Accessing modem that restricts source traffic to 192.168.100.0/24?

[Morac]

I have a GT-AX6000 running the latest firmware. I’ve purchased a Hitron CODA56 modem because it’s one of the few modems that Comcast Xfinity has certified to allow faster upload speeds and it was on sale.

The problem with it though is that in order to get to the status page, the request must initiate from the 192.168.100.0/24 subnet. That means requests from my LAN will be ignored.

I found a web page that describes how to do this using virtual ip and outbound NAT rules.

https://www.dslreports.com/forum/r33757940-Hitron-CODA56-status-page-access

Is there a way to do that on the GT-AX6000 or have it route traffic to the modem using a 192.168.100.x address?

 

[glens]

I looked through that linked thread, plus fetched the modem "user manual" (which is dreadful - basically a slightly fleshier version of the "quick install guide"!), plus another duckduckgo search of the matter.
I'm confused.

What is the IP address assigned to the router? Primarily, is it locally private (from the modem doing NAT), cable company private (using their network NAT), or public? Either way, it shouldn't matter /what/ the addresses are so long as the request is coming to the modem's ethernet port, IMO.

Some of that thread's participants reported "no problem" and one caught my eye right off describing that their browser was "upgrading" the connection attempt to HTTPS, which would seem to be a very obvious problem...

Are you currently having this connection problem? (More importantly, don't you have a fiber ISP option, one with symmetrical speeds? : )

 

[Morac]

Reportedly the modem‘s web page is 192.168.1.100 like most other modems. Unlike most modems though it will refuse connections from outside the 192.168.100.0/24 subnet. As such it won’t accept connections from my LAN on the 192.168.1.0/24 subnet like my current modem does.

My current modem has yet to be certified for mid-tier split with Xfinity so it’s limited to 20 mbps upstream even though I’m paying for 100 mbps upstream. The CODA56 is certified, cheap and has relatively good ratings with the sole complaint being the web interface, which is why I picked one up.

 

[Tech9]

I have two different Hitron modems in use and both are accessible on 192.168.100.1 from the main router with a different subnet.

 

[Morac]

It shows up tomorrow so we’ll see, but I’ve seen many people report that they can’t access the CODA56 one unless they are on the same subject.

 

[sfx2000]

Reportedly the modem‘s web page is 192.168.1.100 like most other modems. Unlike most modems though it will refuse connections from outside the 192.168.100.0/24 subnet. As such it won’t accept connections from my LAN on the 192.168.1.0/24 subnet like my current modem does.

So - this is all exploration...

try https://192.168.100.1

Rather than the non-secure http...

 

[Tech9]

It shows up tomorrow so we’ll see

Then there is no problem yet.

 

[Morac]

Then there is no problem yet.

Not for me yet, but since everyone who bought the modem in the dslreports mid-tier split thread complained they couldn’t access the web page, I was trying to be proactive.

 

[ColinTaylor]

Not for me yet, but since everyone who bought the modem in the dslreports mid-tier split thread complained they couldn’t access the web page, I was trying to be proactive.

Wait for it to turn up and then see if you have a problem. If you do then it's easy to fix it from the command line, as has been discussed many times before.

The problem in your case is that with stock firmware you can't make the fix survive a reboot. So you'd have to SSH into the router an reissue the command again.

 

[Morac]

Wait for it to turn up and then see if you have a problem. If you do then it's easy to fix it from the command line, as has been discussed many times before.

The problem in your case is that with stock firmware you can't make the fix survive a reboot. So you'd have to SSH into the router an reissue the command again.

I have it hooked up as and expected it doesn’t respond at all.

What is the command line to get an ip alias in the 192.168.100.x range that will get a response when the modem responds? I’ve read it does an arp, though it might not.

i want to make sure I don’t clobber my public WAN IP4 and 6. I just want to set up a second IP just for accessing the 192.168.100.1 address.

I don’t need it to survive a reboot as I only check my modem signals if something is wrong and I rarely reboot the router anyway.

 

[ColinTaylor]

I have it hooked up as and expected it doesn’t respond at all.
What is the command line to get an ip alias in the 192.168.100.x range that will get a response when the modem responds? I’ve read it does an arp, though it might not.

I don’t need it to survive a reboot as I only check my modem signals if something is wrong and I rarely reboot the router anyway.

I'm not familiar with the GT-AX6000 specifically, but if it's like other Asus routers I would expect the following to work.

ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0

If your WAN Connection Type isn't "Automatic" but PPPoE then things are slightly different.

 

[Morac]

I'm not familiar with the GT-AX6000 specifically, but if it's like other Asus routers I would expect the following to work.

ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0

If your WAN Connection Type isn't "Automatic" but PPPoE then things are slightly different.

Before running that, what does that do exactly and how can I “undo” it if need be?

That won’t overwrite the existing inet addr I assume?

 

[ColinTaylor]

Before running that, what does that do exactly and how can I “undo” it if need be?

That won’t overwrite the existing inet addr I assume?

It creates another virtual interface from your WAN interface. It's non-destructive and can be undone by rebooting the router.

I've just run it on my router:

eth0      Link encap:Ethernet  HWaddr F0:2F:74:92:37:D8
          inet addr:86.4.xxx.yyy  Bcast:86.4.zzz.255  Mask:255.255.252.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:630489660 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132968570 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:807390913388 (751.9 GiB)  TX bytes:21811338080 (20.3 GiB)

eth0:0    Link encap:Ethernet  HWaddr F0:2F:74:92:37:D8
          inet addr:192.168.100.2  Bcast:192.168.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

 

[ColinTaylor]

P.S. If the command doesn't work you might need to add a masquerade rule with iptables.

 

[Morac]

It creates another virtual interface from your WAN interface. It's non-destructive and can be undone by rebooting the router.

]

Okay thanks. It worked and I can view the modem's web page. Not sure why they made it so hard to do so.

 

[glens]

Not sure why they made it so hard to do so.

'Cause "f*ck all y'all" is a much too common notion? Glad it was simple-enough for you.

Does it net you the performance boost you were seeking?

 

[Morac]

'Cause "f*ck all y'all" is a much too common notion? Glad it was simple-enough for you.

Does it net you the performance boost you were seeking?

Yes, my upload speeds went from 23 mbps to 116 mbps. Download speeds remained similar at around 800 mbps.

The thing is over twice the size of my Arris S33 and is ugly as hell, but for whatever reason Comcast hasn’t certified the S33 for mid-tier frequency split as of yet which is required for OFMD on the upload channel. They’ve been dragging their heels for months and I finally just said screw it and bought the CODA56 because it was on sale.

 

[KevTech]

They’ve been dragging their heels for months and I finally just said screw it and bought the CODA56 because it was on sale.

That is not it at all.
The S33 is one of the very few retail modems in the Low Latency DOCSIS Field Trial.
Mid-split support is on hold until the trial is over.

 

[Morac]

That is not it at all.
The S33 is one of the very few retail modems in the Low Latency DOCSIS Field Trial.
Mid-split support is on hold until the trial is over.

That says LLD should be released by end of this year. I have until the end of January to return to CODA56 so if by some miracle the S33’s upload speeds are unlocked by then I’ll return the Coda and switch back to the S3. If not then buying the Coda is still cheaper than renting a modem for over 6 months from Comcast.

My guess though is that LLD is not released by year end. As of 4 days ago there was no internal news at all on the S33‘s becoming certified.

Reddit - Dive into anything

www.reddit.com

Comcast is starting to rollout Docsis 4 anyway so they may just wait for that.

 

[RocketJSquirrel]

I'm not familiar with the GT-AX6000 specifically, but if it's like other Asus routers I would expect the following to work.

ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0

Works on my old AC68U to web to my new CODA56. Thanks for that!