Modem mgmt interface access

**mikeyscott** · 01-05-2022, 11:29 AM

I've done this before with pfsense, but trying to do it with Untangle. I've got a Draytek ADSL Modem that is in bridge modem and I'm trying to expose it's management interface from Untangle.

I've added an alias to the WAN interface within the same IP subnet as the Draytek 192.168.2.0/24 subnet.

I can ping the device from Untangle when that's configured, but can't access it from the internal LAN. I can see a route has been added to the routing table, but still can't access it.

My last thought it to look at NAT / port forwarding areas relating to this, but anyone else running v16.x and successfully got the above config working?

I've seen previous posts for older versions of Untangle and the posts are locked too.

**dashpuppy** · 01-05-2022, 11:59 AM

Um, if it is in bridge mode then how are you getting a 192 address ? Bridge mode should give you a WAN address on your Wan port.

**mikeyscott** · 01-05-2022, 12:03 PM

Originally Posted by dashpuppy

Um, if it is in bridge mode then how are you getting a 192 address ? Bridge mode should give you a WAN address on your Wan port.

I have a WAN address on the PPOE interface, but the modem still has an active interface on 192.168.1.2, which I can access if plug into the same switch etc.

**sky-knight** · 01-05-2022, 12:27 PM

The problem with this stuff is you're having to guess how the firewall on the modem is configured, some of them are quite picky.

I'd start by bypassing traffic destined to the IP of the modem to get any layer 7 filters out of the way, and follow that up with a custom NAT policy to ensure all traffic destined to the WAN interface in question, and destined to the IP of the modem, is manually translated to the 192 address on the WAN.

**jcoffin** · 01-05-2022, 12:33 PM

Add an IP alias to the WAN in the same range as the modem management (192.168.2.2? guessing). Check that the alias does not conflict with existing IP ranges on your NGFW. Once saved, you should be able to access the modem management interface from the LAN

**mikeyscott** · 01-05-2022, 12:53 PM

Originally Posted by jcoffin

Add an IP alias to the WAN in the same range as the modem management (192.168.2.2? guessing). Check that the alias does not conflict with existing IP ranges on your NGFW. Once saved, you should be able to access the modem management interface from the LAN

Not able to, but I can ping it from Untangle FW following that change. I had that configured before posting here and thought what am I missing etc.

I'll have a dig around on both devices.

**jcoffin** · 01-05-2022, 01:08 PM

Either there is a route for that network already present or the modem limits connects to direct networks (no NAT).

**mikeyscott** · 01-05-2022, 02:14 PM

Originally Posted by jcoffin

Either there is a route for that network already present or the modem limits connects to direct networks (no NAT).

Can't find any restrictions on the modem and I didn't have to make changes with pfsense, but the pfsense process is different. 192.168. is not in use on this network.

**donhwyo** · 01-05-2022, 02:20 PM

There is a "filter rule" "Block outbound traffic to 192.168.0.0/16 (RFC1918)". Is it enabled enabled?

**sky-knight** · 01-05-2022, 02:52 PM

Originally Posted by mikeyscott

Can't find any restrictions on the modem and I didn't have to make changes with pfsense, but the pfsense process is different. 192.168. is not in use on this network.

You won't see the restrictions, they're always hidden and hard coded if they exist.

And, just like PFSense it should "just work". The most I've had to do is make the alias as you've suggested, because the WAN interface NAT's by default.

So once again I'm back to suggesting a bypass rule, because the only think I can think if is one of your apps filtering it.

Thread: Modem mgmt interface access

LinkBack

Thread Tools

Modem mgmt interface access

Posting Permissions