Good evening ladies and gents.
For years, i've read and replied to dozens of sticky's / posts on how to properly bridge a modem, regardless of brand, and be able to continue to access the firmware on the modem for line statistics or other management needs.
In my 2nd home, i have an Actiontec GT784WN. This is Verizon/Frontier's go-to 'all in one' wireless modem/router combo. The goal here is to make this modem function solely as a modem. For the longest time, i was traditionally "double nat'ing" in DMZ to a basic cisco router. I say traditional, because this is what most users end up resorting to when they fail at bridging the modem to a router. SOME dont have issues with this practice, and most have issues and just dont realize it. But i can assure you, that it is very inefficient, and is not the correct way to get the job done if you plan to use your own router. This practice is mainly terrible for people that rely on UPnP, which now days, is most of us. I am going to explain how to successfully do this in two ways. One, how to bridge the modem to the router WITHOUT need of accessing the modem for statistics (for those of you that dont want to spend a few small bucks on some capable equipment, or those of you that just dont care about your line statistics and are most focused on taking full control of your internet connection), and also to bridge the modem and access the firmware simultaneously. Keep in mind, this WILL be hardware specific, and you will need to take what you can from this and do some research on how to do whats needed to be done based on your particular hardware.
So for starters, you want to get yourself setup near your modem and router, because you are going to be doing a lot of plugging and un-plugging, and the timing will matter. Make sure you have easy access to the back of your hardware, and have all of the administrative access needed for starting. I.E., verify you can login to your modem, most default to 192.168.x.x. There are multiple scenarios out there. You maybe be a user like i was, with functional access to both your modem and router currently, or maybe you are only using your modem and plan to add a new router to your network. If you are adding a brand new router to your network, i advise that you connect an ethernet cable to the lan port of that particular device and deal with the initial setup, or at the least verify that your WAN settings are back to default if you had any custom input from a prior setup. Of course, you will not have internet access in the process of this. Once you know you have the ability to login to both your modem, your router, and have administrative rights on your PC to set a static IP address, lets continue.
Again today im working with an Actiontec GT784WN, and a brand new Ubiquiti EdgeRouter-X ($49 brand new, and is an AMAZING device for the cost).
Begin by connecting ethernet directly from your PC, to a switch port on the back of your modem. Some, this is already the layout of your setup. Next, lets figure out what IP range your modem is working with. If on windows, open a command prompt and type 'ipconfig'. Once you determine the subnet your LAN is using (I.E. 192.168.1.x), we will statically set an IP on your PC. Preferably, i stay on the opposite side of the range to stay out of the way of DHCP clients. So if your modem (gateway) is at 192.168.1.1, then set your static IP as 192.168.1.254. Your mask would be 255.255.255.0, and your gateway would be 192.168.1.1. If windows requires a DNS server, use the same IP as your modem. We are doing this for two reasons. For one, once DHCP is disabled, we dont want you to loose connectivity, even tho the lease would probably still stick. Also, you need to know how to quickly change these settings, because you are going to do it more than once until we have everything in a permanent setting.
Moving forward. Get logged in to your modem. In this scenario, you will browse to http://192.168.1.1. Once logged in, you are going to disable all wireless options, along with DHCP and any firewall options. We want any and all features disabled, however be sure to stay clear of your DSL WAN settings in the mean time. Go ahead and apply this, the modem will likely reboot. This is a very good opportunity to upgrade your modem's firmware. Not that is is necessary, but knowing that you are the only device connected to the modem at this point, and have a known direct connection, take the opportunity to do so if desired.
Once you are back online, we are going to change the local address of the modem. In the modem, Find your LAN settings, and in this example, you should see the modem's local address set to 192.168.1.1. My personal preference, is to change this to 192.168.99.1, As this is a mostly uncommon local subnet used by most mainstream over the shelf routers. Apply the settings and allow the modem to reboot.
Once the modem is back online, you will not have connectivity what-so-ever. Lets go back into your static IP settings, and in this example, we will change your IP to 192.168.99.254, gateway to 192.168.99.1, DNS to 192.168.99.1, and your subnet mask will remain the same. We should now be able to browse back to your modem using the address http://192.168.99.1.
Now things get a bit sticky. This is when things get a bit more dependent on your area, your modem, and your router. First, we need to scroll over to your DSL WAN settings, and see what is currently being used. You may see RFC 1483 via DHCP, or via PPPoE. If you are using PPPoE, the login credentials you will see are very important to retain. If they are marked out with asterisk's, you will need either do some research on what generic PPPoE login credentials could be, or call frontier tech support and ask for your PPPoE login credentials. If your configured with 1483 via DHCP, life is a bit easier and no credentials are needed.
If using an Actiontec GT784WN, once logged in, you will notice on the left side of the initial login screen, the only option in the navigation is 'Bridge Mode'. Choose it, and opt to enable bridge mode. Once the modem reboots, continue to the following step of configuring your router.
IF you dont have the bridge mode option, somewhere within the firmware of the router you will have an option to either RELEASE your WAN IP, or DISCONNECT the wan connection. This is vital, as some DSLAM's will not re-issue a different IP until you release it yourself. Once you release your IP, within your DSL WAN settings, you should see an option for RFC 1483 Transparent Bridging. Keep in mind this is when things get time-oriented with un-plugging your ethernet cable from the modem. Choose the Transparent Bridging option, and apply the setting. You will notice the modem begin to reboot. Once the power light shows activity confirming that it has started a boot cycle, remove the ethernet cable. This will keep from the dslam issuing an IP to the MAC of your PC, as we want it to serve an IP to your router's WAN MAC.
If your modem comes back online and you notice you no longer have an internet light illuminated, be of no concern. At this point, we are going to connect an ethernet cable from the LAN port of your router, back to your PC. All of those static IP settings from before are no longer needed. You can now re-allow your PC to obtain an IP and DNS from DHCP. (I recommend statically setting OpenDNS, or Google's public DNS).
Once the router boot's, give your PC a moment to obtain an IP address. Go back into command prompt, and again run 'ipconfig'. In my example, my router (your gateway IP) was located at 192.168.0.1. Now we will browse to http://192.168.0.1. You should now be inside of your router's GUI. Browse to your internet or WAN settings tab. Think back, if originally your modem was RFC 1483 DHCP or PPPoE. If it was DHCP, opt to obtain an IP from DHCP. IF it was PPPoE, you will input the credentials you obtained, and apply the setting. You will now connect an ethernet cable from the WAN port of your router, to port one of your modem.
Give the router, modem, and DSLAM about 5 minutes to communicate. Most of the time, an IP will eventually be served. You should be able to view WAN or Internet statistics to see if your router has established connectivity (or obviously, your internet connectivity would begin to work again). Some times, once these settings are completeld, you will need to find the 'DHCP Renew' option that should be near by your WAN settings in the router. Click it, and again, be patient to see if it grabs an IP.
IF not, give your modem a reboot, wait for it to reboot, and check for connectivity. I have seen instances where it takes quite a bit of time to be served a new IP address, so just remember to be patient.
Assuming all went as planned, you now have a 'dumb' modem and a fully functional router! Enjoy! However, keep in mind, you will not be able to access your modem's web page at this point. Again, this is not necessary in all cases. You do have the option, that if you need to access the firmware of the modem in the future, you can directly connect an ethernet cable from your PC to the modem switch, and temporarily statically set your IP to the LAST configuration you used (192.168.99.1/192.168.99.254 in this example), get the information you need, then return back to normal with DHCP.
ANOTHER SECTION!
If you desire to permanently have access to your modem's firmware while in bridge mode, i can tell you that it takes a slightly more advanced user to get this done, along with a router that is capable of doing what we need to do. Almost no average joe router is going to allow something like this to get done. Maybe, once this post becomes a bit more popular, we can get some replies with hardware confirmations. Slimtim@DSLReports successfully managed this using a Netgear DM200 / Netgear R6400 combo running DD-WRT for example. Please note that the KEY to success was the fact he is running DD-WRT firmware on the router.
So, at this point, i am limiting guaranteed success to any Ubiquiti EdgeRouter, OR any pfSense, DD-WRT, or Tomato equipped router.
If running a router equipped with Tomato, under your advanced WAN settings tab, you will notice a 'route modem IP' tab. Input your modem's local gateway IP (in this example, 192.168.99.1) and apply the setting. This should create a virtual nic pointed at the WAN with the modem's local subnet along with a NAT rule to push all traffic of 192.168.99.0/24 to the WAN.
If running a DD-WRT based router, you will go to the Administration tab, and in the command entry field you will enter (in this example!):
"ifconfig `nvram get wan_ifname`:0 192.168.99.2 netmask 255.255.255.0"
followed by
"iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -d 192.168.99.0/24 -j MASQUERADE"
This is giving your WAN port a secondary IP of 192.168.99.2 so it can reach 192.168.99.1, and a simple nat redirection for traffic from the lan to go where it needs to go when trying to access the modem's IP.
If running a Ubiquiti EdgeRouter, enter the command line interface and do as follows:
ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set interfaces pseudo-ethernet peth0 link eth0
[edit]
ubnt@ubnt# set interfaces pseudo-ethernet peth0 address 192.168.99.2/24
[edit]
ubnt@ubnt# set interfaces pseudo-ethernet peth0 description "access to modem"
[edit]
ubnt@ubnt# commit
Once the router reboots, you will create a source nat rule. I have attached a screen shot of the options you need to elect, be sure to update the destination address according to this example your setup.
A big thanks to these threads, that may also be of use to you:
(tomato) http://tomatousb.org/forum/t-290560/route-modem-ip-option
(dd-wrt) https://www.dslreports.com/forum/r31354756-Actiontec-GT784WN-vs-Westell-7500-vs-ZyXEL-P660R-vs-Netgear-DM200
(ubnt) https://community.ubnt.com/t5/EdgeMAX/Cant-put-DHCP-client-and-static-ip-on-the-same-interface/td-p/1366293
https://community.ubnt.com/t5/EdgeMAX/How-to-access-modem-on-the-WAN-side/td-p/1511558
I hope some of this is of use to you all, and i would appreciate success reports! Feel free to PM me here @DSLR for help, i will gladly answer any questions.
Cheers.
-Sarge
↧