Please help - Connecting to router ui
-
Hi, I am unable to access the web-ui to my cisco wifi router when I have it connected to my pfsense server.
I physically connected the router to my computer to enter its web-ui and disable DHCP, put the router in 'router mode' the other option was 'gateway'. And set up the wifi.
Default IP for the router is 192.168.1.1 /24
pfsense LAN IP is 10.0.0.1 /24I then connected the wifi router to 'LAN' interface on the pfsense server and my computer to the 4-port switch on the back of the wifi router.
Everything works great including the wifi but I have no way of accessing the router web gui when I enter 192.168.1.1. I fear I would have the same issue if I upgrade and buy a managed switch and separate wifi AP…
Maybe I'm unable to access it because the router is a layer 3 device ??! =\ -
"Block private networks" in WAN interface settings has to be unchecked. Have you done this?
-
Thanks for the tip! I had it blocked… but it still won't let me connect!
-
On the face of it everything looks fine from what you describe. However, you don't mention the external IP address of your PFS or the routing information. Perhaps you could post a a diagram of your setup, complete with all IP addresses and any DNS and DHCP information.
Assuming this all looks ok, then my only other thought is that you may have a security setting on the Cisco which is preventing access from your LAN/wifi network. Start by posting your network diagram.
-
Maybe this link will help and depending on how you have your wan interface connecting to the internet, I would re-enable BOGONS again if net access worked before you disabled it.
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
-
Thanks! I'm not sure how to make a nice diagram so I hope a picture will suffice.
-
Maybe this link will help and depending on how you have your wan interface connecting to the internet, I would re-enable BOGONS again if net access worked before you disabled it.
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
Thanks! I found this post originally when I trying to solve the problem but my WAN is set up DHCP and not PPPOE.
-
What happens if you had DHCP running on the cisco, and you set up an interface on pfsense with dhcp in the ipv4 configuration, so the cisco assigns an ip address to the pfsense interface instead, kind of link the reverse of what you have? Can you get onto it then?
One other trick you could do if you are intending to use the cisco as just a wifi access point, and it depends on how well written the cisco software is, is to give the cisco an ip address from a range lets say 192.168.10.1/24 not used in pfsense and then plug in the pfsense interface using say 192.168.2.0 with dhcp running on this interface, into one of the cisco ports and then your wifi devices should then get an address from the 192.168.2.0 network controlled by pfsense. Then the instructions in the link might work.
A couple of work arounds that might get you somewhere.
-
Something I just noticed.
Modem Gui Access = 192.168.1.254
Cisco Router Gui Access = 192.168.1.1
I am unable to remotely access both of them!
-
If your modem (192.168.1.254) is in modem only mode using ppoe on the wan interface, then you might have a routing issue depending on how the rest of pfsense is setup.
Have you tried the reverse setup where you have the pfsense interface assigned an ip address by the cisco router?
From a factory reset point of view with the cisco, it might be easier and quicker to get back up and running this way, especially if you plan to use the cisco router as a switch as well. The downside with this approach is you may find your pfsense gui ip address changes if you dont give the pfsense a fixed ip in the cisco router.A network diag would be useful because in your screen shot, you only show a Lan, vpn and roku interface so I'm guessing you might have the cisco plugged into the lan which is on a different ip address range.
-
If your modem (192.168.1.254) is in modem only mode using ppoe on the wan interface, then you might have a routing issue depending on how the rest of pfsense is setup.
Have you tried the reverse setup where you have the pfsense interface assigned an ip address by the cisco router?
From a factory reset point of view with the cisco, it might be easier and quicker to get back up and running this way, especially if you plan to use the cisco router as a switch as well. The downside with this approach is you may find your pfsense gui ip address changes if you dont give the pfsense a fixed ip in the cisco router.A network diag would be useful because in your screen shot, you only show a Lan, vpn and roku interface so I'm guessing you might have the cisco plugged into the lan which is on a different ip address range.
This is a new pfsense install.. 3 days old. When I tried putting the WAN (192.168.1.254) in pppoe mode in the interface I was unable to connect to the modem.
I removed the cisco router completely.
Now it is only Modem - pfsense server - PC … I still not access to modem (192.168.1.254)I'm completely baffled!
Out of curiosity I hooked up my PC directly the modem to make sure it worked and took a screenshot.
Maybe NAT needs to be disabled ? or Upnp ? -
Do your LAN rules allow access to 192.168.1.254?
How is your Outbound NAT set up? Firewall: NAT: Outbound
There must be a rule for WAN interface, translating any from source = LAN network (10.0.0.1 /24) to interface address. -
I believe that they do. I just added the rule you mentioned and took a bunch of screenshots of my configuration.
-
No, the rule for LAN subnet is missed in outbound NAT. You've just some for 10.0.0.0, which you haven't mentioned as one of your networks. Maybe this was your LAN subnet at first, but you've changed it by now.
-
I don't believe this is a NAT issue. I disabled NAT completely and am still unable to reach the modem or router user interfaces.
-
If you disable NAT you need static routes right in place to direct the traffic correctly.
However, since you haven't disabled it now, the source address of packets leaving pfSense WAN interface is translated to 10.0.0.0. This packets might reach your modem, but it will response to 10.0.0.0, which will be sent to its default gateway, the www, I assume. So response never come back to the PC who requested it. -
Out of curiosity I hooked up my PC directly the modem to make sure
If this is a real router and not running in the so called "bridged mode" you were build
up a so called triple NAT structure that will never allow you to do what you want.If the "modem" is a pure modem or a router set up to the bridged mode that will acting then
as a pure modem you would be really able to do so and connect to the Cisco Router for sure.Router with modem:
- please set to the bridge mode
- disable DHCP and WiFi
Cisco router:
- SPI & NAT on
- WAN IP from the ISP through the modem
- 192.168.1.0/24 (255.255.255.0)
- IP address 192.168.1.1/24
- DHCP off
- DNS provider or 8.8.8.8
pfSense box
-
WAN IP address static 192.168.1.254/24
-
Gateway: 172.16.0.1/24
-
DNS 1: 192.168.1.1/24
-
DNS 2: empty
-
DHCP: off
-
LAN IP 172.xx.xx.
-
Gateway 172.16.0.1/24
-
DNS 1: 172.16.0.1/24
-
DNS 2: 192.168.1.1/24
-
DHCP: on if wanted
This might be running well after rebooting all the devices for flushing the cache.
-
I suspect there is a problem with the cisco router.
1 - I connect the router directly to my PC to edit the settings like 'router mode' 'dhcp off' 'wifi password'.
2 - I then connect it to the pfsense server and I try to connect to it but am never able to do so.
3 - I remove the router from the pfsense server and try connecting directly to my PC again and am unable to do so. Even after unplugging for 1 minute+ and restarting my computer. I have to reset the router with a needle in the back and then all the settings are erased and I can connect again.