Help with Routing/Access to CableModem admin UI from LAN thru TP-link -> DMZ Router ?
Hi all,
I'm connected to the Internet via a Xfinity Internet connection, through a Motorola Cable Modem.
Traffic passes to my TP-LINK AX3000/AX55 router.
It's set-up for IP passthrough to a linux router in the DMZ.
The linux router connects through a managed Ethernet switch to my LAN.
All connections work, in-bound & out-bound, both to external & LAN sites/devices.
EXCEPT for one -- I can't access the CableModem UI from my desktop on my LAN.
I think I need a static route (routes?) somewhere.
I don't know where to set it, or what to set it to.
I'd appreciate any help finishing this setup so I can access my CableModem admin UI!
Thanks!
Kelly T
My network config is:
INTERNET
|
|
|--------------------
| XFINITY MODEM
| ext IP: XX.YY.141.7
| int IP: 192.168.100.1
|--------------------
|
|
|--------------------
| TP-LINK AX3000/AX55 ROUTER
| Internet:
| Status: Connected
| Internet Connection Type: Dynamic IP
| IP Address: XX.YY.141.7
| Subnet Mask: 255.255.248.0
| Default Gateway: XX.YY.140.1
| Primary DNS: 1.1.1.1
| Secondary DNS: 1.0.0.1
| LAN
| MAC Address: XX-XX-XX-XX-XX-XX
| IP Address: 192.168.0.1
| Subnet Mask: 255.255.255.0
| DHCP Server: Enabled
| IP Address Pool: 192.168.0.2-192.168.0.249
| DMZ
| [X] Enable
| DMZ Host IP Address: 192.168.0.100
|--------------------
|
|
|--------------------
| LINUX ROUTER
| ext IP: 192.168.0.100/24
| int IP (LAN): 10.11.12.100/24
|--------------------
|
|
|--------------------
| MANAGED ETHERNET SWITCH
|--------------------
|
|--------------------
| DESKTOP
| IP (LAN): 10.11.12.15/24
|--------------------
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I tried that.
No change. Still no access.
I'm not surprised though, since the Modem UI IP and my desktop LAN IP are not on that segment anyway.
Unless just changing the IP like you suggested "auto-magically" changes some routing I don't see what it would do.
Still plugging away at it here.
- Kelly T
- Copy Link
- Report Inappropriate Content
Quick questions...
1. Is the Linux router external IP a static IP address or a reserved one from the AX55 DHCP server? Static IPs should not fall within the DHCP scope.
2. What is the linux router's default gateway on the external IP connection?
3. Is the modem in a bridge mode? I am assuming that it is by the AX55's internet IP address.
Typically, private IP addresses are not routed out to the internet. I would try placing a static route in the AX55 for the 192.168.100.0/24 network, routing it to the modem (xx.yy.140.1).
- Copy Link
- Report Inappropriate Content
@jra11500
> 1. Is the Linux router external IP a static IP address or a reserved one from the AX55 DHCP server? Static IPs should not fall within the DHCP scope.
It's statically assigned to the AX's explicitly assigned DMZ address.
@ the AX55
Advanced -> Network -> LAN
IP Addr: 192.168.0.1
Subnet: 255.255.255.0
Advanced -> NAT Forwarding -> DMZ
DMZ: [X] Enable
DMS Host IP Address: 192.168.0.100
Advanced -> NAT Forwarding -> DMZ -> View Connected Devices
core
192.168.0.100 XX-XX-XX-XX-XX-XX
@ the linux router, IPv4 -> static, IPv6 -> DHCP
cat /etc/systemd/network/wan.network
[Match]
Name=enp5s0
[Network]
IPForward=ipv4
DHCP=ipv6
IPv6PrivacyExtensions=kernel
IPv6AcceptRA=1
IPv6SendRA=0
IPv6DuplicateAddressDetection=1
[Address]
Address=192.168.0.100/24
[Route]
Gateway=192.168.0.1
[IPv6AcceptRA]
UseGateway=yes
UseRoutePrefix=yes
DHCPv6Client=always
[DHCPServer]
ServerAddress=192.168.0.1/32
ip -4 addr show enp5s0
3: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.0.100/24 brd 192.168.0.255 scope global enp5s0
valid_lft forever preferred_lft forever
> 2. What is the linux router's default gateway on the external IP connection?
From the above config,
Gateway=192.168.0.1
And checking,
ip -4 route show dev enp5s0
192.168.0.0/24 proto kernel scope link src 192.168.0.100
192.168.0.1 scope link src 192.168.0.100
ip route get 1.1.1.1
1.1.1.1 via 192.168.0.1 dev enp5s0 table balance src 192.168.0.100 uid 0
ip route get 192.168.0.1
192.168.0.1 dev enp5s0 src 192.168.0.100 uid 0
ip route get 192.168.100.1
192.168.100.1 via 192.168.0.1 dev enp5s0 table balance src 192.168.0.100 uid 0
> Is the modem in a bridge mode? I am assuming that it is by the AX55's internet IP address.
The modem's a Motorola MB6811 cable. No switch, no router -- modem only.
It's inherently in 'bridge mode'.
So, yes.
> Typically, private IP addresses are not routed out to the internet. I would try placing a static route in the AX55 for the 192.168.100.0/24 network, routing it to the modem (xx.yy.140.1).
@ the AX55
Advanced -> Network -> Status
Internet Connection Type: Dynamic IP
IP Address: XX.YY.141.7
Subnet Mask: 255.255.248.0
Default Gateway: XX.YY.140.1
Advanced -> Network -> Routing -> Static Routing
Network Destination: 192.168.100.0
Subnet Mask: 255.255.255.0
Default Gateway: XX.YY.140.1
Interface: WAN
Status: [X]
from the Linux Router,
mtr -wr -c 1 192.168.100.1
Start: 2024-04-22T07:56:28-0400
HOST: router.my.lan Loss% Snt Last Avg Best Wrst StDev
1. AS??? 192.168.0.1 0.0% 1 1.0 1.0 1.0 1.0 0.0
2. AS??? 192.168.100.1 0.0% 1 2.8 2.8 2.8 2.8 0.0
from my LAN Desktop
mtr -wr -c 1 192.168.100.1
Start: 2024-04-22T07:57:46-0400
HOST: desktop.my.lan Loss% Snt Last Avg Best Wrst StDev
1. AS??? router.my.lan (10.11.12.100) 0.0% 1 0.5 0.5 0.5 0.5 0.0
2. AS??? tplinkwifi.net (192.168.0.1) 0.0% 1 1.3 1.3 1.3 1.3 0.0
3. AS??? 192.168.100.1 0.0% 1 3.4 3.4 3.4 3.4 0.0
still no Modem Web UI accessible,
netcat -v -z -n -w 1 192.168.100.1 80
netcat: connect to 192.168.100.1 port 80 (tcp) failed: Connection timed out
netcat -v -z -n -w 1 192.168.100.1 443
netcat: connect to 192.168.100.1 port 443 (tcp) failed: Connection timed out
And,
tcpdump @ Linux Router external interface,
tcpdump -i enp5s0 host 192.168.100.1
On exec @ Linux Router shell of
(1) netcat -v -z -n -w 1 192.168.100.1 80
08:58:57.787848 IP 192.168.0.100.56048 > 192.168.100.1.http: Flags [S], seq 2776816612, win 21900, options [mss 1460,sackOK,TS val 878818965 ecr 0,nop,wscale 9], length 0
(2) netcat -v -z -n -w 1 192.168.100.1 443
08:59:08.881850 IP 192.168.0.100.50814 > 192.168.100.1.https: Flags [S], seq 4268570074, win 21900, options [mss 1460,sackOK,TS val 878830059 ecr 0,nop,wscale 9], length 0
(3) mtr -wr -c 1 192.168.100.1
08:59:25.789842 IP 192.168.0.100 > 192.168.100.1: ICMP echo request, id 56286, seq 33000, length 64
08:59:25.889825 IP 192.168.0.100 > 192.168.100.1: ICMP echo request, id 56286, seq 33001, length 64
08:59:25.892246 IP 192.168.100.1 > 192.168.0.100: ICMP echo reply, id 56286, seq 33001, length 64
08:59:25.989843 IP 192.168.0.100 > 192.168.100.1: ICMP echo request, id 56286, seq 33002, length 64
08:59:25.992925 IP 192.168.100.1 > 192.168.0.100: ICMP echo reply, id 56286, seq 33002, length 64
- Copy Link
- Report Inappropriate Content
1. If I understand you correctly, the linux router uses a static IP address that matches the AX55 DMZ address. As this IP is within the scope of the AX55's DHCP server, the AX55 could assign this same IP to another device and this will cause a conflict. This has nothing to do with your problem but I would recommend changing the DHCP server scope to NOT include the DMZ address.
2. Hopefully someone on this forum can help you better with the linux info that you posted. I haven't worked with linux in over 30 years.
3. One thought... If you connect a PC to one of the AX55 LAN ports directly, can you then access the modem? That might help you narrow down the problem.
- Copy Link
- Report Inappropriate Content
@jra11500
> 1. If I understand you correctly, the linux router uses a static IP address that matches the AX55 DMZ address. As this IP is within the scope of the AX55's DHCP server, the AX55 could assign this same IP to another device and this will cause a conflict. This has nothing to do with your problem but I would recommend changing the DHCP server scope to NOT include the DMZ address.
Sure -- not related.
FWIW, in my setup, the AX55's DHCP v4 services are (initially) provided to a fixed # of known-MAC IoT devices -- external to the Linux Router, the DMZ address ON the Linux Router, and the occassional temporary device.
The IoT and DMZ addresses also have MAC+IPAddress reservations set on the AX55 -- so they're committed.
> 2. Hopefully someone on this forum can help you better with the linux info that you posted. I haven't worked with linux in over 30 years.
:-)
> 3. One thought... If you connect a PC to one of the AX55 LAN ports directly, can you then access the modem? That might help you narrow down the problem.
No. That doesn't work either.
Also, the Linux Router *is* a 'PC' (2x Ether ports, etc), and is connected "to one of the AX55 LAN ports directly".
If I connect a PC directly to the Modem's Ethernet port, assign it a static IP in 192.168.100.0/24 (other than .1, of course), then I can directly access the Modem UI.
Thanks for the comnments.
- Kelly T.
- Copy Link
- Report Inappropriate Content
Sorry for not being much help but your situation has really gotten my curiosity. I've read up on the Motorola modem and I have a better idea of your situation. It's too bad your AX55 doesn't use a PPPoE connection through the modem. The Tp-Link routers allow a secondary connection with PPPoE.
What happens when you configure the AX55 with a static WAN IP in the 192.168.100.x network? I imagine in that scenario that you probably can connect to the modem's GUI but, at the same time, lose your internet. That would prove that you need a static route to the 192.168.100.x network.
Have you tried changing the default gateway for the static route in the AX55? The XX.YY.140.1 won't work because that's an upstream gateway and won't reroute a private IP back to you. I would try 192.168.100.1 to see if the modem "intercepts" the 192.168.100.0/24 network on it's ethernet interface.
If and when you get this sorted out, please share the solution.
- Copy Link
- Report Inappropriate Content
@jra11500
> What happens when you configure the AX55 with a static WAN IP in the 192.168.100.x network? I imagine in that scenario that you probably can connect to the modem's GUI but, at the same time, lose your internet. That would prove that you need a static route to the 192.168.100.x network.
Yes. With AX55 WAN IP = 192.168.100.2, and downstream LAN ips accordingly in the same segment, I can get to the Modem UI.
That's really functionally no different than connecting a PC 'directly' to Modem, and using *it* to further share/route connections across the LAN.
Of course, as you point out, it breaks connectivity to *everything* else.
> Have you tried changing the default gateway for the static route in the AX55? The XX.YY.140.1 won't work because that's an upstream gateway and won't reroute a private IP back to you. I would try 192.168.100.1 to see if the modem "intercepts" the 192.168.100.0/24 network on it's ethernet interface.
I've now tried every combination of IPs & Gateways I can think of in AX55 static routes :-/
Including
Network Destination: 192.168.100.0
Subnet Mastk: 255.255.255.0
Default Gateway: 192.168.0.1
Interface: WAN
&
(currently)
Network Destination: 192.168.100.0
Subnet Mastk: 255.255.255.0
Default Gateway: 192.168.100.1
Interface: WAN
So far, nothing's "gotten me through" to the Modem UI.
- Copy Link
- Report Inappropriate Content
It sounds like the Motorola modem ethernet connection is an "either or" connection and only accepts one of two possible network devices at a time. I would try to contact Motorola support to see if they can give you a suggestion and/or a solution. From what I've read, the modem is made to work with a third-party router and they certainly should have knowledge on the possible configurations. Good luck!
- Copy Link
- Report Inappropriate Content
okay...
I think the issue is between the modem and router as previously reported and solved on this forum however
they did not have the unix and such involved.
Many have reported the issue of not being able to sign on to the Motorola modem thru the router. I had the same issue.
My setup is ISP - Motorola modem - router - Ethernet attached iMac. When the router IP is 192.168.0.1 I can not sign on to the modem using 192.168.100.1 from my iMac. When I change the IP to 192.168.1.1 and then power cycle the modem and router, then I can sign on to the modem from my iMac.
I think you should make a test to change your network to be ISP - modem - router - an ethernet attached device (disconnect the rest of the network) and test both ways to see if you can sign on to the modem. Do not forget to power cycle. If it works, then add the rest of the network to see if it still works.
Let us know the results.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 645
Replies: 10
Voters 0
No one has voted for it yet.