem use any computer connected inside the firewall.
    I suspect I missed something for the firewall rules but can figure out which it is.
    Please help.
    Thanks,



  • http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

    You did the instructions under 2.0 right?

    I did this for both my modems which are an MLPPP set.

    OPT2  172.25.125.0/24 * 10.0.0.0/25 * * * NO

    OPT3  172.25.125.0/24 * 192.168.1.0/25 * * * NO

    You have a rule that allows your LAN to all - or have a rule that will allow LAN to your modem?



  • Yes, I followed 2.0 instructions. Here is the rule under NAT outbound:

    MODEMACCESS    192.168.15.0/24  *  192.168.2.0/24  *  *  *  NO

    I can ping 192.168.2.1 under web gui if I choose MODEMACCESS but can NOT if I choose LAN. I do have a rule to allow LAN to all.

    *  LAN net  *  *  *  *  none    Default allow LAN to any rule

    Any suggestions?



  • Can you post the settings of your opt interface?



  • @chpalmer:

    Can you post the settings of your opt interface?

    Here is the interface configuration. There is no firewall rules under that interface tab.



Log in to reply