Connectivity to ISP Router/Modem

[Ed V.]

Previously working in v25.* series OpnSense.

Internal LAN is 192.168.144.0/24
The ISP modem is connected to the WAN port (bridge mode) and is hard-coded to use 192.168.100.1 for it's WebUI, allowing connection only from the 192.168.100.0/24 network.

In the v25 releases I had a NAT "Outbound" rule that masked any traffic from the LAN destined for the ISP Modem to use 192.168.100.100 (any source /destination ports).

That NAT stopped working when I upgraded to v26, but I recalled that when I went from v24 to v25 the same thing happened and it required deleting and rebuilding the NAT rule.

So I rebuilt again, with no luck.

I also tried a "Source NAT" rule - again, no dice.

I cannot reach the ISP Modem WebUI (though oddly, it is ICMP pingable...), even though in the logs it _looks_ like the NAT is applying and traffic is passing:

Code Select Expand

$ ping -c 5 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=63 time=1.451 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=63 time=1.921 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=63 time=2.084 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=63 time=1.313 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=63 time=1.402 ms

--- 192.168.100.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.313/1.634/2.084/0.308 ms

$ nc -zv 192.168.100.1 80
nc: connect to 192.168.100.1 port 80 (tcp) failed: Operation timed out

WAN Out 2026-02-06T12:12:14-06:00 TCP 192.168.100.100:38311 192.168.100.1:80 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:12:14-06:00 TCP 192.168.144.17:35649 192.168.100.1:80 nat nat rule
WAN Out 2026-02-06T12:12:06-06:00 ICMP 192.168.100.100 192.168.100.1 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:12:06-06:00 ICMP 192.168.144.17 192.168.100.1 nat nat rule
WAN Out 2026-02-06T12:11:51-06:00 TCP 192.168.100.100:64757 192.168.100.1:80 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:11:51-06:00 TCP 192.168.144.17:24923 192.168.100.1:80 nat nat rule
Any suggestions on what to try next?  Did I miss something in the new v26 NAT documentation?

[nero355]

Have a look at this topic for additional help : https://forum.opnsense.org/index.php?topic=50678.0 :)

[Ed V.]

Thank you for that link "ONT" is a new TLA for me, so my searching wouldn't have found it...

New update, new rules - I'm up and running.

[meyergru]

Thank you for that link "ONT" is a new TLA for me, so my searching wouldn't have found it...

Hence the title says "ONT or modem" ;-)

[nero355]

Thank you for that link "ONT" is a new TLA for me, so my searching wouldn't have found it...

All Fiber connections use some kind of GPON or XGS-PON ONT if the ISP does not give out some kind of "All-in-One device" with Router/Switch/WiFi and GPON/XGS-PON connectivity all integrated into the same device ;)

The only exception are the "old Fiber connections" called AON where you can simply put the SFP/SFP+ cable of the ISP into your own Switch or Router and configure everything the way you want.

New update, new rules - I'm up and running.

NICE! :)

Hence the title says "ONT or modem" ;-)

Maybe change the title so it mentions also the words :
- Cable and xDSL modems
- Glasfiber/Fiber

??