Netgate SG-1000 microFirewall

Author Topic: pfsense with 2 modems as multiwan : cannot access webGUI of the secondary modem  (Read 269 times)

0 Members and 1 Guest are viewing this topic.

Offline trap16

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hello,

I have actually only basic knowledge on routing and setting up network, I would have some hints on the following and some way to sort it out.

Actually my home network is under 10.x.x.x  (LAN) on a pfsense router.
I own 2 router modems :
    - a box for fiber connection, plugged on WAN1 its adress is 192.168.1.1 , the pfsense WAN1 interface is set as 192.168.1.100
    - a modem for 4G connection, plugged on WAN2 its adress is 192.168.5.1 , the pfsense WAN2 interface is set as 192.168.5.100


I have a set my pfsense router as multiwan, I followed some tuttorial for multiwan and set a group gateway with tier1 for fiber, and tier2 for 4G, aim is having a failover on 4G (i have a limited traffic volume on it) and main gateway as fiber.
This seems to work.

But.

I noticed that i go on my fiber modem webpage without issue with http://192.168.1.1 or http://192.168.1.100
While it is impossible to get on my 4G modem webpage ( with http://192.168.5.1) when all my modems are up.

My understanding is when the fiber modem is up the traffic to 192.168.5.1 is routed to the fiber modem (which sound logical), while i want it to go on the 4G modem when i target 192.168.5.x network

Is there anyway to define a rule somewhere (firewall, route ?) to tell when i open a browser on  http://192.168.5.1 I want to go on the 4G modem ?

Best regards
Olivier


Offline jahonix

  • Hero Member
  • *****
  • Posts: 2436
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Create a firewall rule with destination 192.168.5.1 and use the 4G modem as gateway, maybe?
Rule has to be on Lan interface (or where-ever you're coming from) and order of rules should be verified.
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline trap16

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Thansk for your reply.

I added the rule in my firewall but it did not changed behaviour,

I found how to capture packet using diag and wireshark and found that it seems the packet are going on the correct gateway, but i do not see any reply , only tcp retransmission (I guess this is because i don't get a reply from the modem)

1) capture on my 4G wan + browser opened to 192.168.5.1 (to be clear the modem has static ip 192.168.5.1 -netgear LB1110 default ip- and my pfsense router interface has ip 192.168.5.100 on the gateway targetting that modem)

I guess this means the routing is correct but for some reason my 4G modem does not want to reply ...




Offline jahonix

  • Hero Member
  • *****
  • Posts: 2436
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Can you ping the modem's address?
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline trap16

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hello,

I did a few more testing, which raised more questions ... I added some screenshots to have a more friendly view of the problem.

To answer your question, I can't ping my 4G modem from the LAN but I can ping it from the pfsense box.

I also did some testing on my other modem (WAN1, the fiber modem-router) and found i can ping it from everywhere (LAN + pfsense box)
strangely I have a device plugged on the subnet of this modem (a tv decoder) that i can't ping from the LAN and can ping from the pfsense box.

See below :

From left to right windows, from :
 1) pfsense
 2) a LAN computer, running under ubuntu
 3) another LAN computer running under windows

Test done : ping 192.168.5.1 (the 4G modem LB1110) = OK/KO/KO , ping 192.168.1.1 (the fiber modem-router) = OK/OK/OK , ping 192.168.1.10 (the TV receiver) = OK/KO/KO
Trying to access web GUI lead to same results as ping.

I would understand a 100% fail from my test on the LAN (or a 100% success) but not that one, does it means the difference can be explained by the modem settings (so no issue is coming from my pfsense settings) ?

Thanks a lot.


« Last Edit: November 13, 2017, 10:57:38 pm by trap16 »

Offline trap16

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Another test today , I tried to check why pfsense can ping the tv receiver and why a computer on the LAN cannot ...

I used diagnostics on WAN1 interface to capture the packets for 192.168.1.10 and found that when i'm pinging from :

- pfsense box (192.168.1.100) : the destination MAC is the MAC address of the tv receiver (the ping work in this case)
- a computer on LAN (10.0.2.1) : the destination MAC is the MAC address of the fiber modem-router (and i get no reply)


Offline trap16

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
I sorted out half of the issue, it was due to bad settings.

- I removed the gateway from the WAN1 (to fiber modem) and WAN2 (to 4G modem) interface
- I added several LAN firewall rules to pass :
  1) LAN net to WAN1 net with no gateway
  2) LAN net to WAN2 net with no gateway
  3) LAN net to any with my failover gateway group (192.168.1.1 tier 1 and 192.168.5.1 tier 2)

And now I can ping and access the tv receiver (192.168.1.10) from my LAN

So I can now ping correctly my fiber box modem, my tv receiver from my LAN, but the 4G modem is still failing (can access it from a shell on pfsense but not from my LAN)

Offline riccio99

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
hi, i had a similar problem with another firewall (Dlink).

i added a protocol binding rule:
Service: HTTP
Local Gateway: the wan of the 4g modem
Source Networks: Any
Destination network: ip adress of the wan port of the 4g modem.

I hope it help you