How to access cable modem "in front of" firewall - Firewalls

This is a discussion on How to access cable modem "in front of" firewall - Firewalls ; Hello. I've got a cable modem with the standard 192.168.100.1 address for it's internal web server. I'd like to be able to access this for diagnostics but it's outside my firewall. Firewall is IPCop. Network looks like: Internet -> cable ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: How to access cable modem "in front of" firewall

  1. How to access cable modem "in front of" firewall

    Hello.
    I've got a cable modem with the standard 192.168.100.1 address for
    it's internal web server.
    I'd like to be able to access this for diagnostics but it's outside my
    firewall.

    Firewall is IPCop.

    Network looks like:

    Internet -> cable modem (with 192.168.100.1 IP for web interface) ->
    Red interface @ 68.x.x.x via DHCP -> IPCop @ 192.168.1.1 -> LAN pcs at
    192.168.1.x

    I can add a route to the cable modem through the Red interface

    route add -host 192.168.100.1 eth1

    I think this should get a PC on the Green interface to the cable modem
    but I think I need to open a hole in the firewall to let the traffic
    back through the firewall to my internal PC.

    Any help is greatly appreciated.
    Erik


  2. Re: How to access cable modem "in front of" firewall

    junk@shanesreef.com writes:

    > Hello.
    > I've got a cable modem with the standard 192.168.100.1 address for
    > it's internal web server.
    > I'd like to be able to access this for diagnostics but it's outside my
    > firewall.
    >
    > Firewall is IPCop.
    >
    > Network looks like:
    >
    > Internet -> cable modem (with 192.168.100.1 IP for web interface) ->
    > Red interface @ 68.x.x.x via DHCP -> IPCop @ 192.168.1.1 -> LAN pcs at
    > 192.168.1.x


    Your IP numbering choices have conspired against you. Since you've
    numbered your LAN as you have (assuming that you're using a 24 bit
    netmask of 255.255.255.0), the router won't get involved and send your
    traffic to the cable modem since 192.168.100.1 is on your local
    network as far as it's concerned.

    If you put your lan on any other subnet than 192.168.100.0/24 it
    should work just fine.

    192.168.10.0 netmask 255.255.255.0 for instance, for the LAN.


    I'm not sure if a static route added in the router device itself might
    be able to override that, but really it's cleaner to get your LAN ip
    range to be mutually exclusive to fix this issue.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  3. Re: How to access cable modem "in front of" firewall

    Thanks Todd.
    My LAN is on a different subnet (192.168.1.1, 255.255.255.0) from the
    cable modem (192.168.100.1)

    I'm pretty sure adding the "route add ..." will get me out of the
    firewall and to the modem (as opposed to "through" the modem to talk
    to the modem it will have be able to get back to me.

    I'm not sure how to make that part work.



    Todd H. wrote:
    > junk@shanesreef.com writes:
    >
    > > Hello.
    > > I've got a cable modem with the standard 192.168.100.1 address for
    > > it's internal web server.
    > > I'd like to be able to access this for diagnostics but it's outside my
    > > firewall.
    > >
    > > Firewall is IPCop.
    > >
    > > Network looks like:
    > >
    > > Internet -> cable modem (with 192.168.100.1 IP for web interface) ->
    > > Red interface @ 68.x.x.x via DHCP -> IPCop @ 192.168.1.1 -> LAN pcs at
    > > 192.168.1.x

    >
    > Your IP numbering choices have conspired against you. Since you've
    > numbered your LAN as you have (assuming that you're using a 24 bit
    > netmask of 255.255.255.0), the router won't get involved and send your
    > traffic to the cable modem since 192.168.100.1 is on your local
    > network as far as it's concerned.
    >
    > If you put your lan on any other subnet than 192.168.100.0/24 it
    > should work just fine.
    >
    > 192.168.10.0 netmask 255.255.255.0 for instance, for the LAN.
    >
    >
    > I'm not sure if a static route added in the router device itself might
    > be able to override that, but really it's cleaner to get your LAN ip
    > range to be mutually exclusive to fix this issue.
    >
    > Best Regards,
    > --
    > Todd H.
    > http://www.toddh.net/



  4. Re: How to access cable modem "in front of" firewall

    erik writes:

    > Thanks Todd.
    > My LAN is on a different subnet (192.168.1.1, 255.255.255.0) from the
    > cable modem (192.168.100.1)
    >
    > I'm pretty sure adding the "route add ..." will get me out of the
    > firewall and to the modem (as opposed to "through" the modem to talk
    > to the modem it will have be able to get back to me.
    >
    > I'm not sure how to make that part work.


    Are we dealing with a software or hardware firewall?

    Another issue possibly at play is that 192.168.100.1 being an RFC1918
    "private" address that shouldn't hit the internet, may not get routed
    by your router to the WAN interface. I imagine implementations of
    that egress filtering vary.

    Not being familiar with which firewall you're dealing with, I can't
    say more but to guess at that maybe being at play.

    There should be another IP by which you can talk to your cable modem.
    Check out the broadbandreports.com forums and see if anyone talking
    about your provider specifically might have it included in a post, or
    a procedure on how to figure it out.

    --
    Todd H.
    http://www.toddh.net/

  5. Re: How to access cable modem "in front of" firewall

    Got it. Pretty boring though.
    I spent all this time thinking about how to do it without ever trying
    it. Now that I'm home I gave it a try and without changing anything
    after the default install of IPCop I can view the modem's status page.

    I can reach 192.168.100.1 from 192.168.1.49 with a NM of
    255.255.255.0.
    Can't imagine how.

    Now I almost wish it didn't work so I could figure how to make it
    work.

    Thanks for the dialog anyway, Todd.


    Erik


    On Jul 20, 4:18 pm, comph...@toddh.net (Todd H.) wrote:
    > erik writes:
    > > Thanks Todd.
    > > My LAN is on a different subnet (192.168.1.1, 255.255.255.0) from the
    > > cable modem (192.168.100.1)

    >
    > > I'm pretty sure adding the "route add ..." will get me out of the
    > > firewall and to the modem (as opposed to "through" the modem to talk
    > > to the modem it will have be able to get back to me.

    >
    > > I'm not sure how to make that part work.

    >
    > Are we dealing with a software or hardware firewall?
    >
    > Another issue possibly at play is that 192.168.100.1 being an RFC1918
    > "private" address that shouldn't hit the internet, may not get routed
    > by your router to the WAN interface. I imagine implementations of
    > that egress filtering vary.
    >
    > Not being familiar with which firewall you're dealing with, I can't
    > say more but to guess at that maybe being at play.
    >
    > There should be another IP by which you can talk to your cable modem.
    > Check out the broadbandreports.com forums and see if anyone talking
    > about your provider specifically might have it included in a post, or
    > a procedure on how to figure it out.
    >
    > --
    > Todd H.http://www.toddh.net/




+ Reply to Thread