I'm trying to understand some things about my configuration that do not seem to make sense to me. I have a cable modem connected to my port configured for my WAN interface. The manual for the cable modem seems to indicate that the default DHCP configuration is for range 192.168.100.0. Wouldn't that mean the IP address shown for my WAN interface should be in that range? Instead it's showing a 97.x.x.x IP which looks more like its possibly the external IP of the modem. Is that normal/expected?
Ultimately, I'm trying to figure out what exactly I need to do in order to access my modem web interface through the OPNSense firewall. My internal LAN is configured for 192.168.1.0. I have a firewall rule that allows this LAN to communicate with any other LAN. I have no VLAN or interface configured for a 192.168.100.0 network, but I can ping 192.168.100.1, which is supposed to be the default IP address of the modems web interface. But putting that IP in the browser never loads anything.
Do I need to create a network for that IP range first? I keep playing around with different firewall rules and can't seem to figure this out. Any help would be greatly appreciated.
Thanks
Edit: Additional Info
nmap -Pn 192.168.100.1
Starting Nmap 7.80 ( https://nmap.org ) at 2022-06-17 07:17 EDT
Nmap scan report for 192.168.100.1
Host is up (0.031s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
Now I'm thinking I've been thinking about this backwards. I've been trying to set rules on the LAN side, do I need to set a rule on the WAN side instead?
I tried disabling the block private networks option for the WAN interface to disable that firewall rule, that didn't appear to change anything.
It is normal. It means your cable modem is able to directly connect devices to the internet and quite possibly has no NAT, firewall or DHCP
Opnsenses WAN port by default blocks Block private networks and should have public IP address.
You just need to assign one of the ports on opnsense for LAN (you should have at least 2, 1 for WAN and 1 for LAN), setup DHCP under services ---> DHCP IvP4 and that should be it.
Then you can connect a switch or your computer to that port and you have internet (as long as there is "Allow LAN to any default rule" in Firewall ---> Rules ---> LAN ( see picture)
If there is something that would possibly make things not work, it's routing. But most times you don't have to touch them when creating networks on physical ports.
This is why I am so confused. Everything I can find seems to say I shouldn't need to do anything special and it should just work and be accessible, but it's not.
I have the WAN and LAN interfaces and the Allow to Any rule on the LAN side. I've had this setup and running for quite a while now. I have no issues with access to internet or devices. I use DHCP and Unbound on the OPNSense router.
Like I mentioned, I can ping the 192.168.100.1 address, nmap shows that it's up and running on ports 80 and 443 when I use the -Pn switches. But it will not load the web page in the browser.
What do you mean about the routing comment? I haven't configured any special kind of routing that I'm aware of.
That's what I meant with routing.
It is possible that there is a conflict with cable modems DHCP or if you bought the modem and it has opnsense installed on it, then plug cables to different ports (mine firewall which I bought from Decisco had WAN on port 0 and LAN on port 1).
You can also try if changing the LAN IP and DHCP pool works. First setup your computers IP to 192.168.1.2, then go to opnsense webgui, go to services ---> DHCPV4 and uncheck the enabled box.
Then go to interfaces ---> LAN and under static Static IPv4 configuration, type 192.168.2.1 and check that box next to it shows 24. Then save changes. You should be blocked from Opnsense now.
Or if your modem supports it, disable firewall, NAT and DHCP on it (setting it to bridge or AP mode does that)
After that change your computers IP to 192.168.2.2 subnet to 255.255.255.0, gateway to 192.168.2.1 and primary dns server to 192.168.2.1, go to DHCPV4 and enable it, under pool section, slect range from 192.168.2.2 to 192.168.2.253 and save changes.
Next you can enable DHCP on your computer and see if you get an IP between 192.168.2.2 and 192.168.2.253 with subnet 255.255.255.0.
If internet doesn't work, you need to create a route from opnsense to your modem and from modem to your opnsense.
Basically there's a conflict. Your modem is confused with Opnsense or blocking traffic coming from it.
If your modem has bridge or AP mode, that could fix the issue as well
Well my OPNSense LAN is configured for 192.168.1.0, and according to the manual for the Spectrum Charter cable modem it should be configured for 192.168.100.1. And I can ping 192.168.100.1 and only that IP and nmap tells me that only 80 and 443 are open on that address, so I feel confident that the modem DHCP should be configured for that IP range. So I don't know that going through and changing my LAN IP Pool will change anything there.
I guess I'll try plugging a laptop directly into the modem, see if there appears to be any settings I can actually change there or not. I don't think Spectrum issued modems typically give you a lot of settings to tinker with. But maybe there's something there that will help me.
Take the 's' out of https when you try to connect to the modem.
Once you type the address, it will automatically make it https. If you then click the address bar, you can edit it and take the s out
Also if your modem connects to internet using Ethernet cable, then you can just replace your modem with Opnsense. Only reason why you would have to connect opnsense to a modem, is because modem has right WAN port which is other than ethernet.
It doesn't matter if it's fiber or CAT 5,6 or 7, as long as internet is coming via Ethernet, you don't need cable modem
Quote from: Vilhonator on June 18, 2022, 06:06:46 AM
Also if your modem connects to internet using Ethernet cable, then you can just replace your modem with Opnsense. Only reason why you would have to connect opnsense to a modem, is because modem has right WAN port which is other than ethernet.
It doesn't matter if it's fiber or CAT 5,6 or 7, as long as internet is coming via Ethernet, you don't need cable modem
No modem will connect to the internet with an ethernet cable. That is the direct opposite of a "modem".
If the internet is connected through fiber or a cat cable, it's using a router, not a modem.
My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.
Quote from: Vilhonator on June 18, 2022, 01:33:16 PM
My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.
Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.
Quote from: Demusman on June 18, 2022, 01:49:18 PM
Quote from: Vilhonator on June 18, 2022, 01:33:16 PM
My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.
Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.
https://genexis.eu/content/uploads/2020/10/Pure-Ethernet-DSL-Series-Datasheet-V2.4-EN.pdf
Dual Band WiFi ADSL2+/VDSL2 -modem last time I checked, though not the one my parents have
Quote from: Vilhonator on June 18, 2022, 02:03:14 PM
Quote from: Demusman on June 18, 2022, 01:49:18 PM
Quote from: Vilhonator on June 18, 2022, 01:33:16 PM
My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.
Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.
https://genexis.eu/content/uploads/2020/10/Pure-Ethernet-DSL-Series-Datasheet-V2.4-EN.pdf
Dual Band WiFi ADSL2+/VDSL2 -modem last time I checked, though not the one my parents have
So now you're making my point for me?
Again, there will never be a modem needed for an ethernet connection. That's a DSL modem, it can either take a DSL line or an ethernet line in. If it's an ethernet in, it doesn't use the modem.
Why would you need to MOdulate/DEModulate an ethernet connection??? Get it, mo-dem
Quote from: Demusman on June 18, 2022, 02:29:04 PM
Quote from: Vilhonator on June 18, 2022, 02:03:14 PM
Quote from: Demusman on June 18, 2022, 01:49:18 PM
Quote from: Vilhonator on June 18, 2022, 01:33:16 PM
My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.
Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.
https://genexis.eu/content/uploads/2020/10/Pure-Ethernet-DSL-Series-Datasheet-V2.4-EN.pdf
Dual Band WiFi ADSL2+/VDSL2 -modem last time I checked, though not the one my parents have
So now you're making my point for me?
Again, there will never be a modem needed for an ethernet connection. That's a DSL modem, it can either take a DSL line or an ethernet line in. If it's an ethernet in, it doesn't use the modem.
Why would you need to MOdulate/DEModulate an ethernet connection??? Get it, mo-dem
Oh my bad. Yea you are right, it is DSL modem, got confused with the word modem since where I live (Finland) cable modems are pretty much extinct.