1.8b Development

With m0n0 v1.33 I had been using the instructions found here to be able to access my modem:

http://wiki.m0n0.ch/wikka.php?wakka=accessingmodemoutsidefirewall

This seems to no longer work on m0n0wall 1.8.0b500.

The Filter log shows packets coming from the modem to the PC on the LAN being blocked when trying to reach the modem's management page.

Can anyone suggest what needs to be changed. I am using the directions in the "Using PPPoE or PPTP for outside IP address" section.

I was using a bridged Zyxel with PPPoA and I'm pretty sure I was still able to access it using the early 1.8 versions (477, 478?) though not sure the method I used was exactly the same.

My carrier (BT) has since upgraded to ADSL2. The Zyxel in bridge won't work with that so I'm now using a Vigor 120. I can't get to to it at all using later versions - but that could well be me and nothing to do with 1.8.

Not sure this will help but thought it worth adding

I'm doing this by simply editing the config.xml, adding another OPT interface which will use the same interface as WAN.
I can only guarantee that this will work without issues when using PPPoE. It might interfere with cable modems or other configurations that work on the IP layer.

 That's the method I was using with 1.33 and the Zyxel but I haven't been able to get it to work on latest 1.8b versions (1.8.0b500 currently) and the Vigor (PPPoA->PPPoE).

I gave up trying in the end as BT were dropping my speed every time I reconnected - from 20M to 14.9M - not that speed is really an issue for me.

Can you confirm that yours is working on later 1.8b versions, please? If so, I'll try some more.

Edited later...

Well, I've just tried again and it's working on 1.8.0b500 so thanks for prompting me to have another go.

Well then, I guess I would like to see all the relevant sections of your working with 1.8 config.xml file. Thanks.

I can ping the modem and it replies. But when I try to access its web interface it does not work and it leaves entries in the firewall log like this:

Act    Time                         If        Source                       Destination                       Proto
X       09:47:26.669829    LAN      10.0.0.138, port 80    192.168.1.50, port 1570    TCP


The modem is 10.0.0.138
The PC I am trying to connect from is 192.168.1.50

Code:

<opt3>
<descr>OUT</descr>
<if>vr1</if>
<ipaddr>192.168.2.10</ipaddr>
<subnet>24</subnet>
<enable/>
<bridge/>
</opt3>

is the additional interface xml

The Vigor is at 192.168.2.1

I have public IPs a.b.c.32/28 so no NAT

Outbound NAT is...

Interface | Source        |  Destination    | Target            | Description
OUT           | a.b.c.32/28 | 192.168.2.1/32 | 192.168.2.10 | ADSL Router NAT 

IPv4 Rule for OUT is default, nothing changed

and that's it. Not sure where the /32 is from, pretty sure I set /24 but it's working so will stay!

I'm sure I tried that combination before but cannot be sure



Hope it helps

Thanks, but still no joy here.

I took a working 1.33 install that can fully access the modem and upgraded it to the latest 1.8. This broke being able to access the modem via telnet or web browser. But I can still ping the modem and it replies - so there is partial access to the modem.

This makes me something is still not quite with the fxp driver implementation I ran into when I began trying to use the early 1.8 betas on this hardware.

Manuel and brushedmoss, any thoughts on this?

That's a shame and seems it was a misconfiguration than upgrade that broke it here.

If it's any help to compare, I'm running an Alix 2d3 with VIA VT6105M Rhine III 10/100BaseTX onboard NICs

Mine are onboard Intel 82559 using the fxp driver.

Suspecting some sort of checksum problem I ran this commands from exec.php:


ifconfig fxp1 -rxcsum    (For the WAN interface)

The modem is now reachable.

The above will not withstand a m0n0wall reboot, so I must now incorporate it into config.xml with

<shellcmd>ifconfig fxp1 -rxcsum</shellcmd>

Note to Manuel:

I thought this was taken care of when you and brushedmoss solved my GB-1000 problem?

Glad you found the issue.

I was having a similar problem on 1.3 with an fxp device. Only ping worked, for TCP connections I needed to ifconfig fxp0 -link0

Don't know about 1.8, but for 1.3 I noticed that some script apparently re-configured the interfaces sometimes, so adding the shellcmd to the config only fixed it for a few days. I had to modify the image and remove the lines where the flag is set.

Thanks for your report.

1.8 has a scheduler that allows among other things, running arbitrary commands. So if the command in config.xml doesn't hold up over time, I'll try adding the command to the scheduler and run it from time to time. It's rare I need to access the modem.