* Howto access modem behind router
@ 2006-10-23 21:31 Victor Toni
2006-10-24 18:05 ` Victor Toni
0 siblings, 1 reply; 4+ messages in thread
From: Victor Toni @ 2006-10-23 21:31 UTC (permalink / raw)
To: netfilter
Hello,
I have one of these modems which is a router by itself. The modem is
configured to work in bridged mode.
Connected to the modem is a router which connects via pppoe via the
modem with my ISP.
|<---------- PPPOE link ------------->|
| | |======
ISP ======= bridged ================= WRT ========= PCs
modem | | | |======
| | |
|<- 169.254.1.x ->| |<-- 192.168.1.x -->>
The modem has a web interface and and telnet which I would like to
connect to from within the LAN but this doesn't seem to work.
I tried the instructions from:
http://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration
but this makes the modem only available from the router and not from the
LAN.
I have currently some trouble with my connection and would like to use a
tool to monitor the modem's error status but this fails due to the
configuration.
The modem has the static IP 169.254.1.1 and the router has the static
IPs 169.254.1.100 and 192.168.1.1.
I can ping "169.254.1.100" from any LAN machine on 192.168.1.0/24 but
that's it.
Any help is very much appreciated.
Kindest regards,
Victor
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Howto access modem behind router
2006-10-23 21:31 Howto access modem behind router Victor Toni
@ 2006-10-24 18:05 ` Victor Toni
2006-10-26 15:53 ` former03 | Baltasar Cevc
0 siblings, 1 reply; 4+ messages in thread
From: Victor Toni @ 2006-10-24 18:05 UTC (permalink / raw)
To: netfilter
Victor Toni wrote:
> Hello,
>
> I have one of these modems which is a router by itself. The modem is
> configured to work in bridged mode.
> Connected to the modem is a router which connects via pppoe via the
> modem with my ISP.
>
> |<---------- PPPOE link ------------->|
> | | |======
> ISP ======= bridged ================= WRT ========= PCs
> modem | | | |======
> | | |
> |<- 169.254.1.x ->| |<-- 192.168.1.x -->>
>
>
>
> The modem has a web interface and and telnet which I would like to
> connect to from within the LAN but this doesn't seem to work.
> I tried the instructions from:
> http://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration
> but this makes the modem only available from the router and not from the
> LAN.
> I have currently some trouble with my connection and would like to use a
> tool to monitor the modem's error status but this fails due to the
> configuration.
> The modem has the static IP 169.254.1.1 and the router has the static
> IPs 169.254.1.100 and 192.168.1.1.
> I can ping "169.254.1.100" from any LAN machine on 192.168.1.0/24 but
> that's it.
>
> Any help is very much appreciated.
>
Is there any additional information I could provide? I have really no
clue about iptables so I would rather have my firewall open or NAT not
working anymore after my experiments.
Victor
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Howto access modem behind router
2006-10-24 18:05 ` Victor Toni
@ 2006-10-26 15:53 ` former03 | Baltasar Cevc
2006-10-26 16:20 ` Victor Toni
0 siblings, 1 reply; 4+ messages in thread
From: former03 | Baltasar Cevc @ 2006-10-26 15:53 UTC (permalink / raw)
To: netfilter
Victor,
On 24.10.2006, at 20:05, Victor Toni wrote:
> Victor Toni wrote:
>> Hello,
>>
>> I have one of these modems which is a router by itself. The modem is
>> configured to work in bridged mode.
>> Connected to the modem is a router which connects via pppoe via the
>> modem with my ISP.
>>
>> |<---------- PPPOE link ------------->|
>> | | |======
>> ISP ======= bridged ================= WRT ========= PCs
>> modem | | | |======
>> | | |
>> |<- 169.254.1.x ->| |<-- 192.168.1.x -->>
>>
>>
>>
>> The modem has a web interface and and telnet which I would like to
>> connect to from within the LAN but this doesn't seem to work.
>> I have currently some trouble with my connection and would like to
>> use a
>> tool to monitor the modem's error status but this fails due to the
>> configuration.
>> The modem has the static IP 169.254.1.1 and the router has the static
>> IPs 169.254.1.100 and 192.168.1.1.
>> I can ping "169.254.1.100" from any LAN machine on 192.168.1.0/24 but
>> that's it.
You should provide the relevant rulesets (iptables -L -v;
iptables -L -v -t nat). If you can ping the modem from a client
in the LAN, the routing seems to be working, as well as the
NAT (if needed).
You'll probably have to add some rule to the forwarding filter; but
that's impossible to tell without knowing your current setup.
While I don't think that's the problem, just a little warning: the
IPs on the modem segment are from the linklocal net, and are not
meant to be routed - see RFC 3927: "[...]valid for communication
with other devices connected to the same physical (or logical) link".
Baltasar
_____ former 03 gmbh
_____ infanteriestrafle 19 haus 6 eg
_____ 80797 muenchen
_____ baltasar.cevc@former03.de
_____ www.former03.de
_____ fon 0941.206.6952
_____ fax 089.322112.11
_____ mobil 0176.232.20.822
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Howto access modem behind router
2006-10-26 15:53 ` former03 | Baltasar Cevc
@ 2006-10-26 16:20 ` Victor Toni
0 siblings, 0 replies; 4+ messages in thread
From: Victor Toni @ 2006-10-26 16:20 UTC (permalink / raw)
To: netfilter
former03 | Baltasar Cevc wrote:
> On 24.10.2006, at 20:05, Victor Toni wrote:
>> Victor Toni wrote:
>>> I have one of these modems which is a router by itself. The modem is
>>> configured to work in bridged mode.
>>> Connected to the modem is a router which connects via pppoe via the
>>> modem with my ISP.
>>>
>>> |<---------- PPPOE link ------------->|
>>> | | |======
>>> ISP ======= bridged ================= WRT ========= PCs
>>> modem | | | |======
>>> | | |
>>> |<- 169.254.1.x ->| |<-- 192.168.1.x -->>
>>>
>>>
>>>
>>> The modem has a web interface and and telnet which I would like to
>>> connect to from within the LAN but this doesn't seem to work.
Base on the article above I tried this:
/usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 169.254.0.0/16 -j
MASQUERADE
(as you seem to speak German, here is the German article which uses the
(seemingly) same config
http://wiki.mhilfe.de/index.php/Modem_%C3%BCber_Router_auslesen
)
>>> I have currently some trouble with my connection and would like to
>>> use a
>>> tool to monitor the modem's error status but this fails due to the
>>> configuration.
>>> The modem has the static IP 169.254.1.1 and the router has the static
>>> IPs 169.254.1.100 and 192.168.1.1.
>>> I can ping "169.254.1.100" from any LAN machine on 192.168.1.0/24 but
>>> that's it.
>
> You should provide the relevant rulesets (iptables -L -v;
> iptables -L -v -t nat). If you can ping the modem from a client
> in the LAN, the routing seems to be working, as well as the
> NAT (if needed).
> You'll probably have to add some rule to the forwarding filter; but
> that's impossible to tell without knowing your current setup.
>
> While I don't think that's the problem, just a little warning: the
> IPs on the modem segment are from the linklocal net, and are not
> meant to be routed - see RFC 3927: "[...]valid for communication
> with other devices connected to the same physical (or logical) link".
It seems that people got this to work with a config similar to mine
although I don't know exactly where it doesn't get through.
I can ping the modem from the router (WRT) but not from any other
machine. It can see the packet count go up in the router when I try to
ping the router from a LAN machine but that's it.
Below are the rulesets.
Thanks for your response.
Victor
--------------------------------------------------------------------------------------------------------------
~ # iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
51 4649 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- ppp0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0
0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:520
16 1101 DROP icmp -- ppp0 * 0.0.0.0/0
0.0.0.0/0
2 64 DROP 2 -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0 state NEW
3 324 logaccept all -- br0 * 0.0.0.0/0
0.0.0.0/0 state NEW
181 13713 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT 47 -- * ppp0 192.168.1.0/24
0.0.0.0/0
0 0 ACCEPT tcp -- * ppp0 192.168.1.0/24
0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT all -- br0 br0 0.0.0.0/0
0.0.0.0/0
0 0 logdrop all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
772 37084 TCPMSS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS
set 1452
38579 10M lan2wan all -- br0 * 0.0.0.0/0
0.0.0.0/0
73474 31M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
191 9339 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.13 tcp dpt:4662
51 3578 ACCEPT udp -- * * 0.0.0.0/0
192.168.1.13 udp dpt:4672
0 0 TRIGGER all -- ppp0 br0 0.0.0.0/0
0.0.0.0/0 TRIGGER type:in match:0 relate:0
4695 366K trigger_out all -- br0 * 0.0.0.0/0
0.0.0.0/0
4695 366K ACCEPT all -- br0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 54 packets, 11482 bytes)
pkts bytes target prot opt in out source
destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source
destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source
destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source
destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source
destination
Chain logaccept (1 references)
pkts bytes target prot opt in out source
destination
3 324 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logdrop (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source
destination
--------------------------------------------------------------------------------------------------------------
~ # iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 5306 packets, 370K bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT icmp -- * * 0.0.0.0/0
84.62.187.36 to:192.168.1.1
290 14143 DNAT tcp -- * * 0.0.0.0/0
84.62.187.36 tcp dpt:4662 to:192.168.1.13:4662
127 8421 DNAT udp -- * * 0.0.0.0/0
84.62.187.36 udp dpt:4672 to:192.168.1.13:4672
301 24403 TRIGGER all -- * * 0.0.0.0/0
84.62.187.36 TRIGGER type:dnat match:0 relate:0
Chain POSTROUTING (policy ACCEPT 417 packets, 22564 bytes)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * vlan1 0.0.0.0/0
169.254.0.0/16
5002 346K MASQUERADE all -- * ppp0 0.0.0.0/0
0.0.0.0/0
0 0 RETURN all -- * br0 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 MASQUERADE all -- * br0 192.168.1.0/24
192.168.1.0/24
Chain OUTPUT (policy ACCEPT 9 packets, 583 bytes)
pkts bytes target prot opt in out source
destination
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-10-26 16:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-23 21:31 Howto access modem behind router Victor Toni
2006-10-24 18:05 ` Victor Toni
2006-10-26 15:53 ` former03 | Baltasar Cevc
2006-10-26 16:20 ` Victor Toni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.