Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: SignedAdam on April 23, 2016, 12:39:54 AM
-
The bellow:
Destination network address: 192.168.1.0
Subnet mask: 255.255.255.0
Default gateway: 192.168.2.253
Interface: LAN/br0
May work on a "billion 8800nl" however, it does not work on the HG612, I've been trying to make this work with the HG612 for almost 7 hours of my life, which I wont get back, the HG612 would give off the error message "The destination IP address is invalid." when entered with the settings above, it simply wont save the settings, I even went as far as download the (.conf) file, changing the settings in the (.conf) file, then reloading it,
I'm using a netgear r7000 with dd-wrt, when I try going to 192.168.0 or 192.168.2.253 after entering the settings in to the HG612, nothing shows up at those address
-
You must first add the Virtual Interface to your router as described in the 2nd post http://forum.kitz.co.uk/index.php/topic,14621.msg273310.html#msg273310
-
I ran both commands,
ifconfig eth0:1 192.168.2.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253
and tried rebooting and trying older command with the 1st command,
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253
both made me direct to the routers 192.168.1.1 interface
-
a reboot will clear what the commands do unless you automate them on a boot up.
-
yes, I know, I'm not a complete noob, , that's why I reran both the commands, every time it starts up, just tried both the old and new, however both combinations of the command direct me to the routers interface, not the hg612 interface
-
you are adding static routing to the hg612?
Dont add any routing to the hg612, that has to be added to the netgear (your router).
the hg612 by default doesnt have a 2nd lan subnet. So i dont know how this can be achieved on the hg612 unless you can make a new lan on it.
-
ill hook up a hg612 to my laptop to have a look at what can be done.
The guy you trying to copy is a one time poster and his post doesnt make sense to me.
-
I don't understand what your asking me to do chrysalis, please could everyone view the images attached to this comment, and tell me if the settings on the hg612, are correct, if not, what do I need to change, to what ?
-
I'm also happy to set the hg612 back to default settings, and follow a real guide, on how to see the hg612 over just the wan cable, the only way ive managed to see the hg612 on my network, is by plugging in a cable from the lan 2 in to any lan port on the router, don't know how you could do it over wan, unless you have the hg612 doing the routing part, which would be stu!pt, as my r7000 netgear router has more power
-
I have had a look and its my opinion the hg612 is incapable of doing this. There is no way to add a 2nd lan subnet to the device in the UI. If it will work its going to be command line configuration only.
Please make a new thread if you want to proceed as I dont want this topic derailed for a different device.
-
The following post, says you can access the HG612 Gui, over it's wan port, however I've not managed to replicate it
http://forum.kitz.co.uk/index.php?topic=14621.0;topicseen
Please could someone, tell me where I'm going wrong
-
I will check in the CLI later, but now I am off out for most of the day.
For now please login to telnet and post the output of ifconfig, do this whilst your wan is online.
-
Don't see any ifconfig in telnet tab, using DSLstats v5.8
it does list connection stats bitloading pbparams qln hlog snr attenuation log vectoring ....
-
Not sure if this will help but I think you need to first telnet into the HG612 modem.
So on window start a command prompt or run the cmd command, within the command prompt window type the following:
telnet <ip address of hthe HG612> for example telnet 192.168.1.1 you will be asked for a user name and password.
Then issue the ifconfig command.
Hope this helps
-
At the ATP> prompt you must enter SH then ifconfig
-
That's 'sh' by the way, not 'SH'.
-
SH works for me ;)
-
You're right, sorry. :)
-
there's no command line in DSLstats v5.8, also, when I open the command line in windows 10 Pro, and use the command "telnet 192.168.1.1" it says 'telnet' is not recognized as an internal or external command, operable program or batch file. Huh?
-
You have to enable telnet as its disabled by default http://www.technipages.com/windows-10-enable-telnet
-
Thank you Dray, feel like an id!ot now, should of known it was a hidden windows feature,
Welcome Visiting Huawei Home Gateway
Copyright by Huawei Technologies Co., Ltd.
Login:admin
Password:
ATP>sh
BusyBox v1.9.1 (2014-01-21 16:44:38 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
# ifconfig
br0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:150370 errors:0 dropped:0 overruns:0 frame:0
TX packets:67350 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14557574 (13.8 MiB) TX bytes:12464698 (11.8 MiB)
br1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:809 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:35842 (35.0 KiB) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5637982 errors:0 dropped:0 overruns:0 frame:0
TX packets:9925837 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:575739427 (549.0 MiB) TX bytes:307266516 (293.0 MiB)
Interrupt:40 Base address:0x6a00
eth0.4 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:150581 errors:0 dropped:0 overruns:0 frame:0
TX packets:67347 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17297316 (16.4 MiB) TX bytes:12745378 (12.1 MiB)
eth0.5 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5487401 errors:0 dropped:0 overruns:0 frame:0
TX packets:9858490 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:558442111 (532.5 MiB) TX bytes:294521138 (280.8 MiB)
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
UP RUNNING NOARP MTU:16000 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
imq1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
UP RUNNING NOARP MTU:16000 Metric:1
RX packets:5487310 errors:0 dropped:0 overruns:0 frame:0
TX packets:5487310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:558431520 (532.5 MiB) TX bytes:558431520 (532.5 MiB)
imq2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
UP RUNNING NOARP MTU:16000 Metric:1
RX packets:5487310 errors:0 dropped:0 overruns:0 frame:0
TX packets:5485538 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:558431520 (532.5 MiB) TX bytes:557376180 (531.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:118657 errors:0 dropped:0 overruns:0 frame:0
TX packets:118657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7238981 (6.9 MiB) TX bytes:7238981 (6.9 MiB)
pktcmf_sa Link encap:UNSPEC HWaddr FE-FF-FF-FF-FF-FF-FF-FF-00-00-00-00-00-00-00
-00
UP NOTRAILERS RUNNING NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:50 Base address:0x5220
pktcmf_sw Link encap:UNSPEC HWaddr FE-FF-FF-FF-FF-FF-FF-FF-00-00-00-00-00-00-00
-00
UP NOTRAILERS RUNNING NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:42 Base address:0x6a40
ptm1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9858491 errors:0 dropped:0 overruns:0 frame:0
TX packets:5485490 errors:0 dropped:48 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4294967295 (3.9 GiB) TX bytes:556315364 (530.5 MiB)
ptm1.101 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9858490 errors:0 dropped:0 overruns:0 frame:0
TX packets:5487310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:156415612 (149.1 MiB) TX bytes:558431520 (532.5 MiB)
* Note : all mac address's have been replaced with XX:XX:XX:XX:XX:XX
-
thanks, it looks the same as my hg612 not connected to wan so am surprised by that.
going to try and get a 2nd subnet up on my hg612 and if I am successful will post back.
-
Guessing you were unsuccessful
-
no I just havent looked much yet, I had to do something else and also went out again.
-
yeah it seems quite simple to do, the problem is I am not prepared to connect my hg612 as my modem, so as a result I wont be testing this whilst wan is activated, but right now i do have lan access to the hg612 using lan1 on the 2nd subnet.
-
hg612 shared wan/lan cable guide
1 - login to telnet on the hg612 and run the following command, adjust for your own preference, my example is using the 192.168.3.x subnet, this is something that you will have to do on every reboot of the device.
ifconfig br1 192.168.3.1 netmask 255.255.255.0
2 - on your router run the folliowing commands, again adjust as required. This command is for iptables 1.4+
Also the correct ethernet device needs to be chosen. The correct ethernet device depends on the router model and type of internet connection.
On my asus router using sky dhcp the ethernet device on the wan port is eth0, the correct device should be identifiable by having the internet ip assigned to it. check with ifconfig.
ifconfig eth0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
At this point the hg612 is not pingable because the firewall is blocking the traffic.
The easy way to fix this is login to the GUI, click on advanced, then firewall, change firewall level to disabled and then click submit. This change will survive reboots.
A more proper way to fix is do this edit the ip filtering on the hg612. But I see no way in the GUI to do this. It seems to be a read only screen.
After disabling the firewall the hg612 should be pingable from the router and pc.
Below is output of my testing, I tested over one of my router's lan ports, so these commands are adjusted.
Basically lan2 from my hg612 is connected to my laptop which itself is not connected to rest of my lan.
Lan1 is connected to my router in one of the lan ports.
Can see here, br0 has my lan ip bound to it.
br0 Link encap:Ethernet HWaddr 08:62:66:96:AF:E0
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.255.0
I add a 192.168.3.x ip to the br0 interface as so.
admin@RT-AC68U:/jffs/scripts# ifconfig br0:1 192.168.3.253 netmask 255.255.255.0
Can check as so.
admin@RT-AC68U:/jffs/scripts# ifconfig br0:1
br0:1 Link encap:Ethernet HWaddr 08:62:66:96:AF:E0
inet addr:192.168.3.253 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Here is the iptables command
admin@RT-AC68U:/jffs/scripts# iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
admin@RT-AC68U:/jffs/scripts#
ping from router
admin@RT-AC68U:/jffs/scripts# ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: seq=0 ttl=64 time=2.087 ms
64 bytes from 192.168.3.1: seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.3.1: seq=2 ttl=64 time=0.406 ms
64 bytes from 192.168.3.1: seq=3 ttl=64 time=0.414 ms
64 bytes from 192.168.3.1: seq=4 ttl=64 time=0.416 ms
ping from pc
C:\Windows\system32>ping 192.168.3.1
Pinging 192.168.3.1 with 32 bytes of data:
Reply from 192.168.3.1: bytes=32 time<1ms TTL=63
Reply from 192.168.3.1: bytes=32 time<1ms TTL=63
Reply from 192.168.3.1: bytes=32 time<1ms TTL=63
Reply from 192.168.3.1: bytes=32 time<1ms TTL=63
Ping statistics for 192.168.3.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
I can telnet from the pc no problem.
Hope this helps.
-
ok this is how to get it working without disabling the firewall
On the hg612 run the following commands, changes lost on reboot.
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
-
You are a Genius, but is there anyway, to do all this in the Gui, its easyer for noobs, and people like me who prefer the Gui/ user interface and not a command line
This is not an arguement, the command prompt is faster, fact! but the user interface is friendly, fact! noobs need this, thank you for all your hard work so far, I've put alot of hours in to following what people say, and i will give this a go
* is there anyway to make this permanent
* lots of power cuts where i live, leave and forget is the best answer to everything
-
After you make the changes using the CLI, can you see them reflected in the GUI?
-
I know, you can download the configuration file, which has hundreds of settings in, you can open it with a text editer, and change the settings by changing the text, when you upload it to the HG612 the settings you changed in text editer, take effect, i think this would be a better way and the setting stick, meaning even on a reboot, they are not lost,
* if someone knows what text needs to be edited in the configuration file, it would be job done
-
So take a copy of the config before you make the changes
Make the changes
Take another copy
Do a diff
-
DD-WRT v3.0-r29300M kongac (c) 2016 NewMedia-NET GmbH
Release: 03/27/16
DD-WRT login: root
Password:
==========================================================
___ ___ _ _____ ______ ____ ___
/ _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \
/ // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // /
/____/____/ |__/|__/_/|_| /_/ |___/____(_)___/
DD-WRT v3.0
http://www.dd-wrt.com
==========================================================
BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)
root@DD-WRT:~# sh
BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)
root@DD-WRT:~# ash
BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)
root@DD-WRT:~# busybox
BusyBox v1.24.1 (2016-03-27 01:26:48 CET) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
or: busybox --list
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, [[, adjtimex, arp, arping, ash, awk, basename, bash, blkid, bunzip2,
bzcat, cat, chattr, chgrp, chmod, chown, chroot, clear, cmp, cp, cut,
date, dc, dd, df, dirname, dmesg, dnsdomainname, du, echo, egrep, env,
expr, false, fdisk, fgrep, find, free, fsck, ftpget, ftpput, getopt,
grep, gunzip, gzip, halt, hdparm, head, hexdump, hostname, hwclock, id,
ifconfig, ifdown, ifup, insmod, install, kill, killall, klogd, less,
ln, logger, login, logread, ls, lsattr, lsmod, lsusb, lzcat, md5sum,
mesg, mkdir, mkdosfs, mkfifo, mkfs.vfat, mknod, mkswap, modprobe, more,
mount, mv, nameif, nc, netstat, nice, nohup, nslookup, pidof, ping,
ping6, pivot_root, poweroff, printenv, printf, ps, pwd, reboot, renice,
reset, rm, rmdir, rmmod, route, run-parts, rx, sed, sendmail, seq, sh,
sha1sum, sleep, sort, strings, stty, swapoff, swapon, sync, sysctl,
syslogd, tail, tar, taskset, tee, telnet, telnetd, test, tftp, time,
top, touch, tr, traceroute, traceroute6, true, tty, tune2fs, udhcpc,
umount, uname, uniq, unlzma, unxz, uptime, usleep, uudecode, uuencode,
vconfig, vi, watch, wc, wget, which, whoami, xargs, xzcat, yes, zcat
root@DD-WRT:~# SH
ash: SH: not found
root@DD-WRT:~# ifconfig
br0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11869567 errors:0 dropped:28934 overruns:0 frame:0
TX packets:20043330 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:928534634 (885.5 MiB) TX bytes:25902818991 (24.1 GiB)
br0:0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:169.254.255.1 Bcast:169.XXX.XXX.XXX Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24025095 errors:0 dropped:493 overruns:0 frame:0
TX packets:16952201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:897072629 (855.5 MiB) TX bytes:2768837734 (2.5 GiB)
Interrupt:179 Base address:0x4000
eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.2.253 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:179 Base address:0x4000
eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6168246 errors:0 dropped:0 overruns:0 frame:5126990
TX packets:12622684 errors:43 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:525031461 (500.7 MiB) TX bytes:3867387064 (3.6 GiB)
Interrupt:163
eth2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2160017 errors:0 dropped:0 overruns:0 frame:416585
TX packets:3564760 errors:3185 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:268946539 (256.4 MiB) TX bytes:3739129931 (3.4 GiB)
Interrupt:169
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:15499849 errors:0 dropped:0 overruns:0 frame:0
TX packets:15465241 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:30
RX bytes:3037063025 (2.8 GiB) TX bytes:2983042026 (2.7 GiB)
imq1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:966357 errors:0 dropped:0 overruns:0 frame:0
TX packets:966892 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:30
RX bytes:179738762 (171.4 MiB) TX bytes:179776914 (171.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:137 errors:0 dropped:0 overruns:0 frame:0
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19560 (19.1 KiB) TX bytes:19560 (19.1 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:217.XX.XXX.XXX P-t-P:XXX.XX.XX.X Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:19871692 errors:0 dropped:0 overruns:0 frame:0
TX packets:11456921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:25598767757 (23.8 GiB) TX bytes:873321645 (832.8 MiB)
vlan1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4108763 errors:0 dropped:0 overruns:0 frame:0
TX packets:5453958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:377432945 (359.9 MiB) TX bytes:5869382578 (5.4 GiB)
vlan2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19915136 errors:0 dropped:53 overruns:0 frame:0
TX packets:11498243 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25759774032 (23.9 GiB) TX bytes:1126613648 (1.0 GiB)
Which ones my WAN port, Would I use :
ifconfig eth0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
as well ? or do i need to change it to
ifconfig br0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
-
yeah on pppoe the ppp interface has the wan ip. Trial and error, it be one of the vlan's or eth devices you need to bind the new subnet to, try one at a time until it works. You need to do some of this yourself.
--edit--
My guess is it is vlan2. As the data stats are very close to ppp0.
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
you dont need the iptables command for the router to ping the hg612, so you can test very quickly just by binding the ip and then pinging from the router providing you have either disabled the hg612 firewall or added the rules I provided.
-
so ?
ifconfig ppp0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
is the correct command for my router/setup,
-
dont add it to ppp
-
ifconfig br0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
br0 is it then ? wont that change the routers address as well
-
reboot the router
to clear everything you done.
then run the vlan command I gave you, disable firewall on hg612 and add to br1 on hg612.
After those 3 steps the router should be able to ping the hg612, if it works, then all you need is the iptables command on the router to give rest of your lan access.
The bad news is, is that it seems ddwrt has a similar setup to tomatousb, as when I used tomatousb it was also vlan2, and everytime ppp recconnects vlan2 gets reset. So you will need to add an automated command on ddwrt to run the ifconfig command whenever wan initiates.
and believe me given the trouble of you getting this right, if it was possible in the gui I would have done it that way.
-
people are using the network at the moment, so i will try this tonight or tomorrow, thank you for your help so far
-
Modem HG612
1) connect to modem port 2, change ethernet address of the computer to 192.168.1.100
2) install telnet windows feature (addon)
3) open admin command prompt
4) telnet 192.168.1.1
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0
Router Netgear R7000
1) connect over wifi,
2) login to router,
3) go to the command line and enter
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
when i went to 192.168.3.253, i ended up seeing my routers user interface, so i went back over the ethernet to the modem, and changed its Local IP Address to 192.168.3.253, connected over wifi and ended up seeing my router again, please could you be deataled, in your reply, and list exactly what to do, talk to me like i'm a n00b, just as ive layed it out here
-
did you get an error running the iptables command?
In all honesty I cannot say how every single router on the market works when not using that router, to see your router's interface is odd, netgear may be using a lazy method of listening on all ip's for their interface but something isnt working right for sure.
You need to check if you can ping the hg612 192.168.3.1 ip from your router
and also you bodged it up do NOT change the main ip on the hg612 to 192.168.3.1, change the main lan ip back to 192.168.1.1 as you assigned the same ip to two interfaces, after verify if the new ip is still bound to br1.
You need to do some reading and research and figure some things out yourself, sorry I cannot really help more than i already have done.
also run this command on your netgear to verify it functions as expected.
nvram get lan_ipaddr
-
so
Modem HG612
1) connect to modem port 2, change ethernet address of the computer to 192.168.1.100
2) install telnet windows feature (addon)
3) open admin command prompt
4) telnet 192.168.1.1
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0
Router Netgear R7000
1) connect over wifi,
2) login to router,
3) go to the command line and enter
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
ping 192.168.3.1 (if this fails there is no point in proceeding)
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
Also on your pc you goto 192.168.3.1 not 192.168.3.253.
-
1st photo i connect to the modem and entered the commands you see in the photo, after each command i got a (^) ???
2ed I connected to the router and entered the commands then tried ping, None were lost, but unreachable
3ed I entered the commands drirectly in to the routers interface, both the commands, i know the photo only shows one, but i did enter each one after the other, so the command in the photo is the last one, i tried a ping and ended up with the samething, when i went to 192.168.3.1, the page would just load then go black
after all that, i tried
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
to see if the old command would work,
not even that sorted the problem out
-
when i look at the ip address, i see 192.168.3.253 also shows my routers ui, when i go to 192.168.3.2, nothing shows up, when i go to 192.168.3.1 nothing shows up
i've also done a ping test, which you can find in the attached images
-
on the modem you havent typed 'sh' first to get into the shell.
you was told to do this many posts ago by someone else.
leave the router as it is.
when you login to the modem first run 'sh'.
you should see a busybox message.
then run the modem commands.
it looks like router is done correctly.
after you have done the modem then try the ping again.
the 192.168.3.253 router ui is expected, my earlier reply I didnt realise at first you tried .253 not .1, the .253 is bound to the router so obviously that wont reach the modem.
-
That did the trick, how can we make it stick, we get alot of power cuts where i live, so anytime, the lights go out, so does all my work ?
Guide for the networking n00bs :
Modem HG612 (Alert, some browsers like firefox 64x wont be able to connect to the HG612 user interface, best use buggy internet explorer... or the lovely new edge)
1) connect to ethernet\lan port two on the modem, change ethernet IP address of the computer to 192.168.1.100 (Guide http://www.kitz.co.uk/routers/hg612unlock.htm (http://www.kitz.co.uk/routers/hg612unlock.htm) thank you Kitz)
2) install telnet windows feature (addon) (Thanks Dray) http://www.technipages.com/windows-10-enable-telnet (http://www.technipages.com/windows-10-enable-telnet)
3) open admin command prompt
4) enter : telnet 192.168.1.1 (Thanks olwalh)
5) Enter : sh (Thanks roseway + Dray)
6) Enter the following commands, one by one :
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0
Router Netgear R7000 (dd-wrt)
1) connect over wifi, disconnect ethernet
2) login to router,
3) go to the command line and enter one by one :
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
ping 192.168.3.1 (if this fails there is no point in proceeding)
go to 192.168.3.1 to see your hard work, if nothing shows, repeat the steps again, by turning off the router and modem, which will clear any of the previous mistakes you may have made, yes, that means if theres a power cut, you will have to repeat this Guide,
And a big thanks to Chrysalis, big respect :cool:
Admin\Mod may edit, My spelling and wording is atrocious
-
for now get a telnet software client like putty.
add the commands to the auto login configuration, so then all you need to do is login once and its all done.
whats your username on mdws? if you not there, get yourself on there after all this work :)
-
Thanks for your help again! this would not have been possible, with out your help :cool:
-
login to the R7000 (dd-wrt) router, then go to the Administrator - Commands tab (Diagnostics)
enter the following command, as shown, here, all in one
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
then press (Save Startup)
every time the router boots, it will run this command, meaning even if theres a power cut, the settings will stay the same, sharme the same, cant be said about the HG612
I've tried saving the config file, then re uploading it, but it seems the settings you input in to the HG612 by telnet, don't show up in the UI, so after a rebootor power cut, the modem will always need the settings sent to it, again and again.... if anyone knows how to make it keep the settings, please share
-
why have you added a static route to the hg612? it doesnt need it.
-
would that not do the same thing as the ifconfig command ?
ifconfig br1 192.168.3.1 netmask 255.255.255.0
if you look at the Author post, they go on about doing it someway by this ?
http://forum.kitz.co.uk/index.php/topic,17596.0.html hhkb
-
no its not the same thing.
there is no way to do what that command does in the GUI.
I think so people dont get misled his post should be deleted. (hhkb)
-
I should be the Author of this post, thats why im confused?
-
Silently, stealthily, just like a ninja b*cat applies a furry black paw and the transformation has taken place. SignedAdam is now the originating poster of this thread and hhkb's post has disappeared from view. ;)
-
Thanks alot, everything has became clear! cats rule the world ;)
-
What I don't understand is why you have to give the modem another IP address to make this work. It's already got one, why does it need two?
-
you dont have to but I think this is the easiest method, billion router's by default come with a 2nd subnet on the wan interface which is what made me start using this method. (this is why there is no messing around modem side on the billion guide).
The other way is to add route's to route specific ip's over the other interface, which would still need a route command in the cli on both devices. (it would also probably need a shrinkage of the first lan subnet on the main interface which is actually more complex).
-
I'm just wondering whether the problem is simply the Port Binding check-box shown here
http://wiki.kitz.co.uk/index.php/Huawei_HG612_-_Basic#WAN_settings
as the help says Port binding
It is used to specify which LAN ports are bound to the WAN connection. The bound LAN ports can access the network through only the designated WAN connection.
-
that's what this essentially does but as far as I know the hg612 has no way to bind lan traffic to specific ports in the UI. That is for WAN.
-
It was either on this forum (or another) that if you untick the bindings on both lan ports, then your router (by adding a VLAN in the same subnet as the modem) could access line stats....
1) Untick bindings.
2) Set 2nd LAN subnet on router (along with required firewall rules)
VOILA...devices on the normal LAN can access the hg612 GUI
Ian
-
Yes I think you're right, I have a vague recollection of seeing that somewhere. I've just been looking at the pfsense documentation here https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall which says
Some DSL or cable modems have web interfaces on private IP addresses. Since these sit outside the firewall and don't have a public IP, accessing them isn't as straight forward as it might seem. The firewall is typically assigned a public IP, and sends all outbound traffic upstream to the ISP. The ISP won't route the private subnet back to the modem, leaving it unreachable. This page describes the work around needed to access the management interface on the modem from the inside of the network.
Note: The modem's management IP must be on a different IP subnet than the internal network. If it is not, attempts to connect to it will never go to the firewall to be routed out to the modem, as hosts on the internal network would try to connect to it on the local network and fail.
-
@kitzuser87430 - Please could you be more clear on the steps you taken,
1) Untick bindings. (Where, What Tab, Basic - WAN - port 1 and 2) ??
2) Set 2nd LAN subnet on router (along with required firewall rules) (Again, where and what do we imput in to 2ed lan subnet, what firewall settings do we enter, do we enter them over telnet)
I would like a full brake down on what to do, just listing little bits of info is not going to help n00bs or people just getting in to networking like me,
thanks
-
We're getting there slowly - it's not like anyone knows exactly what to do, so it's one step at a time.
Your questions:
1) Yes
2) I thought you already had the firewall rules
As far as I can see there's no reason to have a 2nd subnet, the modem just has to be in a different subnet to your local LAN otherwise the router won't look in the WAN, it will only look in your LAN.
Interestingly the pfsense documentation says here https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall Now NAT needs to be configured to translate traffic destined to the modem to the new interface. This is necessary so the modem sees the traffic sourced from an IP on its local subnet. Without this NAT, it would be necessary to configure a route on the modem so it knows how to reach the internal subnet. With some modems this isn't possible, and in most cases it's easier to NAT the traffic so routing isn't a concern.
So it looks like that static route that hhkb mentioned could be a requirement after all.
-
Dray selective quoting never helps.
I checked the page and there is this snippet you left out.
Note: The modem's management IP must be on a different IP subnet than the internal network.
no static route is needed because the modem already knows how to route the packets via the subnet mask.
-
So the modem only needs 1 IP address ?
-
So basically the modem has a lan ip on the lan interface. All traffic over that subnet will go over that port, but we dont want to use that port because it requires an extra cable.
To solve the problem we use a second subnet and bind it to the other interface, the modem will route all packets to that subnet over that interface because we assigned a 255.255.255.0 subnet mask. Static routes are used to route packets outside of the subnet.
On the router it can access the modem without any routing because it has a ip assigned to the right port also with a 255.255.255.0 subnet mask, however we need to route packets that come from the normal lan subnet e.g. from a pc.
Thats what the iptables command is for, it diverts packets from the normal lan subnet to the correct interface. This only needs to be done on the router, not the modem. Because the modem see's the source ip as the new subnet already.
-
If we untick the WAN binding for LAN1 then we don't have to use LAN2 at all, also if the modem is configured as solely being in a separate subnet, then we don't have to assign 2 subnets to it, so the settings should survive a reboot of the modem?
-
try it and see if you think its that simple dray.
-
Unfortunately I have another router in the way so it goes modem-->HH5-->pfSense-->LAN
-
my assumption is if you unbind the wan, then surely it will stop functioning as a modem?
-
I tried that and it continues to work as a modem and stats are available on LAN2. If I connect LAN1 to my LAN instead then stats are available on LAN1.
-
so you tried it now? you said you couldnt try it.
-
I tried the modem out with the unticking of the WAN LAN ports binding, but I haven't tried the crazy routing to get the stats over LAN1 :comp:
-
ok thanks, maybe Adam can try what you saying.
-
Unfortunately I have another router in the way so it goes modem-->HH5-->pfSense-->LAN
Why have you got the HH5 before your firewall ?.
My set up HG612 Modem in Bridge Wan not bound to either LAN1 or LAN2 > 'Smootwall' hardware firewall >LAN .
LAN2 on HG612 is connected to my LAN via a link cable.
No problem in getting stats. :)
-
Why have you got the HH5 before your firewall ?.
So I can get BT Wifi
My set up HG612 Modem in Bridge Wan not bound to either LAN1 or LAN2 > 'Smootwall' hardware firewall >LAN .
LAN2 on HG612 is connected to my LAN via a link cable.
No problem in getting stats. :)
This thread is about getting stats through LAN1 ???
-
This thread is about getting stats through LAN1 ???
I will go and get on with putting my oak floor down and get a eye test booked :blush:
-
so what does everyone want me to test, remember, make it very clear, I dont talk networking binary language just yet
I recall you saying,
1) Untick bindings. from Basic - WAN - port 1 and 2
2) how do i enter the firewall settings in to the interface, so tell me what to press on the firewall tab, and what to enter, if we cant enter them in to the user interface, then there is no point in proceeding with this, as the firewall settings will reset everytime there is a power cut, shame the router cant force the modem in the right place and everything, because the router can save its command settings
3) Set the 2nd LAN subnet on router, im guessing this is the
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
command ?
-
dray needs to answer, I havent plugged in the hg612 since I did the guide.
He thinks its as simple as one change in the GUI if I understand him correctly.
-
That would be much more easyer than doing it in telnet for n00bs, my Chrysalis friend :) dont worry, if it fails, i will be doing everything you said still, your still a legend
-
As far as I can see, all you need to do is
1) Untick bindings. from Basic - WAN - port 1 and 2
2) Give the modem the address 192.168.3.1 netmask 255.255.255.0 in Basic - LAN - LAN Host Settings
3) Apply those settings from before to the router (I'll just go and see if I can find them) Yeah these:
3) go to the command line and enter one by one :
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
Although I have to say I don't actually understand what these are doing because as I mentioned I use pfSense which does it in a different way.
-
WELL DONE Dray!
with your settings, im able to gain access to the modem
I'm still testing here, we will have to see what happens when the firewall settings go on a powercut
please list how you do it with "pfSense" the more ways we have of doing this, the more chance people will get GUI Over WAN working
-
I've already linked to the instructions for pfSense (https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall), but in my case I'll update this thread if I ever get round to trying it as my set up is a bit more bizarre.
Excellent news, thanks for doing it :thumbs: :dance: :yay:
-
Now, I guess, theres still the firewall, does anyone know how to enter the following strings,
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
in to the GUI, with out telnet or any command lines but the interface of the HG612,
* Basically I need someone to translate the code above in to a string of imputs, to imput in to the interface, as shown in the image bellow, it can be done
-
It would help if we knew what those commands actually do :shrug2:
-
I've just found out the hardway, it's if you have a custom setup within the modem, for ports and address, but if you keep it as default, you dont get blocked by the modems firewall, so keep the setting as "Standard" setting, dont change anything to do with the modems firewall, and you will find you can connect to it like Dray, so this is where your going wrong Chrysalis, dont mess with the modems firewall
If anyone runs in to the modem blocking you, with its firewall, try changing your ethernet ip to 192.168.3.100, then connect by lan two, you will be able to login at 192.168.3.1, then reset to default and try again
-
Hi signedadam
I just had a quick look at hg612, and setting those up in hg612 looks simple to complete
I can take pictures as I'm not looking at it now, but login to hg612, advanced, firewall, select custom, give it a name, submit, click acl, add in http, telnet etc, submit and test
Many thanks
John
-
updated my reply, no firewall settings needed if you keep it as default settings, "normal" mode for the firewall
I think you mean Firewall Level: Standard
-
correct, i mean "Standard" firewall settings allow you to connect to the modem GUI with out the need of editing any firewall ports on the modem
now that I have a permanent solution, which wont stop working if theres a power cut, I will make a guilde for n00bs to follow,
Thank you both Dray + Chrysalis for the permanent solution,
* d2d4j thanks for taking alook, we sorted it :fingers:
* dont use firefox 64x, it wont show the modem
-
Brilliant :yay:
-
I've just found out the hardway, it's if you have a custom setup within the modem, for ports and address, but if you keep it as default, you dont get blocked by the modems firewall, so keep the setting as "Standard" setting, dont change anything to do with the modems firewall, and you will find you can connect to it like Dray, so this is where your going wrong Chrysalis, dont mess with the modems firewall
If anyone runs in to the modem blocking you, with its firewall, try changing your ethernet ip to 192.168.3.100, then connect by lan two, you will be able to login at 192.168.3.1, then reset to default and try again
those rules dont block anything, they just poke a hole to allow the lan second subnet traffic on the br1 interface (by default blocked on the shipped configuration).
As for the change dray recommended, I am glad it works, although compared to how other routers behave this is inconsistent.
-
Chrysalis - Please could you supply the settings i need to imput, or other users need to imput, in to the firewall user interface, telnet wont cut it because we want it to save the settings, not lose them on a reboot or power cut,
-
As for the change dray recommended, I am glad it works, although compared to how other routers behave this is inconsistent.
The pfSense instructions appear to indicate all modems will behave in this way as they aren't specially done for the HG612.
-
I dont even know how you got that to appear in the GUI, when I was messing around I couldnt get such a box to appear.
I did my guide.
But the method you are using now shouldnt need any firewall changes.
Dray both my billion and zyxel dont behave this way, they require lan isolation to prevent problems, indeed some may remember a post i made when I first started using the zyxel as someone had to figure the isolation out for me to get it to work properly.
-
Please check out the full Permanent Guide http://forum.kitz.co.uk/index.php/topic,17671.0.html
if you see any problems with the post, please comment :cool:
thanks for this ;) i'm so happy with my setup, I dont feel like buying a new modem, not that you can find just a modem anymore...
-
How has this
As far as I can see, all you need to do is
1) Untick bindings. from Basic - WAN - port 1 and 2
2) Give the modem the address 192.168.3.1 netmask 255.255.255.0 in Basic - LAN - LAN Host Settings
3) Apply these settings to the router:
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
expanded to that? - http://forum.kitz.co.uk/index.php/topic,17671.0.html
-
dray can you be kind of enough please to point me to the pfsense docs that say to remove all wan bindings? thanks.
-
They don't say that, they just say how to configure another interface in the same subnet as the modem, which has to be a separate subnet outside of the LAN subnet, much like you did to configure a VLAN bridge.
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
-
How has this
As far as I can see, all you need to do is
1) Untick bindings. from Basic - WAN - port 1 and 2
2) Give the modem the address 192.168.3.1 netmask 255.255.255.0 in Basic - LAN - LAN Host Settings
3) Apply these settings to the router:
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
expanded to that? - http://forum.kitz.co.uk/index.php/topic,17671.0.html
Well, for people starting out in the world of networking, they will need it spel!ing out to them, like I needed, sometimes seeing something in full, Helps! also i'm sure everyone here agrees, scrolling through pages and pages of comments, is harder than my post,
-
They don't say that, they just say how to configure another interface in the same subnet as the modem, which has to be a separate subnet outside of the LAN subnet, much like you did to configure a VLAN bridge.
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
Sorry am confused, I thought you were saying pfsense is telling people to unbind wan on modem's. That page does make sense, what is happening on the hg612 does not, I think its just lucky it happens to be working this way.
-
They don't say that, they just say how to configure another interface in the same subnet as the modem, which has to be a separate subnet outside of the LAN subnet, much like you did to configure a VLAN bridge.
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
Sorry am confused, I thought you were saying pfsense is telling people to unbind wan on modem's. That page does make sense, what is happening on the hg612 does not, I think its just lucky it happens to be working this way.
I agree with you Chrysalis, it dont seem normal, but it works :angel: thank the coding gods :D
I made alot of spelling mistakes, because of my phones auto correct, lol
-
Chrysalis - I wish to update my Guide with a way to enter the firewall settings, with out needing telnet, please show me what to enter in to the modems user interface,
Guide on how you get the extra options to show up in IP filtering :
1) Go to the modems user interface : 192.168.3.1
2) Login admin and password
3) Advanced - Firewall
4) Click Standard which should show a list of options
5) Pick custom
6) In the new empty box, enter a name for the new custem profile you just made
7) Click submit
8) Select the new profile you just made, then click IP filtering
9) All the boxies you should now be able to edit now
from 10) i'm sure you know what your doing, ::)
-
Did you see this? http://forum.kitz.co.uk/index.php/topic,15343.msg306218.html#msg306218
-
Thats for tomato, I like DD-WRT more :cool: don't believe it has that functionality :no: