[SOLVED] Routing to access cable modem

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Fri Sep 02, 2022 2:17    Post subject: [SOLVED] Routing to access cable modem Reply with quote
I am running DD-WRT v49599 on a Netgear R9000.

A Netgear CM1200 cable modem is connected to the DD-WRT router to connect to my ISP. The config page of the cable modem is located at 192.168.100.1. My local subnet is other than 192.168.x.x. I normally can connect fine to this config page.

However, when my WireGuard tunnel on the DD-WRT router is up I can no longer connect to the cable modem config page. I figured that this is because the tunnel is routing 192.168.100.1 out to the internet. So on the WireGuard config page I added to the section Route Selected Destinations via WAN and set an IP of 192.168.100.1/32. I can see in the DD-WRT routing table that a route has been added to route 192.168.100.1 to the IP address assigned by the cable company to the DD-WRT router on interface vlan2.

Unfortunately this still doesn't work. I suspect this may be because now 192.168.100.1 is still routed out to the internet bypassing the modem, just not through the WireGuard tunnel. When I try to ping the cable modem, the DD-WRT router responds Destination Port Unreachable.

I have tried setting up a special route on the Advanced Routing/Routing Tables page but can't come up with anything that works.

Is there a way to route this, or must I always disable the WireGuard tunnel if I want to talk to the modem config page?
Sponsor
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Fri Sep 02, 2022 7:45    Post subject: Reply with quote
Update:

By playing with the routing tables, I was able to create this route:

0.0.0.0/1 dev oet1 scope link
default via 71.236.228.1 dev vlan2
10.255.255.2 dev oet1 scope link
71.236.228.0/22 dev vlan2 scope link src 71.236.228.176
100.104.252.0/24 dev oet1 scope link src 100.104.252.39
104.129.56.68 via 71.236.228.1 dev vlan2
127.0.0.0/8 dev lo scope link
128.0.0.0/1 dev oet1 scope link
192.1.1.0/24 dev br0 scope link src 192.1.1.250
192.168.100.0/24 via 71.236.228.1 dev vlan2
192.168.100.1 via 192.1.1.250 dev br0

The last entry should route traffic to the cable modem (192.168.100.1) through the DD-WRT router (192.1.1.250).

Unfortunately this still doesn't work. Can't ping the cable modem (destination host unreachable).

What am I doing wrong?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Sep 02, 2022 8:19    Post subject: Reply with quote
howard@sci1.com wrote:
Update:

By playing with the routing tables, I was able to create this route:

0.0.0.0/1 dev oet1 scope link
default via 71.236.228.1 dev vlan2
10.255.255.2 dev oet1 scope link
71.236.228.0/22 dev vlan2 scope link src 71.236.228.176
100.104.252.0/24 dev oet1 scope link src 100.104.252.39
104.129.56.68 via 71.236.228.1 dev vlan2
127.0.0.0/8 dev lo scope link
128.0.0.0/1 dev oet1 scope link
192.1.1.0/24 dev br0 scope link src 192.1.1.250
192.168.100.0/24 via 71.236.228.1 dev vlan2
192.168.100.1 via 192.1.1.250 dev br0

The last entry should route traffic to the cable modem (192.168.100.1) through the DD-WRT router (192.1.1.250).

Unfortunately this still doesn't work. Can't ping the cable modem (destination host unreachable).

What am I doing wrong?


I moved this thread to the more appropriate Advanced Networking forum.

It looks like you added the last two lines?
The last line is not making much sense to me but it is still early and I have not had my morning coffee.
But line:
Code:
192.168.100.0/24 via 71.236.228.1 dev vlan2

should be enough already unless you have enabled the kill switch on WireGuard?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Fri Sep 02, 2022 8:33    Post subject: Reply with quote
I would have thought the next-to-last line would be sufficient as well, but it didn't work so I manually added the last line.

Yes, I have the kill switch enabled. I deleted the extra route and disabled the kill switch, and I can talk to the cable modem now.

To verify that that was the issue, I re-enabled the kill switch and then couldn't talk to the cable modem.

What is the interaction here? I like having a kill switch. Do I have to choose kill switch or talk to the cable modem?

Thank you for your help.

The routing table with it working is:

0.0.0.0/1 dev oet1 scope link
default via 71.236.228.1 dev vlan2
10.255.255.2 dev oet1 scope link
71.236.228.0/22 dev vlan2 scope link src 71.236.228.176
100.104.252.0/24 dev oet1 scope link src 100.104.252.39
104.129.56.68 via 71.236.228.1 dev vlan2
127.0.0.0/8 dev lo scope link
128.0.0.0/1 dev oet1 scope link
192.1.1.0/24 dev br0 scope link src 192.1.1.250
192.168.100.0/24 via 71.236.228.1 dev vlan2
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Sep 02, 2022 8:40    Post subject: Reply with quote
The kill switch is designed so that users will not inadvertently use the WAN.

As you are using the WAN to connect to the Cable modem the killswitch will also prevent this access.

So you have tested and confirmed that the kill switch is working Smile

Of course you can make an exception in the firewall to allow 192.168.100.0/24:

Code:
iptables -I FORWARD -s 192.168.100.0/24 -o $(get_wanface) -j ACCEPT


Test from command line (telnet/Putty) and if it works, Administration/Commands, Save as Firewall

Still not had my coffee so no guarantee

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Fri Sep 02, 2022 9:02    Post subject: Reply with quote
The iptables command didn't work.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Sep 02, 2022 9:23    Post subject: Reply with quote
I just had my morning coffee and I can see why it did not work :facepalm:

Try this:
Code:
iptables -I FORWARD -d 192.168.100.0/24 -o $(get_wanface) -j ACCEPT

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Fri Sep 02, 2022 12:33; edited 1 time in total
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1889

PostPosted: Fri Sep 02, 2022 12:19    Post subject: Reply with quote
You may also need:
Code:
iptables -t nat -I POSTROUTING -o $(get_wanface) -j MASQUERADE

But this is a different scenario. The wiki still uses `nvram get wan_ifname` ...
Access To Modem Configuration - DD-WRT Wiki

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6855
Location: Romerike, Norway

PostPosted: Fri Sep 02, 2022 13:39    Post subject: Reply with quote
Do you use PPPOE on the wan connection?
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Fri Sep 02, 2022 22:33    Post subject: Reply with quote
Per Yngve Berg wrote:
Do you use PPPOE on the wan connection?


No PPPOE.

I will try the other suggestions later.
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Sat Sep 03, 2022 0:40    Post subject: Reply with quote
egc wrote:
I just had my morning coffee and I can see why it did not work :facepalm:

Try this:
Code:
iptables -I FORWARD -d 192.168.100.0/24 -o $(get_wanface) -j ACCEPT


That worked! Thank you so much.
howard@sci1.com
DD-WRT Novice


Joined: 11 Jul 2022
Posts: 44

PostPosted: Sat Sep 03, 2022 1:02    Post subject: Reply with quote
dale_gribble39 wrote:
You may also need:
Code:
iptables -t nat -I POSTROUTING -o $(get_wanface) -j MASQUERADE

But this is a different scenario. The wiki still uses `nvram get wan_ifname` ...
Access To Modem Configuration - DD-WRT Wiki


This doesn't seem to be needed, but thank you for your input.
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1889

PostPosted: Sat Sep 03, 2022 1:52    Post subject: Reply with quote
Correct, didn't think it would be as you didn't configure a virtual IP for the WAN interface as in that Wiki. <wink>
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum