OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Can anyone reach their cable modem through OpnSense?
« previous next »
  • Print
Pages: [1] 2 3 4

Author Topic: Can anyone reach their cable modem through OpnSense?  (Read 27845 times)

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Can anyone reach their cable modem through OpnSense?
« on: March 18, 2019, 05:18:55 pm »
I recently replaced my DOCSIS 3.0 cable model with DOCSIS 3.1 (Arris) modem, and the performance
actually got worse.  I wanted to look at the GUI for the modem and search for errors.  The only way to
do this was by plugging an ethernet cable from my laptop into the second port on the modem, and then
I could reach the modem at 192.168.100.1.  However, it would be better if I could just reach the cable
modem from my LAN.  I found a couple of posts on this for pfsense:

https://docs.netgate.com/pfsense/en/latest/interfaces/accessing-modem-from-inside-firewall.html
https://superuser.com/questions/1243134/how-do-i-reach-the-modem-settings-page-from-inside-firewall

but nothing on the forum, or online for OPNsense.

There are just a few steps, but I get hung up on the earliest one, assuming that something analogous would work for OPNsense. Namely, how to "create a new OPT interface, and assign it to the physical network card that is on WAN" ?  If I go to Interface -> Assignments, I could add a new interface, but it has to be attached to a NIC
different from the WAN.  I can do that, and go edit to try to assign it to the same NIC, but OPNsense complains.
I am guessing that it needs a bridge ?  But I am lost.

Can anyone point me in the right direction? Thanks.
 

Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2195
  • Karma: 98
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #1 on: March 18, 2019, 05:27:15 pm »
Interesting question! I never tried, but have the setup running with a DSL modem. Problem is: there is a PPPoE interface configured with DSL, but not with cabel modem (DHCP), where the physical interface is directly assiged to the WAN interface...   

Have you tried to simply NAT outbound the modems IP to WAN?
« Last Edit: March 18, 2019, 05:29:34 pm by chemlud »
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #2 on: March 18, 2019, 06:12:36 pm »
Yes, I did try that in fact. I just checked again, but I may be making a mistake:
I added a NAT outbound rule with WAN interface.  For protocol, source address,
source port, and destination port, I left as "any".  For Destination Address, I added
192.168.100.0/24 (also tried 192.168.100.1). For translation target, I tried both
"interface address" and the specific web gui address.  I also moved this rule to the
top of the list, to make sure that my VPN rules did not get in the way.
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2195
  • Karma: 98
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #3 on: March 18, 2019, 06:16:39 pm »
... but there is no other 192.168.100.0/xy in your local/remote (VPN) LAN's?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #4 on: March 18, 2019, 06:38:43 pm »
No, the rest of the LAN is on 192.168.1.0
Logged

cguilford

  • Full Member
  • ***
  • Posts: 128
  • Karma: 14
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #5 on: March 18, 2019, 06:48:07 pm »
Yeah I've noticed this as well.  Not sure why but can't seem to access the modem through opnsense.. I've done some tinkering and never made any headway.  It would be nice to have this, but never could figure out without disconnecting opn and connecting a laptop directly to the modem to access the cable modem these days.  I have the an e31u2v1 from Spectrum.
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2195
  • Karma: 98
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #6 on: March 18, 2019, 06:48:40 pm »
"Block private networks" on WAN? The modems IP is allowed on LAN firewall rules? Might be that in the setup of the modem the concurrent use of the private address has to be configured?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

cguilford

  • Full Member
  • ***
  • Posts: 128
  • Karma: 14
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #7 on: March 18, 2019, 06:52:12 pm »
I think the problem is the Modem is set to ONLY allow connections from a 192.168.100.x ip (as you have to hardcode a 192.168.100.x IP to the Laptop/device connecting to the modem) and since opnsense at least not that I can see allows us to create another "virtual" interface and assign it to the wan with a 192.168.100.x ip for routing it doesn't allow us to connect.
Logged

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #8 on: March 18, 2019, 07:10:50 pm »
Neither can I see a way to create a virtual interface in OPNsense.
However, I don't believe that the first part is correct.  I recall being
able to connect to the cable modem when there was only my
router between it and the LAN, which is on 192.168.1.0. Also, the
instructions online for this modem say that should be the case.

There is an interesting comment on the pfsense page that would seem
to apply here too:

Quote
Some DSL or cable modems have web interfaces on private IP addresses. Since these sit outside the firewall and don’t have a public IP, accessing them isn’t as straight forward as it might seem. The firewall is typically assigned a public IP, and sends all outbound traffic upstream to the ISP. The ISP won’t route the private subnet back to the modem, leaving it unreachable. This page describes the work around needed to access the management interface on the modem from the inside of the network.

Note: The modem’s management IP must be on a different IP subnet than the internal network. If it is not, attempts to connect to it will never go to the firewall to be routed out to the modem, as hosts on the internal network would try to connect to it on the local network and fail.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1749
  • Karma: 176
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #9 on: March 18, 2019, 08:56:25 pm »
What about running Squid on OPNsense? That would set the source IP for the traffic to the firewall 192.168.100.x address.

Bart...
Logged

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #10 on: March 18, 2019, 10:29:40 pm »
Don't know much about squid.  Do you mean under Services->Web Proxy ?
I have used that only for blacklists.  How would you set that up? 
Logged

RickNY

  • Jr. Member
  • **
  • Posts: 60
  • Karma: 8
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #11 on: March 18, 2019, 10:58:11 pm »

Ive always been able to access my modem's 192.168.100.1 address from the LAN through my OPNSense box.. These have included Arris TM802, Arris TM1602, Motorola SB6183, and now Netgear CM600.. The "block private networks" thing I believe only blocks incoming connections from source addresses that are RFC1918 on the WAN interface.

I do have a default IPv4 LAN outgoing rule that allows anything from "LAN Net" to go to ANY..  Have you tried adding in a LAN rule that allows anything from "LAN Net" to go to 192.168.100.1 if you dont already have an allow all outgoing rule?
Logged

jds

  • Full Member
  • ***
  • Posts: 105
  • Karma: 1
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #12 on: March 18, 2019, 11:23:46 pm »
I do have a LAN interface rule that allows anything from LAN Net to go to ANY, but do not have any similar
NAT outbound rules.  Probably more relevant, I send everything out through a VPN. So, I added a rule to
the OpenVPNClient interface that allows any source to go to 192.168.100.1 on any port, and moved this rule
to the top.  But it still gave no access to the modem.
Logged

Charles2019

  • Newbie
  • *
  • Posts: 15
  • Karma: 2
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #13 on: March 19, 2019, 01:33:31 am »
Yes I'm able to reach my cable modem through OPNSense.
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2195
  • Karma: 98
    • View Profile
Re: Can anyone reach their cable modem through OpnSense?
« Reply #14 on: March 19, 2019, 09:04:37 am »
Quote from: Charles2019 on March 19, 2019, 01:33:31 am
Yes I'm able to reach my cable modem through OPNSense.

How? :-D

PS: OK, I added an outbound NAT rule for the network my cable modem is running its web interface on, inserted the IP in the browser and was there. As I suggested in the beginning. ;-)
« Last Edit: March 19, 2019, 09:16:15 am by chemlud »
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

  • Print
Pages: [1] 2 3 4
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Can anyone reach their cable modem through OpnSense?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2