This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Modem webpage through UTM

I cannot access my cable modem webpage from my network.  Internet access works fine.

My network is set up as follows:

internet -> cable modem -> external NIC -> UTM -> internal NIC -> switch -> LAN

My ISP provider tells me that the IP address for the modem should be 192.168.100.1

The external interface gets an IP from the ISP via DHCP (Type: Ethernet, Dynamic IPv2 checked, Default GW checked).

The internal interface is 192.168.5.1/24.

When trying to access the modem webpage at 192.168.100.1, the Firewall Live Log shows default drops for external IP adresses going to my internet IP address.

I have tried adding in an Additional Address of 192.168.100.1/24 on the external interface, and then when I try and connect the Firewall Live Log shows default drops for my client (192.168.5.50) to 192.168.100.1

The only firewall rule I have in place is Internal Network -> Any -> Any.  I have tried adding in various firewall rules, but the connection still gets blocked.

Anyone have any ideas?

Thanks



This thread was automatically locked due to age.
Parents
  • The issue being the cable modem is not able to intercept an IP address that way. You need to create a secondary interface on the external NIC using the address range of your modem.

    You will then need a rule for that interface and a NAT rule as well. The rule will need to be top of the list and very explicit so that you don't try and send other traffic to that destination.

    Forgot, if you are using the webproxy you will need a site bypass addition for that destination address.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Ian

    Thanks for your response.

    Unless I am doing something wrong, you can't add another interface on the external nic - you get an error "Interface type requires exclusive access to the network interface".  I thought the way was to set up an Additional Address as per my OP?

    Aanway, I have tried again with a Firewall rule of: Any -> Any -> External Wan modem (i.e. the Additional Address of 192.168.100.1), but it is still blocked.

    Also I am not sure on what you mean for the NAT rule.  I know some cable modems restrict access to devices on the same subnet, but I dont think that is what is going on here due to the firewall logs.  In any case adding a SNAT rule of: Internal (network) -> Any -> External (Wan) [Modem] (address) with Source translation to 192.168.100.2 doesn't make any difference.


    Web filtering and Intrusion prevention are off.

    Thanks

  • Hi,

    Interface is probably the wrong word, you can a second address to the external interface.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian

    Yes, and I believe it it is done via : Interfaces & Routing > Interfaces > Additional Addresses.

    So I have already tried this as per this:

    "I have tried adding in an Additional Address of 192.168.100.1/24 on the external interface, and then when I try and connect the Firewall Live Log shows default drops for my client (192.168.5.50) to 192.168.100.1"

    Or am I misundestanding?

    Thanks

  • Hi,

    that was as far as I got, I could never get it to work.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • OK, I finally got this working. 

    In Interfaces -> Additional addresses add a new IP address to the external interface.  My modem IP is 192.168.100.1 so I went with 192.168.100.2/24

    Then you need to exempt 192.168.100.2 from masquerading.  In Network Protection -> NAT -> NAT add a "no NAT" for 192.168.100.2 -> Any -> Any.  Check automatic firewall rule.

    Done

    Hopefully it helps someone.

     

    You might need to add a SNAT rule as well to translate to 192.168.100.2 if your modem only accepts logins from the same subnet.

Reply
  • OK, I finally got this working. 

    In Interfaces -> Additional addresses add a new IP address to the external interface.  My modem IP is 192.168.100.1 so I went with 192.168.100.2/24

    Then you need to exempt 192.168.100.2 from masquerading.  In Network Protection -> NAT -> NAT add a "no NAT" for 192.168.100.2 -> Any -> Any.  Check automatic firewall rule.

    Done

    Hopefully it helps someone.

     

    You might need to add a SNAT rule as well to translate to 192.168.100.2 if your modem only accepts logins from the same subnet.

Children
No Data