Kitz Forum

Broadband Related => Router Monitoring Software => Topic started by: tickmike on December 19, 2016, 12:54:15 AM

Title: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: tickmike on December 19, 2016, 12:54:15 AM
What's The Best Way To See Modem Info Through A Hardware Firewall ?.

I use a Hardware Firewall (Smoothwall) .
DSLstats
Modem (at the moment--- NOTE this works well !) Huawei HG612 'Bridged' PPPoE (PPPoE is from smoothwall box not the Modem ! ) using both LAN 1 and LAN 2

If I want to try another Modem the 'smoothwall box' blocks any modem data.

Any advice for a safe way to configure both so I can see the Modem stats and not compromise my net security ?.

I'm Not Going To use port 23 as I see 25,000 probes a Day at the moment in my firewall logs.  :o  :'(.
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: Ronski on December 19, 2016, 06:44:12 AM
LAN 1 on the HG612 is the modem, and should be connected to the WAN port on the Smoothwall. LAN 2 should just be connected to the switch. I can't remember the standard IP address for LAN 2, but with a normal unlocked configuration of the modem it has no access to/from the internet - it's just the same as any other device on your internal network.

This is how I have mine setup on Pfsense, you basically have LAN 2 on the wrong side of the firewall.
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: tickmike on December 19, 2016, 11:18:53 AM
LAN 1 on the HG612 is the modem, and should be connected to the WAN port on the Smoothwall. LAN 2 should just be connected to the switch.

Yes that's correct, that's what I do and it works well.

My point is if say I want to try an old DG834GT on my long line there is only the modem LAN 1 so you can not use the above method.
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: Ronski on December 19, 2016, 12:23:04 PM
I was wondering why you had both ports connected and couldn't get stats  ::)

I see you've made the post clearer now, or I've woken up.

Perhaps VLANS would be the way to go so long as the modem supports it. Although the DG834GT has more than one port, whether you can separate them like the HG612 I don't know.

https://wiki.openwrt.org/toh/netgear/dg834gt
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: nallar on February 11, 2017, 06:34:50 PM
The instructions for doing this with a single LAN port on pfSense are here: https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

Never used smoothwall, but hopefully it allows a similar configuration.
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: Dray on February 11, 2017, 07:04:29 PM
What if you're not using PPPoE?
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: nallar on February 11, 2017, 07:16:14 PM
In that case there should be no special configuration needed. Did you make sure the modem's configured on its own subnet?

Example setup with multiple modems with accessible web interfaces:
(https://i.imgur.com/DtsOvav.png)

WAN_CABLE is connected to an Arris cable modem on em3. The router uses DHCP and gets given a public IP address on that port. The modem's web interface is available on 192.168.100.1. As this is on another subnet, when I access that it just works(TM).

MODEM_DSL is connected to a Vigor 130 modem on port em1. The router uses DHCP and gets given a private IP address on that port. The modem's private IP address is set up at 192.168.101.1. Accessing 192.168.101.1 also works.

WAN_DSL is a PPPoE connection over port em1. The modem web interface isn't accessible over that.
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: Dray on February 11, 2017, 07:31:04 PM
Thanks for that :)
Title: Re: What's The Best Way To See Modem Info Through A Hardware Firewall ?.
Post by: tickmike on March 06, 2017, 02:57:44 PM
Up-dating this post for info.
After BTOR fixed my line I have got around to trying an old DG834GT modem and to see the stats through my hardware firewall (Smoothwall) I did what you do when using an HG612 * to have your modem LAN address on the same IP range as your LAN eg, 192.168.0.1/24  , so for the modem I used 192.168.0.2 and loop it to my switch.

* see  http://www.kitz.co.uk/routers/hg612unlock.htm