Access modem (Zyxel FWA710) behind firewall

Started by meganie, August 18, 2024, 07:07:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2024, 07:07:03 PM
Hello,
I have a Multi WAN setup with a DSL connection and a Zyxel FWA710 5G Router.
I would like to be able to reach the GUI of the 5G router from my LAN. The Router is in IP Passthrough mode so I see the public IP in OPNsense.
I've read some other forum posts about this topic and added an outbound NAT rule + disabled the "Block private networks" option on WAN_5G without success.
Maybe you can point me in the right direction. I've included screenshots of the interfaces, my outbound NAT rules and the Zyxel router.
August 18, 2024, 07:27:15 PM #1
Cannot see anything meaningful / useful, on the outbound NAT screenshots. Maybe this forum sucks with picture attachments.
August 18, 2024, 07:30:24 PM #2
Quote from: doktornotor on August 18, 2024, 07:27:15 PM
Cannot see anything meaningful / useful, on the outbound NAT screenshots. Maybe this forum sucks with picture attachments.
If you click on them they will zoom to full size.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 18, 2024, 07:33:39 PM #3
Quote from: Patrick M. Hausen on August 18, 2024, 07:30:24 PM
Quote from: doktornotor on August 18, 2024, 07:27:15 PM
Cannot see anything meaningful / useful, on the outbound NAT screenshots. Maybe this forum sucks with picture attachments.
If you click on them they will zoom to full size.

The last one does. With some scrollbar  ::). The outbound NAT does not. Anyway, downloaded it locally, that doesn't look correct. Destination should be the subnet where the router is, not *.
August 18, 2024, 07:35:25 PM #4
But * should not make a difference. Outbound NAT with an explicit interface set is limited to packets leaving via that interface. Which they supposedly do. I'd use tcpdump to debug this.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 18, 2024, 08:03:46 PM #5
Quote from: doktornotor on August 18, 2024, 07:33:39 PM
Anyway, downloaded it locally, that doesn't look correct. Destination should be the subnet where the router is, not *.

Got that from here: https://forum.opnsense.org/index.php?topic=12094.msg55483#msg55483
But changed it now without a difference.

Quote from: Patrick M. Hausen on August 18, 2024, 07:35:25 PM
But * should not make a difference. Outbound NAT with an explicit interface set is limited to packets leaving via that interface. Which they supposedly do. I'd use tcpdump to debug this.

I have a Packet Capture if that helps. I have no experience with tcpdump.

Code Select
ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 12208, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.178.11.65529 > 192.168.1.1.443: Flags [S], cksum 0xf38d (correct), seq 3800393721, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
August 22, 2024, 01:44:00 PM #6
I was able to get this working with a static route to 192.168.1.0/24 via the gateway.
Print
Go Up Pages1
User actions