OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: cardins2u on January 15, 2018, 10:16:24 pm

Title: <Solved> Comcast Business
Post by: cardins2u on January 15, 2018, 10:16:24 pm
Hi There!

I'm trying to accessing - if set static ip address from Comcast Block. Internet works and everything but then we cannot access modem GUI admin. If set to dhcp then we can access it.

1. If I set Static IP on wan port then I cannot access (Comcast Modem IP). Is there anyway we can allow this. If I use DHCP then I can access the behind the OPNSense.

Title: Re: Comcast Business
Post by: opnfwb on January 16, 2018, 06:05:08 am
Try unchecking the "Block Private Networks" option on the WAN side and see if this helps?
Title: Re: Comcast Business
Post by: cardins2u on January 16, 2018, 07:07:35 am
unchecked it and that didnt help. =(

Access modem from behind opnsense firewall doesn't work.

I follow a tutorial on pfsense but that didn't work.
Title: Re: <Solved> Comcast Business
Post by: cardins2u on January 16, 2018, 07:43:45 am

this solved the issue

Go to Interfaces > (new OPT interface), and Enable the interface. Give it an IP address in the same subnet as the modem, such as Do not set a gateway. Rename the interface to ModemAccess or a similar useful name.

Configure NAT
Now NAT needs to be configured to translate traffic destined to the modem to the new interface. This is necessary so the modem sees the traffic sourced from an IP on its local subnet. Without this NAT, it would be necessary to configure a route on the modem so it knows how to reach the internal subnet. With some modems this isn't possible, and in most cases it's easier to NAT the traffic so routing isn't a concern. To add the NAT, browse to Firewall > NAT, and click the Outbound tab. Switch to Manual Outbound NAT and click Save. A rule for LAN to WAN is automatically added.

Click "+" to add a new Outbound NAT rule. For Interface, specify ModemAccess. For Source, specify Network, with the LAN subnet entered. The Destination is the IP subnet of the modem. In the Translation box, select Interface Address.

Then click Save and Apply changes.

It should now be possible to access the modem from LAN.