Posted: Sat Mar 02, 2024 23:43 Post subject: Can't access modem status page after update to build 55209
I updated my Asus RT-AC68U B1 from build 45000 to 55209 (erased nvram prior to upgrade) and manually entered settings. My router is at 192.168.0.1 and my cable modem is at 192.168.100.1.
ifconfig `nvram get wan_ifname`:0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE
For some reason I'm not able to access the cable modem site anymore. Any ideas? Has anything changed in the more recent builds? Besides the dd-wrt build nothing has changed in my setup.
You may have better luck with the following saved to your firewall script instead:
Code:
ifconfig $(nvram get wan_ifname):0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
bah when erasing nvram missed the new CIDR notation. Changing to /23 fixed the issue.
Now that I have this working, I have a couple questions:
1. What are these two commands doing?
ifconfig `nvram get wan_ifname`:0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE
2. Do I really need the router Local IP Address to be 192.168.0.1./23 to access the cable modem at 192.168.100.1?
3. I can't seem to access the cable modem, unless I forward 8081 to 192.168.100.1:80, which also exposes the cable modem to WAN access. I don't understand why this would be needed to LAN access to the cable modem but for some reason I can't seem to access the cable modem even from LAN without it. Here's the setting mentioned above:
1. Creating a virtual interface on the WAN in the same subnet as your cable modem to provide access to it's configuration.
2. I don't see how this would be necessary, it doesn't make sense. Changing syntax as I offered should've been all that was necessary to fix that part (or not).
3. While http port 80 is reserved for the DD-WRT webUI, it shouldn't affect connecting to port 80 upstream via the WAN, otherwise, http-only sites on the internet would be horribly broken.
Seems there is something larger-picture that is not being shared. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
2. I don't see how this would be necessary, it doesn't make sense. Changing syntax as I offered should've been all that was necessary to fix that part (or not).
Thanks, this makes sense. Just to confirm 192.168.0.1/24 is all that's needed for a LAN IP range of 192.168.0.0 - 192.168.0.255 and this has nothing to do with the virtual interface to access the 192.168.100.x right?
dale_gribble39 wrote:
3. While http port 80 is reserved for the DD-WRT webUI, it shouldn't affect connecting to port 80 upstream via the WAN, otherwise, http-only sites on the internet would be horribly broken.
Clearing cache and a router reboot solved this one, as expected and I'm able to access the cable modem setup page via Lan without the port forward.
2. I don't see how this would be necessary, it doesn't make sense. Changing syntax as I offered should've been all that was necessary to fix that part (or not).
Thanks, this makes sense. Just to confirm 192.168.0.1/24 is all that's needed for a LAN IP range of 192.168.0.0 - 192.168.0.255 and this has nothing to do with the virtual interface to access the 192.168.100.x right?
Correct.
kozarrat wrote:
dale_gribble39 wrote:
3. While http port 80 is reserved for the DD-WRT webUI, it shouldn't affect connecting to port 80 upstream via the WAN, otherwise, http-only sites on the internet would be horribly broken.
Clearing cache and a router reboot solved this one, as expected and I'm able to access the cable modem setup page via Lan without the port forward.
Thanks!
Good to hear. It is best to use a separate browser in private browsing mode (this usually does not accumulate a cache to clear) for accessing DD-WRT webUI and your upstream modem configuration. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Currently running: Asus RT-AC68U B1 w/ DD-WRT v3.0-r55363 std (03/13/24)
ugh not sure what's going on but I definitely can't access cable modem gui from LAN (192.168.100.1). The only way I'm able to access it is doing the below port forwarding and accessing it from WAN via http://WAN IP:8081. I have the following firewall commands applied:
ifconfig $(nvram get wan_ifname):0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
Any other ideas as to why accessing modem gui from LAN doesn't work? It's also not responding to ping requests via LAN from a device on the network but does respond to ping when I ssh to dd-wrt router and ping 192.168.100.1 from there:
root@DD-WRT:~# ping -c 3 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: seq=0 ttl=64 time=2.277 ms
64 bytes from 192.168.100.1: seq=1 ttl=64 time=2.016 ms
64 bytes from 192.168.100.1: seq=2 ttl=64 time=1.863 ms
I think it had already worked?
The rules are not really persistent if you press apply somewhere in the GUI then you often lose modem access and have to run the two commands again.
Copy the rules into the "Commands" field and click on "Run Commands"
Code:
ifconfig $(nvram get wan_ifname):0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
I think it had already worked?
The rules are not really persistent if you press apply somewhere in the GUI then you often lose modem access and have to run the two commands again.
Copy the rules into the "Commands" field and click on "Run Commands"
Code:
ifconfig $(nvram get wan_ifname):0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
The rules are in the firewall commands and are(should be) persistent. I think I had mistakenly thought it was working last time around but I can't get to the modem gui from LAN for some reason (but can access it from WAN somehow if I set up 8081->80 portforwarding).
The rules are not persistent, I have been using them for years.
Every time I played around in the GUI I had to run them again manually.
It happened to me every time I changed something in the WLAN tab.
The rules are not persistent, I have been using them for years.
Every time I played around in the GUI I had to run them again manually.
It happened to me every time I changed something in the WLAN tab.
And they work - topic closed.
However, they do not work if you have a VLAN tagged WAN port because the switch does not allow anything other than tagged traffic to pass through.
I can't access the gui from LAN even when after running the commands from GUI or directly from router in ssh session. However, I can access the gui from http://WAN IP:8081 with the above port forwarding. Just lost as to why this is happening.
You should also DELETE this strange port forwarding rule
because it creates its own firewall rules for these packets.
And if the rule is deactivated (not deleted) then this entry blocks the packets.
I deleted the Nat rule and rebooted the router (and ran the commands:
ifconfig $(nvram get wan_ifname):0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
again)
Still can't access cable modem gui from LAN (and obviously can't access it from WAN anymore without the portforwarding rule I just deleted).