Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

Let’s say that I want someone who is outside my LAN to be able to get in and access one of my modems in order to help handhold me, assess it, or even reprogram it remotely. This is awkward because I set the modems up with 192.168.x.1 addresses for their admin i/fs, so it makes it impossible for me to quote addresses for them that remote helpers can access directly from outside.

I have set my Firebrick router up to redirect admin i/f traffic to the modems so that access from the main lan works and I just log straight in to eg 192.168.1.1. To facilitate a remote helper’s access I need to do a vaguely similar thing again, same kind of redirection, but I will need to invent an address for the remote user to accesss and will also have to make a hole in the firewall for the remote help assistant. I have done the firewall hole already so that’s not a problem. But some pieces of the rest of a solution are eluding me. (Very very full of drugs too which doesn’t help.  )

Can anyone give me any tips about Firebrick config design for this?

I am regretting using RFC1918 addresses, but am still wavering. I don’t really want to drop that method completely, for one reason because there are quite a few references to these addresses now unfortunately, lurking here and there in code and in config files. I am wondering if I could have the best of both worlds, have a fake ‘external’ address that is routable use, NAT with it (which I do already, sort-of) and keep the existing system as well, so dual method of access. If not I will have to go on a giant bug-hunt.

I am thinking that fancy additional router config is not enough. I will presumably need to arrange a small amount of additional real IPv4 space. The reason being that placing the modems in my existing range sounds problematic, because it is already routed to my main LAN. But I’m not sure. Thoughts?

Getting a small amount of additional IPv4 space should not be too much of a problem luckily. I just ask AA and they’re very willing to accommodate you.

An alternative would be to get a machine going on my main LAN which a helper could log in to and from there could access the modems indirectly. If only the Raspberry Pi were up and running. It would all be more of a fiddle for the helper though.

I’m thinking this ph isn’t feasible / realistic given my present state. Too woozy to solve the problems. But that is part of the reason for thinking about setting up additional access. Duh.

[hopkins35]

Hi Weaver

Using NAT and port-redirection would mean that you could use one of your existing public IPv4 addresses and simply redirect from an unused port number, say 9999, to the managment port of the modem. I have a similar setup to you, several VMG1312-B10As on different subnets from my main LAN and the Firebrick and the below XML snippet works for me

<rule name="Test"
        target-ip="YOURPUBLICIP"
        target-port="9999"
        protocol="6"
        set-nat="true"
        set-target-ip="YOURMODEMPRIVATEIP"
        set-target-port="80"/>

[aesmith]

Following on from that, and assuming the Firebrick supports it, you could use different external ports mapped to port 80 on each modem, thereby using only one IP address.