SOLVED — How to Access LTE modem in bridge mode from LAN

Started by spokez, March 19, 2021, 06:28:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2021, 06:28:32 PM Last Edit: March 20, 2021, 09:12:27 AM by spokez
Setup

                   WLink G510                            opnSense v20.7
Internet ---- LTE Modem in Bridge mode ----- WAN (igb0) 100.x.x.x ------LAN with vlans
                         Internal IP 192.168.3.1               Alias IP 192.168.3.10



Problem description
How do I setup opnSense so I can access the LTE modem using the internal IP 192.168.3.1?
I have assigned a "Alias IP" (192.168.3.10) on the WAN (igb0) interface.

Previsously I was using an Edgerouter Lite and there I just added another IP (192.168.3.10) on the interface eth0 and evertything worked smooth.
March 19, 2021, 07:17:21 PM #1
Make sure the prefix length of the IP Alias is configured correctly (/28 or less).
If it still doesn't work, you might need an additional outbound NAT rule. Depends on the modem.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
March 19, 2021, 11:56:14 PM #2
Thanks for you reply Maurice!

The strange thing is that I have created a outbound NAT on WAN interface with source *any and destination the LTE Modem defined as an alias. Still no connection to the web UI of the LTE modem.

../Mats
March 20, 2021, 12:35:41 AM #3
Did you set the translation target to 192.168.3.10? Can you ping 192.168.3.1 from OPNsense itself?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
March 20, 2021, 09:10:58 AM #4
Yes! This is now solved by changing the translation target. It was set to "Interface" and not 192.168.3.10().

Many thanks for your help Maurice!
December 02, 2021, 01:19:36 AM #5 Last Edit: December 02, 2021, 01:21:15 AM by alexdelprete
Quote from: Maurice on March 20, 2021, 12:35:41 AM
Did you set the translation target to 192.168.3.10? Can you ping 192.168.3.1 from OPNsense itself?

With the old modem, I only had a simple NAT Outbound rule to its eth interface in order to access it.

I recently switched to FTTH with an ONT in pure bridge mode, the ONT has also a mgmt IP (192.168.100.1) to read line statistics. The WAN interface is a PPPoE over VLAN 835.

With this ONT, I had to create a new interface, and configured an IP of its subnet (192.168.1.250/24). I could ping the ONT via diagnostics ping of OPNsense.

I then created the usual NAT Outbound rule, tried to ping from my PC on the LAN, but it wasn't working.

Checking logs, first weird thing was that I noticed traffic to the ONT_FTTH interface went through WAN...and it is weird because I have blocked private IPs on WAN_FTTH. Basically, the last rule of LAN filters was being triggered.

In the end I had to add a filter rule on the LAN interface for ONT_FTTH destination traffic, before the last one, to access the ONT_FTTH interface. Without this, since destination is not LAN, traffic goes to WAN.

I don't know if this is ok or not...if it is ok, I don't understand how could it have worked with the old modem.

Any hint is more than welcome...:)
Print
Go Up Pages1
User actions