Access To Modem Configuration

From DD-WRT Wiki

Revision as of 18:36, 22 December 2013 by JNavas (Talk | contribs)
Jump to: navigation, search


Bridged modem


In this case the router itself creates the PPPoE connection to the ISP server; but to work, the connection between the modem and the router must have an IP address. Usually the modem gives an address to the client; but this address will never be used except to access the configuration interface of the modem.

My modem is a Speedtouch 510, is IP address is and it gives the address to the device connected to it. The easiest way to know these addresses is to connect the modem directly to your computer and take a look at your network card configuration. The default gateway is the Modem address and the Card address is the one provided by the modem.

Note: Many modems come configured to use the 192.168.1.x subnet. This is the same subnet that DD-WRT uses for the LAN by default. You need to either set the modem to use a different subnet or set the router's LAN to use an IP in a different subnet such as so that they're not using the same subnet.

So it looks like this.

By default if you type the IP address of the modem you have an "Impossible to contact the server" error.

Primary Method

Replace the with an IP in the same range as the modem. If your modem is, you should use If your modem is, use

  • Go to Administration -> Commands
  • Enter
ifconfig `nvram get wan_ifname`:0 netmask

and click on Save Startup

  • Enter
iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE

and click on Save Firewall


  1. `nvram get wan_ifname` gets the WAN port of your router automatically. If you wish to enter it manually, you should run echo `nvram get wan_ifname` to get your WAN interface name.

Success Report


  • ADSL2+ service with static IP (no PPPoE or DHCP)
  • TP-LINK TD-8817 ADSL2+ Modem Router, configured as bridge, web page at
  • Linksys E1200v2 with DD-WRT 21676, LAN address, WAN admin port 8080


WAN access to modem on external IP port 8081 in addition to LAN access
(with WAN access to DD-WRT on external IP port 8080).

Administration > Commands

ifconfig `nvram get wan_ifname`:0 netmask

[Save Startup]

iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE

[Save Firewall]

NAT / QoS > Port Forwarding

 Application        Protocol      Source Net      Port from      IP Address        Port to      Enable    
 DSL Modem  Both   8081 80

[so modem web page can be accessed from WAN on port 8081 (as well as LAN on port 80)]

Important: With WAN access enabled, set strong passwords in both modem and DD-WRT.

Alternate Method

An alternate way to execute the above commands on startup if you have JFFS enabled is the following:

  • Log in via ssh/telnet
  • create a file with the following content:
ifconfig `nvram get wan_ifname`:0 netmask
  • save it as "/jffs/etc/config/modem.startup"
  • create another file with the following content:
iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE
  • save it as "/jffs/etc/config/modem.wanup"
  • make them executable:
chmod +x /jffs/etc/config/modem.*

SSH Method

A good, secure method for accessing modem interface (configuration) is SSH port forwarding, which can be accomplished with the following steps (with Apply Settings on each screen):

1. DD-WRT build with working SSH

SSH broken in 21061, fixed in 21676 (recommended build)

2. Enable SSH service

DD-WRT: Services > Services > Secure Shell > SSHd > Enable

  • No need to enable SSH TCP Forwarding for inbound connections.
  • If Password Login is enabled, set a strong administrative password (12-14 random characters), and SSH login to the "root" account with that password. (See Telnet/SSH and the command line)
  • Recommend changing Port to deter port scanners (e.g., 8022).

3. Enable SSH remote management

DD-WRT: Administration > Remote Access > SSH Management > Enable

  • Recommend changing SSH Remote Port to deter port scanners (e.g., 8022).

4. Setup route to modem

DD-WRT: Administration > Commands

Assumes LAN subnet 192.168.2.nnn and modem at (change as appropriate):

ifconfig `nvram get wan_ifname`:0 netmask

[Save Startup]

5. Configure SSH port forward

See Example below.

6. Reboot DD-WRT and test

  • ConnectBot is a good SSH client for Android.
  • Mac OS X Terminal supports SSH. (guide)
  • PuTTY is a good SSH client for Windows.


  • Assumes LAN subnet 192.168.2.nnn and modem at
  • DD-WRT forward in PuTTY: L1080 (access at http://localhost:1080)
  • Modem forward in PuTTY: L1081 (access at http://localhost:1081)


  • Modem and LAN should be on different subnets as in the examples above. It's not good network topology to have the router WAN port and LAN ports on the same subnet.