Topic: Accessing modem through router from PC … and understand the network
This is about accessing my modem through my router from my PC.
It's also about how I simply don't understand this network thing.
The other day I installed OpenWrt on a TP-Link TL-WR941ND router. (It does have WiFi, but I'm not currently using it.) The router has four LAN ports and one WAN port. The WAN port is connected to my DSL modem, a Siemens C2-010-I. My PC is connected to one of the four LAN ports.
I've been able to access my modem from my PC using a diagnostic program (DMT.exe), which uses telnet. I'd like to also access my modem via the router, as explained on this page:
As you might suspect by now, that doesn't work, and trying to solve the issue myself I realize that I simply don't understand this network machine, which is why I'd appreciate some help. So without further ado, let's review the settings:
root@TIBERIUS: ~ > ifconfig br-lan Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 inet addr:192.168.33.1 Bcast:192.168.33.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1234 errors:0 dropped:133 overruns:0 frame:0 TX packets:1244 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:203880 (199.1 KiB) TX bytes:1153818 (1.0 MiB) eth0 Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2758 errors:0 dropped:0 overruns:35 frame:0 TX packets:2314 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1441164 (1.3 MiB) TX bytes:1333851 (1.2 MiB) Interrupt:4 lan1 Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 … # nothing plugged in lan2 Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 … # nothing plugged in lan3 Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 … # nothing plugged in lan4 Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1392 errors:0 dropped:22 overruns:0 frame:0 TX packets:1247 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:240088 (234.4 KiB) TX bytes:1153956 (1.0 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 … pppoe-wan Link encap:Point-to-Point Protocol inet addr:92.***.***.190 P-t-P:184.108.40.206 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:1216 errors:0 dropped:0 overruns:0 frame:0 TX packets:926 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:1131272 (1.0 MiB) TX bytes:139200 (135.9 KiB) wan Link encap:Ethernet HWaddr 00:23:CD:20:C3:B0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1366 errors:0 dropped:0 overruns:0 frame:0 TX packets:1066 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1151432 (1.0 MiB) TX bytes:163827 (159.9 KiB)
A lot of interface - and precisely where I start to lose ground. Let's pick that apart:
* lo = loopback to localhost, that's clear
* lan1 through lan4 = the four LAN ports on my router, also clear (because there's four of them, and my PC is connected to number 4, and there's traffic on number 4)
* pppoe-wan = PPP link, 92.***.***.190 being my router's IP, 220.127.116.11 my ISP counterpart
I understand that pppoe-wan somehow is on top of a physical interface (must be the WAN port on my router), but I don't understand how exactly. And maybe I don't have to.
But that leaves us with three more interfaces, to wit br-lan, eth0 and wan.
One of eth0 and wan should be the physical interface of my router's WAN port, but which one? And why does it not have an IP number assigned itself?
As for the other one and br-lan, what is their purpose?
Let's move on to /etc/config/network :
config interface 'loopback' … # okay config interface 'eth' option ifname 'eth0' option proto 'none' # The purpose of this one is unclear to me. config interface 'lan' option ifname 'lan1 lan2 lan3 lan4' option type 'bridge' option proto 'static' option ipaddr '192.168.33.1' option netmask '255.255.255.0' # I would probably have to understand what a bridge is. config interface 'wan' option ifname 'wan' option proto 'pppoe' option username … # My dial-in configuration for DSL, okay. # My additions following the instructions given at # [url]http://wiki.openwrt.org/doc/howto/access.modem.through.nat[/url] # in order to access my modem, which is configured to 192.168.1.1 # and does listen on TELNET and does respond to PING, all verified # by connecting my PC directly to the modem: config alias modem option interface wan option proto static option ipaddr 192.168.1.222 option netmask 255.255.255.0 option layer 1 config zone option name wan option network 'wan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option masq_dest '!modem' option mtu_fix 1
Just to verify the config is committed:
$ uci show network … network.modem=alias network.modem.interface=wan network.modem.proto=static network.modem.ipaddr=192.168.1.222 network.modem.netmask=255.255.255.0 network.modem.layer=1 network.@zone=zone network.@zone.name=wan network.@zone.network=wan network.@zone.input=REJECT network.@zone.output=ACCEPT network.@zone.forward=REJECT network.@zone.masq=1 network.@zone.masq_dest=!modem network.@zone.mtu_fix=1
* no changes to /etc/config/firewall
* nothing in /etc/firewall.user
On the router and from the PC, I can ping 192.168.1.222 - but that's the router itself, not the modem. (This IP does not show up in ifconfig - why not?)
I can neither ping nor telnet to 192.168.1.1, which is the modem, neither from the PC nor from the router.
I then add the two rules from the access.modem.through.nat howto, section "Raw iptables variant (required for pppoe setup)":
$ iptables -t nat -I postrouting_rule -s 192.168.33.0/24 -d 192.168.1.1 -j SNAT --to 192.168.1.222 $ iptables -I zone_lan_forward -s 192.168.33.0/24 -d 192.168.1.1 -j ACCEPT
This does not change my inability to ping or telnet to the modem from either the router or my PC using either 192.168.1.1 or 192.168.1.222 . How is it supposed to work?
I am certain this is not an issue with the modem whose behaviour I tested when connected directly to the PC using DMT.exe, telnet and ping, and there are no problems in that constellation.
It is a routing/firewall issue, and I'd be glad if you could provide help - there's something I simply don't get.
Three posts that appeared related, which I found searching the forum:
2012-10-22 ADSL Modem Acces through WAN port
2011-06-03 SNAT problem / Can not reach the dsl modem
2012-09-10 Strange firewall behaviour