Re: cannot access modem's config interface from LAN

Stefan Monnier wrote:
I have an adsl modem connected to a linux box which acts as a router.
The router machine has three interfaces:
eth1: 192.168.1.2, connected to the modem
eth0: 192.168.0.1, the wired LAN (192.168.0.0/24) using a switch
ath0: 192.168.5.1, the wireless lan (192.168.5.0/24)

The modem's LAN ip address is 198.168.2.1. The modem is working in
bridge mode and when a connection is established, ppp0 is formed on the
router machine.

The iptables script that I have on the router machine does the
forwarding and nat. All works okay between the wired and wireless LAN
and the internet and also within the wired and wireless LAN.

The problem is that I can access the modem's web interface (on
192.168.2.1) only from the router machine and not from any other LAN
machine. Could somebody tell me what are the iptables rules needed to
make this happen?

I recently encountered the same situation.
See http://forum.openwrt.org/viewtopic.php?id=13307 for the
corresponding thread (my router is Linksys box running OpenWRT but
that shouldn't make much difference).

Basically, the problem is most likely that with a LAN machine wants to send
a packets to the modem, it correctly sends it to the router, which
correctly sends it to the modem but the modem then doesn't know how to
send it back because it doesn't know that it can reach 192.168.[05].NN
via your router. So you need to add a route on your modem.

I just tried this and it worked. In that modem, there are two networks,
192.168.1.0 and 192.168.2.0, for the wired and for the USB networks
respectively. I added the route:
Dest. Netmask NextHop IF Name RouteType RouteOrigin
192.168.0.0 255.255.255.0 192.168.1.2 eth-0 Indirect Local

And now it works.

If you can't or don't want to do that, you can instead use NAT
translation so your modem is triked into thinking that all connections
come from your router.

A rule like

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.2

I tried this first actually but it didn't work. I probably will look
into this further, since this is appears to be my preferred method.

thanks a ton,
->HS



on your router may do the trick. In my case it wasn't sufficient
because OpenWRT's default iptable config disallows patckets going from
(the equivalent of) eth0->eth1 (it only allows them to go from
eth0->ppp0), so I needed to add

iptables -A FORWARD -i eth0 -j ACCEPT

to get things to work.


Stefan
.

Relevant Pages

  • Re: cannot access modems config interface from LAN
    ... The router machine has three interfaces: ... 192.168.1.2, connected to the modem ... the wired LAN using a switch ...
    (comp.os.linux.networking)
  • Re: configuring ppp and lan
    ... No land line so I have acquired a usb gsm modem. ... For DNS you can use your gateway machine as the DNS server (again with ... use the router or your ISP's DNS servers for name resolution, ... On my LAN, my modem/gateway-router gets the DNS server's IP ...
    (Debian-User)
  • Re: One or two questions.
    ... If it does get an IP Address from a DHCP Server, ... & not the IP Address that it uses on the LAN? ... A Router, very specifically does ahve 2 IP Addresses? ... Which it gets from whatever it's connected to (a Cable or ADSL Modem ...
    (uk.people.silversurfers)
  • Re: Weird connection problem [ a bit long be patient; plz help ]
    ... > and the other is the IP of my modem) - when one of those interrupts occured ... > from my home computer through lan). ... Your ISP's router. ...
    (comp.os.linux.networking)
  • Re: cannot access modems config interface from LAN
    ... I have an adsl modem connected to a linux box which acts as a router. ... The router machine has three interfaces: ... the wired LAN using a switch ... router's eth1 address 192.168.1.2 are not in the same IP subnet. ...
    (comp.os.linux.networking)