Need help accessing Cable Gateway at 192.168.100.1


  • Custom Avatar

    My cable gateway is a Hitron CGN3 supplied by Rogers cable.  I have it configured in Bridge mode so that I can use my USG as my router.

    I can no longer access the config page of my cable gateway at 190.168.100.1 - I was able to do this in the past when using my previous Asus router.  My USG is at 192.168.1.1 and I am using a standard /24 subnet.  In the past I have been able to get around this problem by putting in some CLI commands.  Would these commands work on my USG?

    ifconfig eth0:0 192.168.100.2 netmask 255.255.255.0
    iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
    

    I believe the above commands assume that your WAN is eth0.  Is that the case on the USG?


  • D
    Beta Testers

    Why not just add a route using the GUI?


  • Custom Avatar

    I don't see that in the UI.  Where do I do that?  I don't think this is exactly the same as port forwarding?


  • G
    Custom Avatar

    I am using motorola cable modems (bridge) in three sites with this exact address and can hit it from behind all my USGs without doing anything special.  The modems give the USG a DHCP address and then do all the NAT and routing.  I have not looked deeply, but it appears that the USG does not drop RFC 1918 address but passes them upstream to the next hop.  What is your USG config?


  • D
    Beta Testers

    Mine is in the "Routing and Firewall" section of the settings (I'm on 5.5.8).


  • Custom Avatar

    gregorio wrote:

    I am using motorola cable modems (bridge) in three sites with this exact address and can hit it from behind all my USGs without doing anything special.  The modems give the USG a DHCP address and then do all the NAT and routing.  I have not looked deeply, but it appears that the USG does not drop RFC 1918 address but passes them upstream to the next hop.  What is your USG config?


    My USG is configured to use DHCP.  Is that what you mean by USG config?

    I think this may be an issue with the Hitron device as it depends on the firmware in terms of whether it is visible or not behind the firewall.


  • Custom Avatar

    depasseg wrote:
    Mine is in the "Routing and Firewall" section of the settings (I'm on 5.5.8).


    I am on Controller version 5.4.11 so I guess I need to upgrade.


  • S
    Custom Avatar

    It is in 5.4.11, under Settings > Routing & Firewall


  • G
    Custom Avatar

    I am using a very basic configuration. No guest portal, no manual routes, no RFC 1918 blocking, etc. I was curious if you had any other configuration changes other than what is out of the box.

    Not sure I understand how the Hitron can decide when you are accessing from behind a FW or not. I'm not saying it isn't possible just that I don't know.


  • Custom Avatar

    I don't have anything special set up on mine.  I am not sure exactly how this works.  It makes sense that you can't generally access a 192.168.100.X IP from a 192.168.1.X IP with a 255.255.255.0 subnet - hence why you need to create the route.  I am not an expert on this but my understanding is that this creates something like an alias for you WAN port of 192.168.100.2 that can get through to the modem.

    I haven't had a chance to change this setting yet, but when people mention settings - does that mean that it is in the controller config area rather than in the USG device configuration?


  • G
    Custom Avatar

    Correct but this is a router and it automatically has a default route for all unknown networks that leads to the upstream provider's router. Based on your info, 192.168.100.0 is unknown and will get sent there with everything else. I'm not clear on the docis specification how the modem picks up the traffic destined for it because it is on a different network but it either is listening on every packet or it is reflected back by the upstream router as a known network.

    curious


  • Custom Avatar

    So why is this done in Controller-Settings rather than in the USG device? Doesn't that make more sense?


  • G
    Custom Avatar

    The controller is an interface to the USG device. Making changes to the controller makes changes to the USG device.


  • Custom Avatar

    gregorio wrote:
    The controller is an interface to the USG device. Making changes to the controller makes changes to the USG device.


    I realize that but I would expect to find this under Router - Configuration after you click on a router device.  I know that everything is stored in the Controller, but the UI generally uses an object based configuration where you click on a device to change its configuration.  Therefore I would logically expect to find such commands under the Configuration page for the USG.


  • D
    Beta Testers

    The gear icon is for the controller settings it for the site settings. That is why the routing and firewall is under settings instead of a specific device. Because it applies to the concept of a site.

    I mean your logic of clicking on a device to change it's configuration is the the opposite of what a software defined network is about.


  • Custom Avatar

    But how come the Port Forwarding is done under the configuration of the USG device?  Isn't this analalgous to Port Forwarding? (And I know that you can change Port Forwarding under the Controller Settings but it is also under the USG Configuration.

    And don't you click on a WAP to change properties relating to a WAP - like its IP address (assuming that you use a Static IP for a WAP.


  • D
    Beta Testers

    I've wondered why PF wasn't part of the site settings. I don't understand why it's on the router.

    Yes you can configure specific settings per device (like IP address and Radio bandwidth and signal strength). My impression is that it's because they are device specific.

    But back to how to solve this problem. By default, the router will forward traffic out the WAN interface if it doesn't have a more specific route (like "attached"). What I think will happen though is that the router will forward the traffic to it's default gateway, without consulting the actual local (wan) broadcast connection. But because the router interface doesn't have an IP address in that same brodcast domain, it still won't be able to communicate.

    Which means that in order to connect to the cable modem at 190.168.100.1, you will need to ssh into the USG and manually add a subinterface with an ip address in the 190.168.100.0/24 range. This locally attached interface will then auto-populate the routing table which will then enable traffic from your LAN to reach it.


  • Custom Avatar

    Yes - the commands that I posted up above at the start of the thread essentially created a virtual LAN interface at 192.168.100.2 which is on the same subnet as the gateway which facilitates the routing and that it allows it to get out with the postrouting command.

    How do I add this subinterface?  In other words, what is the Unifi equivalent of the

    ifconfig eth0:0 192.168.100.2 netmask 255.255.255.0
    iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
    

    commands?


  • C
    Beta Testers

    Isn't it the case that when you put a device into,bridge mode, all IP functions cease? From that point on, it's a dumb bridge. Wouldn't be surprised if you can't get to the web configuration- there's nothing to configure.


  • Custom Avatar

    With this device you can still see a few things when in Gateway mode - and the important thing is that you can see your inbound and outbound signal levels to know if that is an issue. You can also switch back from bridge mode to gateway mode without having to do a factory reset.


Posts 22Views 0
Log in to reply

Looks like your connection to Ubiquiti Networks Community was lost, please wait while we try to reconnect.