1. Home
  2. Networking Firewalls
  3. How to access cable modem "in front of" firewall

How to access cable modem "in front of" firewall

Hello. I've got a cable modem with the standard 192.168.100.1 address for it's internal web server. I'd like to be able to access this for diagnostics but it's outside my firewall.

Firewall is IPCop.

Network looks like:

Internet -> cable modem (with 192.168.100.1 IP for web interface) ->

Red interface @ 68.x.x.x via DHCP -> IPCop @ 192.168.1.1 -> LAN pcs at

192.168.1.x

I can add a route to the cable modem through the Red interface

route add -host 192.168.100.1 eth1

I think this should get a PC on the Green interface to the cable modem but I think I need to open a hole in the firewall to let the traffic back through the firewall to my internal PC.

Any help is greatly appreciated. Erik

Reply to
junk
Loading thread data ...

Your IP numbering choices have conspired against you. Since you've numbered your LAN as you have (assuming that you're using a 24 bit netmask of 255.255.255.0), the router won't get involved and send your traffic to the cable modem since 192.168.100.1 is on your local network as far as it's concerned.

If you put your lan on any other subnet than 192.168.100.0/24 it should work just fine.

192.168.10.0 netmask 255.255.255.0 for instance, for the LAN.

I'm not sure if a static route added in the router device itself might be able to override that, but really it's cleaner to get your LAN ip range to be mutually exclusive to fix this issue.

Best Regards,

Reply to
Todd H.

Thanks Todd. My LAN is on a different subnet (192.168.1.1, 255.255.255.0) from the cable modem (192.168.100.1)

I'm pretty sure adding the "route add ..." will get me out of the firewall and to the modem (as opposed to "through" the modem to talk to the modem it will have be able to get back to me.

I'm not sure how to make that part work.

Todd H. wrote:

Reply to
erik

Are we dealing with a software or hardware firewall?

Another issue possibly at play is that 192.168.100.1 being an RFC1918 "private" address that shouldn't hit the internet, may not get routed by your router to the WAN interface. I imagine implementations of that egress filtering vary.

Not being familiar with which firewall you're dealing with, I can't say more but to guess at that maybe being at play.

There should be another IP by which you can talk to your cable modem. Check out the broadbandreports.com forums and see if anyone talking about your provider specifically might have it included in a post, or a procedure on how to figure it out.

Reply to
Todd H.

Got it. Pretty boring though. I spent all this time thinking about how to do it without ever trying it. Now that I'm home I gave it a try and without changing anything after the default install of IPCop I can view the modem's status page.

I can reach 192.168.100.1 from 192.168.1.49 with a NM of

255.255.255.0. Can't imagine how.

Now I almost wish it didn't work so I could figure how to make it work.

Thanks for the dialog anyway, Todd.

Erik

Reply to
erik

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.