Need help accessing cable modem IP

[wayner]

I have an Asus RT-N66U router connected to a Rogers Hitron CGN3 Gateway. The Gateway is in Bridge mode so it is only functioning as a cable modem. My Asus router has an IP of 192.168.1.1.

I can access the web UI of the cable modem at 192.168.100.1 if I plug a PC directly into the cable modem and give it a static IP on the same subnet. But I would like to be able to get access to the modem's web UI without having to move cables and change IP settings. Why? This gateway has had very serious problems and it would be nice to be able to tell if the firmware has been changed.

I have found threads here on SNB and elsewhere using postrouting and masquerade that seem to allow you to access the modem but I don't totally understand what is going on. I believe that you are creating a virtual NIC and giving it an IP on the same subnet as the router and using postrouting to be able to access the modem even though it is on the WAN rather than your LAN. Is that correct?

Given that the modem's IP is 192.168.100.1 will these commands enable me to access the modem from my LAN?

ifconfig `nvram get wan_ifname`:0 192.168.100.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE

If those are correct then where do I enter the commands - in a telnet/ssh session on my router (I am running stock firmware)?

What are the security implications of this? Does this make it easier for someone to get access to my router? Or is the 192.168.100.1 address not accessible from the internet?

And am I correct in assuming that with the stock firmware that a reboot of the modem will mean that I have to re-enter these two commands?

Thanks.

 

[stevech]

All I can tell you is that I've had 3 different Motorola cable modems and now an Arris cable modem+digital phone. All have an admin IP address of 192.168.100.1. (cable modem is a layer 2 device so the IP address is for admin only; has nothing to do with bridging data).

All of my home routers have run a home LAN of 192.168.1.x/8 (mask 255.255.255.0).
All of my PCs have been able to access 192.168.100.1, the cable modems, with no special things done to the home routers. I've never understood how the home routers can send packets to the cable modem which is in a different subnet, but somehow, it just works. And does so for many (10+) brands/makes of consumer grade routers I've used.

The router get a packet from the LAN addressed to 192.168.100.1 which is not in the same subnet as the LAN. So it gets tossed to the cable modem's WAN port even though it should not, since 192.168 is non-routable. I suppose the consumer routers kind of cheat. I've not tried this on other non-routable, such as 10.x.x.x

But again, all my cable modems have been just that- not a gateway (router) and not forced to bridge mode. I always decline to take the cable co's router- gimme only a modem!

 

[wayner]

I will try again but I am pretty sure that I tried and this didn't work. This Hitron modem has SO many issues that it wouldn't surprise me if it is different from everthing else. The problem is that it is one of the first gateways that has 24x8 channels and my cable company requires it for their 250/20 service.

What if I changed the subnet mask on my router to something like 255.255.127.0 - would that work? Or are there security risks in doing that? Shouldn't that make everything from 192.168.1.X up to 192.168.128.X accessible?

 

[wayner]

Just to confirm that I was not able to access 192.168.100.1 initially. But after entering the two commands at a telnet command prompt (remember I am on the stock firmware) I was able to access it. But I believe that I will have to re-enter the commands upon a router reboot.