1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to access the modem on the WAN port via the LAN/WLAN?

Discussion in 'Tomato Firmware' started by lanmtl, Feb 14, 2010.

  1. lanmtl

    lanmtl Addicted to LI Member

    In my attempts to tackle down this weird reconnection issue, I would like to be able to access the modem via the LAN/WLAN. I found a post about that in the sticky topics list but it doesn't work.

    Here is the setup:
    Code:
    MODEM        |___ethernet WAN port___| Router       |______clients over
    192.168.0.3  |                       |192.168.1.254 |        WLAN/LAN
    
    How can I make this happen?

    I tried this:
    Code:
    init: ip addr add 192.168.0.2/24 dev vlan1 brd +
    firewall: iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/24 -j MASQUERADE
    Thanks for your help :flowers:


    --edit: The solution is to use the nvram variables so that it will work on any router (kudos to Beast and Toastman):
    Code:
    init: ip addr add 192.168.0.13/24 dev $(nvram get wan_ifname) brd +
    firewall: iptables -I POSTROUTING -t nat -o $(nvram get wan_ifname) -d 192.168.0.0/24 -j MASQUERADE
     
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Looks fine. This works for me sometimes, sometimes not. Depends on the modem. You might try a small delay in the init section before the script runs. Probably won't help, but ...

    e.g.

    sleep 5
    ip addr add 192.168.0.13/24 dev vlan1 brd + #Assign address to vlan1
     
  3. lanmtl

    lanmtl Addicted to LI Member

    :( doesn't work
    oh well. thanks anyway!
     
  4. Beast

    Beast Network Guru Member

    Hi

    depending on your router the interface may have diff name. My WRT54G uses vlan1 and my wrtsl54gs uses eth1.

    Try using eth1 for the interface name.
     
  5. lanmtl

    lanmtl Addicted to LI Member

    it turns out the modem was actually 192.168.0.1
    I use vlan1 but when I enter the modem's IP I get into the router's config.
    I will try the other intf
     
  6. Beast

    Beast Network Guru Member

    turns out the modem was actually 192.168.0.1


    Try this in your firewall section.

    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/24 -j MASQUERADE


    Also leave the line in the int section the way you had it. (192.168.0.2/24)
    It just adds a second ip to the wan interface and should be in the same subnet as the modem.
     
  7. myersw

    myersw Network Guru Member

    Update if using a Asus RT-N16 router with teddy_bear tomato and accessing bridged modem interface. The first issue is the interface to use is vlan2, different then any other examples I have found. My setup is Zoom 5615 modem in bridge mode, IP address 10.0.0.2. Router is default IP address of 192.168.1.1. I applied these two scripts and can access the modem interface through browser.
    Two scripts:

    Init script:
    sleep 10
    ip addr add 10.0.0.3/30 dev vlan2 brd +

    Firewall script:
    iptables -I POSTROUTING -t nat -o vlan2 -d 10.0.0.0/30 -j MASQUERADE

    Hope this helps someone else.
    --bill
     
  8. Toastman

    Toastman Super Moderator Staff Member Member

    lanmtl, if when you enter the modem IP you get to the router GUI, then something is still wrong. It looks like 192.168.0.1 has been set as a port address on the router.

    Let's recap:

    1) The init script must assign an IP in the same range as the modem and different to the router's VLAN1 port. In your case - init: ip addr add 192.168.0.14/24 dev vlan1 brd +

    You can see clearly that .14 is not used anywhere else.

    2) Now you must set a route so that anything in the same subnet will be passed to the vlan1 - firewall: iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/24 -j MASQUERADE

    Now if you enter 192.168.0.1 in your browser, it *should* be routed to your modem.

    As I said, for me this doesn't work for all modems, even if that modem will reply quite nicely when the PC is plugged in directly. If anyone knows why, I'm curious.

    myersw - thanks for that tip! Still doesn't work though ... this modem is unsociable !
     
  9. lanmtl

    lanmtl Addicted to LI Member

    Well I tried eth0, eth1, vlan0, vlan1 and I either dont get any reply (timeout) or I get on the Tomato config page when I enter the modem's IP. I never get into the modem GUI.
     
  10. Toastman

    Toastman Super Moderator Staff Member Member

    Take a look at your routing table in ADVANCED section - you should be able to see the route exists - route for 192.168.0.1 is to vlan1

    e.g. from my WRT54GL:

    Current Routing Table

    Destination Gateway Subnet Mask Metric Interface
    124.120.187.1 * 255.255.255.255 0 ppp0
    192.168.1.0 * 255.255.255.0 0 br0 (LAN)
    192.168.0.0 * 255.255.255.0 0 vlan1 (WAN)
    127.0.0.0 * 255.0.0.0 0 lo
    default 124.120.187.1 0.0.0.0 0 ppp0
     
  11. Beast

    Beast Network Guru Member

    Hi
    As Toastman pointed out your should see the route under advanced.
    IF you dont see it, it wasn't inserted.
    I had the same problem, until i added ( /usr/sbin/ ) this.

    You have this ---- iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/24 -j MASQUERADE

    Try this --- /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/24 -j MASQUERADE

    That fixed it for me, after doing this the route was indeed inserted and displayed under advanced.
     
  12. Toastman

    Toastman Super Moderator Staff Member Member

    It may be the modem that just doesn't play ball. I have a collection of different models from several manufacturers, I would say about half of them do not respond. Just changing the modem to another works. It does puzzle me why, but I don't worry about it!

    BTW - if your router replies instead of your modem, then something on your router is using that address. That needs fixing.
     
  13. mstombs

    mstombs Network Guru Member

    We should change the general advice for the firewall command to

    Code:
    /usr/sbin/iptables -I POSTROUTING -t nat -o $(nvram get wan_iface) -d 192.168.0.0/24 -j MASQUERADE
    to look-up the name of the wan interface as different routers use vlan1, eth1 and vlan2
     
  14. Toastman

    Toastman Super Moderator Staff Member Member

    That is a great idea...
     
  15. lanmtl

    lanmtl Addicted to LI Member

    ah, that looks very clean! I will try this when I get the chance and report back :)
     
  16. lanmtl

    lanmtl Addicted to LI Member

    well I used $(nvram get wan_iface) in both the init statement and the firewall statement.
    In the advanced routing I have that:
    Code:
    206.248.154.104	*	255.255.255.255	0	ppp0
    192.168.1.0	*	255.255.255.0	0	br0 (LAN)
    192.168.0.0	*	255.255.255.0	0	ppp0
    127.0.0.0	*	255.0.0.0	0	lo
    default	206.248.154.104	0.0.0.0	0	ppp0
    what is 206.248.154.104 by the way?
     
  17. myersw

    myersw Network Guru Member

    That would be your IP address from your ISP? this is the IP you are known by from the Internet.
    You can see what your IP address is by going to http://www.whatismyip.com/
     
  18. Beast

    Beast Network Guru Member

    Im no linux gru, but i looked through my nvram.

    Should--- get wan_iface be---- get wan_ifname.
     
  19. Toastman

    Toastman Super Moderator Staff Member Member

    Yes, that's better! These scripts work here:

    init: ip addr add 192.168.0.13/24 dev $(nvram get wan_ifname) brd +
    firewall: iptables -I POSTROUTING -t nat -o $(nvram get wan_ifname) -d 192.168.0.0/24 -j MASQUERADE

    Thanks to both for this - now we can use the same lines for different router models such as the ASUS RT-N16 !
     
  20. myersw

    myersw Network Guru Member

    Just tried the suggested change to the scripts, using $(nvram get wan_ifname) in place of vlan1, vlan2, etc.
    Works like a charm on my RT-N16.
    Thanks for the idea.
    --bill
     
  21. mstombs

    mstombs Network Guru Member

    I confirm that will also work on a WRT54G-TM with teddy_bear's Linux 2.6 - but I wonder if this means I didn't reset the nvram to thorough defaults - seem to have a fair bit of duplication here:-

    Code:
    root@unknown:/tmp/home/root# nvram find vlan1
    vlan1hwname=et0
    vlan1ports=4 5
    wan_iface=vlan1
    wan_ifname=vlan1
    wan_ifnameX=vlan1
    wan_ifnames=vlan1
     
  22. Toastman

    Toastman Super Moderator Staff Member Member

    Perhaps, but I have the same sort of thing on WRT54GL, ASUS 5400GP v2, and RT-N16

    Some sort of legacy ... a lot of NVRAM settings look like they aren't used.
     
  23. lanmtl

    lanmtl Addicted to LI Member

    That's what is interesting, it's not my IP (I checked it)
    After googling, it seems it's my ISP's new router.
     
  24. lanmtl

    lanmtl Addicted to LI Member

    It works here too, thanks!
     
  25. Beast

    Beast Network Guru Member

    I use wrtsl54gs v1 and it looks like this

    wan_iface=ppp0
    wan_ifname=eth1
    wan_ifnameX=eth1
    wan_ifnames=eth1
     
  26. HKPolice

    HKPolice LI Guru Member

    This doesn't work on the RT-N16 when the modem's IP is 10.0.0.138

    I tried replacing the IPs with 10.0.0.138/24 and 10.0.0.10/24, nothing works :(
     
  27. Beast

    Beast Network Guru Member

    Hi

    Try replacing the IPs with 10.0.0.2/24 and 10.0.0.0/24.

    I'm no expert, but this works with my speed stream which lives at 10.0.0.254
     
  28. spikes

    spikes Networkin' Nut Member

    I can't get this to work on my Asus RT-N16 running tomato-K26USB-1.27.9046MIPSR2-beta14-Ext. My modem's IP is 192.168.1.1. I have the following script on the RT-N16:

    Init: ip addr add 192.168.1.13/24 dev $(nvram get wan_ifname) brd +
    Firewall: iptables -I POSTROUTING -t nat -o $(nvram get wan_ifname) -d 192.168.1.0/24 -j MASQUERADE

    My routing table doesn't show the 192.168.1.0 entry. I also have an Asus 520gu running tomato-NDUSB-1.27.8746-Ext and the script works fine on that one. What am I missing here?
     
  29. mstombs

    mstombs Network Guru Member

    Try a 5 or 10 sleep before the command in init script, it may be too early in boot process?
     
  30. spikes

    spikes Networkin' Nut Member

    Thanks! That worked. Added "sleep 5" before the command in the init script. The entry shows up in the routing table and I can access the modem now.
     
  31. Azuse

    Azuse LI Guru Member

    ip addr add 192.168.1.1/24 dev vlan1 brd +
    iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.1.0/24 -j MASQUERADE

    Single firewall script, change ip as needed. Why do people over-complicate these things :rolleyes:
     
  32. mstombs

    mstombs Network Guru Member


    not all routers use vlan1 ...
    WRT54SLGS is eth1?, RT-N16 is vlan2

    Do you need both in init to be able to access modem before the DSL syncs?
     
  33. myersw

    myersw Network Guru Member

    There is a more generic set of commands that work on various routers.
    They use a varible in place of the specific vlan1 or vlan2 or what ever;
    Use these two. The IP address happens to be my modem, substitute your values. This has been answered many times.

    ip addr add 10.0.0.3/30 dev $(nvram get wan_ifname) brd +

    iptables -I POSTROUTING -t nat -o $(nvram get wan_ifname) -d 10.0.0.0/30 -j MASQUERADE

    --bill
     
  34. myersw

    myersw Network Guru Member

    These two commands work with the Asus firmware as well as Tomato. Difference is with Tomato you can setup the commands in a script where with the Asus firmware you need to telnet to the router and do the two commands.
     
  35. HorseCalledHorse

    HorseCalledHorse Addicted to LI Member

    Just wanted to chip in and say thanks to everyone who contributed to this thread. I just grabbed a WRT160n v3 and loaded up Tomato (thanks to Teddy Bear) and couldn't figure out why I wasn't able to access my modem (a Speedtouch). What worked for me was adding the "sleep 5" command at the init stage. After that it was smooth sailing.
    So, for anyone else with a WRT160n v3, "sleep 5" will do the trick.
     

Share This Page