By default, outbound traffic to external resources is routed through the WAN interface. In some scenarios, modems feature a distinct self-managed LAN network for management (e.g. 192.168.2.1/24 with the modem itself at 192.168.2.1) which is only reachable from that specific subnet. Accessing the admin page might pose challenges when the modem is set to bridge mode. A workaround is to create another WAN network on your Firewalla for the network.
- Short-term Solution: Change WAN as Static IP in the Modem Network
-
Long-term Solutions:
[Single WAN Only] Create Another WAN Network for Modem Management
For Advanced Users: add a static IP on WAN via ssh
Short-term Solution: Change WAN as Static IP in the Modem Network
If you don't access the modem page often, a workaround is to change the WAN network to the modem management network. When you get all the information you need, change the WAN network back to its original form.
Step 1: Make a snapshot of the current WAN network configuration
Step 2: Change WAN to static IP in modem network. Find How to Change WAN to static IP in Modem Network
Step 3: When you don't need to access the modem, change the WAN network back. Make sure BlueTooth is on during this step. How to change network configuration when the internet connectivity is lost? (Gold/Purple)
Pros
- No physical connect changes are required
- Works without limitation
Cons
- Internet access will be suspended until the change is revoked
How to Change WAN to static IP in Modem Network
For example: To create a WAN network on port 4, click 'Create Network' -> Tap 'WAN connection' -> choose 'Static IP'.
IP address: 192.168.2.2 # Set a different IP
Subnet Mask: 255.255.255.0
Connectivity Test: off
[Single WAN Only] Create Another WAN Network for Modem Management
If the primary WAN network is a VLAN:
You can add another WAN network on the same port (say port 4) for the modem network.
[Gold series only] If the primary WAN network is NOT a VLAN:
You can add another physical connection (say another modem LAN port) to another Firewalla port (say port 3), and create another WAN network on that port.
For more information, please see: How to Change WAN to static IP in Modem Network
For Advanced Users
If you are familiar with Linux, another option is via ssh. Follow this guide to ssh from your local network. How to access Firewalla using SSH?
Step 1: Find which physical interface the modem connects to (for example: eth0)
For the Gold series:
Port 4 => eth0
Port 3 => eth1
Port 2 => eth2
Port 1 => eth3
For the Purple series:
WAN port => eth0
LAN port => eth1
Step 2: Add a route on that port
sudo ip a add 192.168.2.2/24 dev eth0
sudo ip r add 192.168.2.0/24 dev eth0 table static
sudo iptables -w -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || sudo iptables -w -t nat -I POSTROUTING -o eth0 -j MASQUERADE
Step 3: Add NAT
Try this on your local device. If it works, add a cron job to make it persist. For more information, please see: Customized Scripting
pi@Firewalla:~/firewalla (Firewalla) $ cat ~/.firewalla/config/user_crontab
*/1 * * * * ( sudo ip a add 192.168.2.2/24 dev eth0 2>/dev/null; sudo ip r add 192.168.2.0/24 dev eth0 table static; sudo iptables -w -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || sudo iptables -w -t nat -I POSTROUTING -o eth0 -j MASQUERADE
)
Comments
0 comments
Please sign in to leave a comment.