Re: cannot access modem's config interface from LAN

Stefan Monnier wrote:
I have an adsl modem connected to a linux box which acts as a router.
The router machine has three interfaces:
eth1: 192.168.1.2, connected to the modem
eth0: 192.168.0.1, the wired LAN (192.168.0.0/24) using a switch
ath0: 192.168.5.1, the wireless lan (192.168.5.0/24)

The modem's LAN ip address is 198.168.2.1. The modem is working in
bridge mode and when a connection is established, ppp0 is formed on the
router machine.

The iptables script that I have on the router machine does the
forwarding and nat. All works okay between the wired and wireless LAN
and the internet and also within the wired and wireless LAN.

The problem is that I can access the modem's web interface (on
192.168.2.1) only from the router machine and not from any other LAN
machine. Could somebody tell me what are the iptables rules needed to
make this happen?

I recently encountered the same situation.
See http://forum.openwrt.org/viewtopic.php?id=13307 for the
corresponding thread (my router is Linksys box running OpenWRT but
that shouldn't make much difference).

Basically, the problem is most likely that with a LAN machine wants to send
a packets to the modem, it correctly sends it to the router, which
correctly sends it to the modem but the modem then doesn't know how to
send it back because it doesn't know that it can reach 192.168.[05].NN
via your router. So you need to add a route on your modem.

I replied earlier that the approach you gave below worked. But I was
playing around with telnet on the modem and realized that the packets
originating on the modem and destined for 192.168.[05].n will not be
sent by the modem since it doesn't know what to do with that traffic (it
knows only about 192.168.1.0 and 192.168.2.0 networks which are its LAN
and USB networks). Am I correct? For this to work, the above method will
have to used, right?

thanks,
->HS


If you can't or don't want to do that, you can instead use NAT
translation so your modem is triked into thinking that all connections
come from your router.

A rule like

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.2

on your router may do the trick. In my case it wasn't sufficient
because OpenWRT's default iptable config disallows patckets going from
(the equivalent of) eth0->eth1 (it only allows them to go from
eth0->ppp0), so I needed to add

iptables -A FORWARD -i eth0 -j ACCEPT

to get things to work.

Stefan
.

Relevant Pages

  • Re: cannot access modems config interface from LAN
    ... The router machine has three interfaces: ... 192.168.1.2, connected to the modem ... the wired LAN using a switch ...
    (comp.os.linux.networking)
  • Re: configuring ppp and lan
    ... No land line so I have acquired a usb gsm modem. ... For DNS you can use your gateway machine as the DNS server (again with ... use the router or your ISP's DNS servers for name resolution, ... On my LAN, my modem/gateway-router gets the DNS server's IP ...
    (Debian-User)
  • Re: One or two questions.
    ... If it does get an IP Address from a DHCP Server, ... & not the IP Address that it uses on the LAN? ... A Router, very specifically does ahve 2 IP Addresses? ... Which it gets from whatever it's connected to (a Cable or ADSL Modem ...
    (uk.people.silversurfers)
  • Re: Weird connection problem [ a bit long be patient; plz help ]
    ... > and the other is the IP of my modem) - when one of those interrupts occured ... > from my home computer through lan). ... Your ISP's router. ...
    (comp.os.linux.networking)
  • Re: cannot access modems config interface from LAN
    ... I have an adsl modem connected to a linux box which acts as a router. ... The router machine has three interfaces: ... the wired LAN using a switch ... router's eth1 address 192.168.1.2 are not in the same IP subnet. ...
    (comp.os.linux.networking)