Access Modem admin interface connected to WAN from Lan devices?

Follow

INTREX

• July 05, 2023 17:18

I have a modem that is setup as my WAN connection.  Everything on my network works fine but I want to be able to connect to my modems admin interface from devices on my lan.  My local network is 192.168.2.1/24 and my modem is 192.168.100.1.  I manually configured my ethernet card to be on the 192.168.100.0 and 192.168.2.0 networks.  I can connect to the modem if I directly connect it to my computer but I can't connect to it when it is connected to the firewalla.  

0

• 

  David Rothenberger

  • July 05, 2023 18:03

  I am able to access my Netgear Nighthawk's (modem) interface on 192.168.100.1.

  In Network / NAT Settings / Source NAT, I have added 10.249.100.1/24. I believe that is what made it work.

  0

  Comment actions Permalink
• 

  INTREX

  • July 05, 2023 20:57

  Thanks David, 

  That worked perfectly. 

  0

  Comment actions Permalink
• 

  Support Team

  • July 07, 2023 06:15

  @David, @INTREX

  Can you help elaborate more on what config change you made to make it work?

  To my understanding, this change should not work...

  @David, for 10.249.100.1/24, do you mean 192.168.100.1/24?

  0

  Comment actions Permalink
• 

  INTREX

  • July 07, 2023 14:58

  For my network, I added a new source network of 192.168.100.1/24.  This allowed me to talk to devices on the 192.168.100 network which is the network my Modem is on.  

  0

  Comment actions Permalink
• 

  David Rothenberger

  • July 07, 2023 15:12

  Yes, I meant 192.168.100.1/24 for the source NAT rule.

  0

  Comment actions Permalink
• 

  TeWe

  • March 23, 2024 23:05

  I've tried exactly the same, my modem is 192.168.100.1/24 and I added a Source NAT network with 192.168.100.1/24.
  My Firewalla is 192.168.0.1/24 (LAN).
  But access from LAN devices to my modem's admin interface at 192.168.100.1 doesn't work.
  No ping, no web access.

  Which part is missing here?

  I've tried to play around with static routes - no luck

  Any ideas?

  0

  Comment actions Permalink
• 

  David Rothenberger

  • March 25, 2024 18:13

  I believe for me, there are two settings that allow this to work:

  • Source NAT rule for 192.168.100.1/24
  • Policy-based Routing rule for 192.168.100.1/24 through the WAN connection

  Hope that helps.

  0

  Comment actions Permalink
• 

  TeWe

  • March 25, 2024 21:11
  • Edited

  Thanks David.
  Tried this all, multiple times, no luck.
  No ping, no webgui.

  What I‘ve tried next (and now it’s getting weird):
  I connected another LAN cable from my FWG SE port 3 to the modem, created an additional network on FWG with 192.168.100.254/24 on port 3.
  Guess what - ping from FWG itself (SSH) to 192.168.100.1 is fine but out of FWG‘s LAN not. Ehhh whaaat?
  This way, Source NAT is automatically there, static route not required.
  But ping working from FWG only and not out of its LAN?

  Again - am I missing something trying option 2?

  I have a vague feeling it is the modem itself…
  It is a DrayTek Vigor 167 VDSL modem in bridge mode, FWG port 4 running on a PPPoE connection.
  The modem has no DHCP option on its LAN side, so I assign 192.168.100.1/24 manually. There‘s an optional DNS server field (not required here) and NO default gateway field - where I think the problem might lie as the modem cannot know the route back to FWG and hence cannot reply to a ping.
  I came across this because I took a Windows laptop, assigned 192.168.100.1/24 manually to the ethernet adapter (with DNS and default GW to 192.168.100.254), disabled Windows firewall and baaammm - I can ping that box from FWG itself AND from its LAN.

  Is there a way to masquerade the traffic between FWG and the modem so that it knows where to return the data packets?

  Thanks!

  0

  Comment actions Permalink

Please sign in to leave a comment.