I’m trying to be able to access the web management screen for my cable modem… there’s no visible signs of configuration, but there is plenty of useful status information. Unfortunately, it seems the IP can not be changed for accessing this, it’s 192.168.100.1 (SM 255.255.255.0 I presume).
Unfortunately 192.168.100.0/24 is already in use on one of the RouterBoard NICs, and it will be quite a job to change it all to a different range, particularly as it seems all I can do with the cable modem is view it’s web pages.
Logically the options are:
Option 1, I give up on trying to access it.
Option 2, I have to alter my 192.168.100.0/24 to something else.
Neither I fancy, so I’m posting here for an option 3. Could I somehow map say… 192.168.99.1 (which isn’t in use anywhere on my networks) to 192.168.100.1 on the specific ethernet port? I tried doing a static arp for 192.168.99.1 for it’s mac address, and giving the RB an IP on that ethernet port of 192.168.99.254 but that didn’t work… any ideas or am I stuck?
ive tried this in the past, seems like the cable modem is looking at TTL 1 hop or something as well.. never got it working reliably or at all really. maybe you can route that single /32 out the modem interface and it will work though.
Well, the first problem is clients in that LAN portion won’t even go to the RB as they expect to find it in their local subnet.
Hence, why I think I need to somehow use 192.168.99.1 and have the RB do some magic to convert that to the 192.168.100.1 on the cable ethernet port, but not upsetting the 192.168.100.0/24 on another ethernet port.
Like you said, it might also be doing some other funny checking.. this really seems excessive locking down.
The problem with simple NAT is that once the router translates 192.168.99.1 back to 192.168.100.1 it’ll look for it in the directly connected network.
I believe that with the routing-test package you can get route notations that imply an interface directly. If you can find details on that you could use a mangle chain in front of dst-nat and mark packets to 192.168.99.1 with a routing-mark, NAT it back to 192.168.100.1 but have a route for that routing-mark pointing out the correct interface. I don’t use routing-test so I don’t have many details.
Of course this wouldn’t fix any other issues such as TTL, but if the cable modem only replies to TTL=1 packets you could certainly also use the mangle chain with a ‘change-ttl’ action to rewrite to whatever TTL the modem expects (probably +1 since the router will decrement once it forwards).
fewi sounds interesting, unfortunately mangling is new to me and I’m not confident making them from scratch, wiki examples have been a big help getting my RB working at all.
Any more info or examples would be great.
Update: Ah, routing-test is a 3.30 package right? My RB is 4.3
changeip, I don’t believe 192.168.100.1 is in use, but the problem is anything in that range won’t even go to the RB so anything set on it won’t help… plus it has a 0 route for the directly connected Ethernet port… well basically what fewi said are the problems.
If you aren’t using 192.168.100.1 you can use a specific /32 route like changeip said. The /0 route or the directly connected /24 route are less specific and the /32 would be chosen instead.
It also turns out routing-test for 3.30 is already in standard routing in 4.3, but you don’t need that syntax thinking about it so ignore I mentioned it.
If you simply dst-nat 192.168.99.1 to 192.168.100.1 and have a specific /32 for 192.168.100.1 pointing out the right interface things should work for you.
To change the TTL (if necessary), do something like this to set the TTL to two before any routing. Routing then decreases the TTL to 1:
Hmm.. tried that.. it’s not working, using packet sniffer, looks like it’s trying to go out the cable ethernet port instead of the lan ethernet port for the client that originally tried to connect (192.168.100.50 for example) and I see in the arp a new dynamic entry for this IP on the cable ethernet… interesting almost anything on the cable ethernet has the same mac… must be how cable modems route or something.
Checking my rules, and maybe need to ensure it doesn’t go over the cable eth to reply to the lan client… another mangle? Bit hard as client IP can vary of course… will keep trying.
in etherLan srcip 192.168.100.50 dstip 192.168.99.1
out etherCable srcip dstip 192.168.100.1
in etherCable srcip 192.168.100.1 dstip
out etherCable srcip 192.168.99.1 dstip 192.168.100.50 dstmac <not the same mac as 192.168.100.50 should have, instead looks like the MAC that every ip on the etherCable connection gets.
Tht’s last out should be etherLan and go to 192.168.100.50, but it’s not, instead it’s going out the etherCable, and I presume trying to find 192.168.100.50 over the Cable internet connection even.
As I thought, was because of my mangle, mark parket, mark routing rules for ensuring things that come in on a connection go back out that connection, had to exclude for 192.168.100.1
I can now reach it via 192.168.99.1, yipee!
Hmm.. maybe spoke too soon… seems a bit “hit and miss” connecting to it… get time outs, but sometimes get a page up… weird.
Hmm.. would really like to get to the bottom of this one.
Using Packet Sniffer in the RB, I notice the connection from the RB to the VM Cable modem…
however, when the page times out, nothing comes back in that interface.
When the page DOES load, I notice it’s coming from a different source mac address then the dst mac address I used to the router…
When connecting a PC directly, I made a note of what the cable modem’s mac address was for 192.168.100.1, I then made it a static entry in ARP for that ether port.
I’ve also tried this with this static entry disabled/removed, but think that just makes it worse, might be mistaken and it’s the same, but doens’t seem like it.
Changing the TTL doesn’t seem to make any difference, when it works, TTLs seem to be 64 out and 64 in… shrugs.
Can’t seem to figure out why it loads sometimes, but mostly times out… what a weird modem this thing is!
