Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 29 replies
  • Answers 3 answers
  • Subscribers 4 subscribers
  • Views 25528 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot access ADSL modem setup with additional address via specific devices

ChriZathens

Hi guys!

I am facing a strange issue...

I have an ASDL modem/router in bridge mode with IP 192.168.2.1 and have setup an additional address (192.168.2.2) on my UTM in order to access the modem.

The WAN interface connected to the ADSL modem/router is using PPPoE and my LAN is on the 192.168.1.x range

This has been working great until recently. I could enter http://192.168.2.1 on my smartphone's browser and could normally access the modem's webui (I want to regularly check the speed my adsl router syncs, because I have isp issues)

About a month ago, I replaced both my smartphones (company and personal)

From those 2 devices I cannot connect to the http://192.168.2.1 address.

From my computer, the page loads normally. I tried from my tablet - loads normally, too.

BUT, I can access the http://192.168.2.1 address normally from either phone when I am connected to my house using VPN...

The only difference between the other devices and my phones is that I have put them in Skip Transparent Mode Source Hosts/Nets & Skip Transparent Mode Destination Hosts/Nets in filtering options. I thought that maybe that was the case and went ahead and removed them, but still the same.

The only other thing that has changed since I could access the address via the old phone's browser, is that - due to the fact that I was migrating stuff and a need for more addresses arose, I changed my DHCP internal range and added 10 more IPs (was until .20, now it is until 30). I think this is irrelevant, though, just thought I should mention it...

 

Any ideas on where to look? I am really lost, don't know what to check and this thing is puzzling me.

I mean I can always connect using VPN (even when I am at the house), but why on earth does it not connect normally?



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    Hi Bob!

    Thanks for your help.

    Can you please explain how to create the rule?

    I entered traffic from Internal network (192.168.1.0/24)

    Using service HTTP

    Going to 192.168.2.1

    Change source to 192.168.2.2

    and service to HTTP

    Not working

     

    Tried to follow exactly your advice 

    I entered traffic from Internal network (192.168.1.0/24)

    Using service Any

    Going to 192.168.2.1

     

    But then what do I enter in the other two fields (blonde moment here...)

     
    Sophos XG Home Licence.

    Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
  • 0 in reply to ChriZathens

    In NAT rules, when the Service isn't to be changed, leave that empty (see #5 in Rulz).  Use {192.168.2.2}.

    If that doesn't work, there's something else going on here that's causing a routing conflict.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    So, you mean like this?

    Internal Network -->192.168.1.0/24

    Service -->Any

    Insomniamodem -->192.168.2.1

    Additional address -->192.168.2.2

    (sorry for being thick...[:$])

     

    What I cannot understand is what would cause only my two phones to not have access to that address, while any other network device has no issues... [:(]

     
    Sophos XG Home Licence.

    Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
  • 0 in reply to ChriZathens

    I just looked at the entire thread.  I was so sure it was something between the UTM and the modem, but I only now "saw" that the modem never responded to the ARP request from the UTM.  Strange that the UTM would ARP on the internal NIC rather than the external one.  That might be an unintended feature[;)], but let's see if we can outsmart it.  What happens if you change the Additional Address to a /30?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello again!

    Changed the additional address to /30, but still the same... Those two phones cannot access the modem   

    I also got a TCPdump while trying to access the modem from my tablet (192.168.1.4)

    Fullscreen tcpdumpfromtablet.txt Download 
    18:46:03.803127 IP (tos 0x0, ttl 64, id 40729, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [S], cksum 0x9281 (correct), seq 3269258036, win 29200, options [mss 1460,sackOK,TS val 301691949 ecr 0,nop,wscale 7], length 0
18:46:03.803937 IP (tos 0x0, ttl 64, id 40730, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [.], cksum 0x8895 (correct), ack 222145908, win 229, options [nop,nop,TS val 301691950 ecr 173925571], length 0
18:46:03.803990 IP (tos 0x0, ttl 64, id 40731, offset 0, flags [DF], proto TCP (6), length 522)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [P.], cksum 0x417c (correct), seq 0:470, ack 1, win 229, options [nop,nop,TS val 301691950 ecr 173925571], length 470
18:46:03.844485 IP (tos 0x0, ttl 64, id 40732, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [.], cksum 0x86a0 (correct), ack 18, win 229, options [nop,nop,TS val 301691960 ecr 173925575], length 0
18:46:03.845239 IP (tos 0x0, ttl 64, id 40733, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [.], cksum 0x8598 (correct), ack 274, win 237, options [nop,nop,TS val 301691960 ecr 173925575], length 0
18:46:03.845776 IP (tos 0x0, ttl 64, id 40734, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [.], cksum 0x7fd9 (correct), ack 1722, win 260, options [nop,nop,TS val 301691960 ecr 173925575], length 0
18:46:03.845887 IP (tos 0x0, ttl 64, id 40735, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [.], cksum 0x7f3e (correct), ack 1855, win 282, options [nop,nop,TS val 301691960 ecr 173925575], length 0
18:46:03.849601 IP (tos 0x0, ttl 64, id 40736, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35216 > 192.168.2.1.80: Flags [F.], cksum 0x7f3a (correct), seq 470, ack 1856, win 282, options [nop,nop,TS val 301691961 ecr 173925576], length 0
18:46:03.964652 IP (tos 0x0, ttl 64, id 5595, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [S], cksum 0x0f5f (correct), seq 3481035149, win 29200, options [mss 1460,sackOK,TS val 301691990 ecr 0,nop,wscale 7], length 0
18:46:03.965375 IP (tos 0x0, ttl 64, id 5596, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xdb06 (correct), ack 237033198, win 229, options [nop,nop,TS val 301691990 ecr 173925587], length 0
18:46:03.965451 IP (tos 0x0, ttl 64, id 5597, offset 0, flags [DF], proto TCP (6), length 509)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [P.], cksum 0xa38f (correct), seq 0:457, ack 1, win 229, options [nop,nop,TS val 301691990 ecr 173925587], length 457
18:46:03.976707 IP (tos 0x0, ttl 64, id 5598, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xd86f (correct), ack 195, win 237, options [nop,nop,TS val 301691993 ecr 173925588], length 0
18:46:03.977284 IP (tos 0x0, ttl 64, id 5599, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xd2b0 (correct), ack 1643, win 260, options [nop,nop,TS val 301691993 ecr 173925588], length 0
18:46:03.977556 IP (tos 0x0, ttl 64, id 5600, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xccf2 (correct), ack 3091, win 282, options [nop,nop,TS val 301691993 ecr 173925588], length 0
18:46:03.977742 IP (tos 0x0, ttl 64, id 5601, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xc82b (correct), ack 4291, win 305, options [nop,nop,TS val 301691993 ecr 173925588], length 0
18:46:03.978434 IP (tos 0x0, ttl 64, id 5602, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xc26d (correct), ack 5739, win 327, options [nop,nop,TS val 301691993 ecr 173925588], length 0
18:46:03.978842 IP (tos 0x0, ttl 64, id 5603, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xbcb9 (correct), ack 7187, win 338, options [nop,nop,TS val 301691993 ecr 173925589], length 0
18:46:03.979328 IP (tos 0x0, ttl 64, id 5604, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xb808 (correct), ack 8387, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.980202 IP (tos 0x0, ttl 64, id 5605, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xb260 (correct), ack 9835, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.980364 IP (tos 0x0, ttl 64, id 5606, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xacb8 (correct), ack 11283, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.980540 IP (tos 0x0, ttl 64, id 5607, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xa808 (correct), ack 12483, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.981449 IP (tos 0x0, ttl 64, id 5608, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0xa260 (correct), ack 13931, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.981918 IP (tos 0x0, ttl 64, id 5609, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0x9e16 (correct), ack 15029, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.981932 IP (tos 0x0, ttl 64, id 5610, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [F.], cksum 0x9e15 (correct), seq 457, ack 15029, win 338, options [nop,nop,TS val 301691994 ecr 173925589], length 0
18:46:03.985662 IP (tos 0x0, ttl 64, id 5611, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35217 > 192.168.2.1.80: Flags [.], cksum 0x9e13 (correct), ack 15030, win 338, options [nop,nop,TS val 301691995 ecr 173925589], length 0
18:46:04.100728 IP (tos 0x0, ttl 64, id 28408, offset 0, flags [DF], proto TCP (6), length 60)

    The tablet has no problem accessing the modem..

     And this one is from my computer (which can also access the modem)

    Fullscreen tcpdumpfrompc.txt Download 
    18:50:34.057607 IP (tos 0x0, ttl 64, id 14963, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35281 > 192.168.2.1.80: Flags [S], cksum 0x1efa (correct), seq 3540010602, win 29200, options [mss 1460,sackOK,TS val 301759513 ecr 0,nop,wscale 7], length 0
18:50:34.058259 IP (tos 0x0, ttl 64, id 14964, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35281 > 192.168.2.1.80: Flags [.], cksum 0xda66 (correct), ack 507276684, win 229, options [nop,nop,TS val 301759513 ecr 173952596], length 0
18:50:34.058370 IP (tos 0x0, ttl 64, id 14965, offset 0, flags [DF], proto TCP (6), length 429)
    192.168.2.2.35281 > 192.168.2.1.80: Flags [P.], cksum 0xfd58 (correct), seq 0:377, ack 1, win 229, options [nop,nop,TS val 301759513 ecr 173952596], length 377
18:50:34.068875 IP (tos 0x0, ttl 64, id 14966, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35281 > 192.168.2.1.80: Flags [.], cksum 0xd78a (correct), ack 344, win 237, options [nop,nop,TS val 301759516 ecr 173952597], length 0
18:50:34.072997 IP (tos 0x0, ttl 64, id 14967, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35281 > 192.168.2.1.80: Flags [F.], cksum 0xd786 (correct), seq 377, ack 345, win 237, options [nop,nop,TS val 301759517 ecr 173952598], length 0
18:50:35.385202 IP (tos 0x0, ttl 64, id 54815, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35282 > 192.168.2.1.80: Flags [S], cksum 0xa244 (correct), seq 3914902394, win 29200, options [mss 1460,sackOK,TS val 301759845 ecr 0,nop,wscale 7], length 0
18:50:35.385829 IP (tos 0x0, ttl 64, id 54816, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35282 > 192.168.2.1.80: Flags [.], cksum 0x0cd5 (correct), ack 499498586, win 229, options [nop,nop,TS val 301759845 ecr 173952729], length 0
18:50:35.385887 IP (tos 0x0, ttl 64, id 54817, offset 0, flags [DF], proto TCP (6), length 429)
    192.168.2.2.35282 > 192.168.2.1.80: Flags [P.], cksum 0x2fc7 (correct), seq 0:377, ack 1, win 229, options [nop,nop,TS val 301759845 ecr 173952729], length 377
18:50:35.396387 IP (tos 0x0, ttl 64, id 54818, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35282 > 192.168.2.1.80: Flags [.], cksum 0x09f9 (correct), ack 344, win 237, options [nop,nop,TS val 301759848 ecr 173952730], length 0
18:50:35.400557 IP (tos 0x0, ttl 64, id 54819, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35282 > 192.168.2.1.80: Flags [F.], cksum 0x09f5 (correct), seq 377, ack 345, win 237, options [nop,nop,TS val 301759849 ecr 173952731], length 0
18:50:41.512161 IP (tos 0x0, ttl 64, id 3184, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [S], cksum 0xeef8 (correct), seq 3004206865, win 29200, options [mss 1460,sackOK,TS val 301761377 ecr 0,nop,wscale 7], length 0
18:50:41.512860 IP (tos 0x0, ttl 64, id 3185, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [.], cksum 0xe69f (correct), ack 513093135, win 229, options [nop,nop,TS val 301761377 ecr 173953342], length 0
18:50:41.512924 IP (tos 0x0, ttl 64, id 3186, offset 0, flags [DF], proto TCP (6), length 472)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [P.], cksum 0xde08 (correct), seq 0:420, ack 1, win 229, options [nop,nop,TS val 301761377 ecr 173953342], length 420
18:50:41.570487 IP (tos 0x0, ttl 64, id 3187, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [.], cksum 0xe4d6 (correct), ack 18, win 229, options [nop,nop,TS val 301761391 ecr 173953348], length 0
18:50:41.571259 IP (tos 0x0, ttl 64, id 3188, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [.], cksum 0xe3cd (correct), ack 274, win 237, options [nop,nop,TS val 301761392 ecr 173953348], length 0
18:50:41.571826 IP (tos 0x0, ttl 64, id 3189, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [.], cksum 0xde0e (correct), ack 1722, win 260, options [nop,nop,TS val 301761392 ecr 173953348], length 0
18:50:41.571874 IP (tos 0x0, ttl 64, id 3190, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [.], cksum 0xdd73 (correct), ack 1855, win 282, options [nop,nop,TS val 301761392 ecr 173953348], length 0
18:50:41.575443 IP (tos 0x0, ttl 64, id 3191, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35283 > 192.168.2.1.80: Flags [F.], cksum 0xdd70 (correct), seq 420, ack 1856, win 282, options [nop,nop,TS val 301761393 ecr 173953348], length 0
18:50:41.599776 IP (tos 0x0, ttl 64, id 57478, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [S], cksum 0x4a64 (correct), seq 2192466929, win 29200, options [mss 1460,sackOK,TS val 301761399 ecr 0,nop,wscale 7], length 0
18:50:41.600496 IP (tos 0x0, ttl 64, id 57479, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [.], cksum 0x7c6e (correct), ack 500888669, win 229, options [nop,nop,TS val 301761399 ecr 173953351], length 0
18:50:41.600545 IP (tos 0x0, ttl 64, id 57480, offset 0, flags [DF], proto TCP (6), length 409)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [P.], cksum 0x7e15 (correct), seq 0:357, ack 1, win 229, options [nop,nop,TS val 301761399 ecr 173953351], length 357
18:50:41.610913 IP (tos 0x0, ttl 64, id 57481, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [.], cksum 0x7a3c (correct), ack 195, win 237, options [nop,nop,TS val 301761401 ecr 173953352], length 0
18:50:41.611445 IP (tos 0x0, ttl 64, id 57482, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [.], cksum 0x747c (correct), ack 1643, win 260, options [nop,nop,TS val 301761402 ecr 173953352], length 0
18:50:41.611780 IP (tos 0x0, ttl 64, id 57483, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [.], cksum 0x6ebe (correct), ack 3091, win 282, options [nop,nop,TS val 301761402 ecr 173953352], length 0
18:50:41.612087 IP (tos 0x0, ttl 64, id 57484, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.2.2.35284 > 192.168.2.1.80: Flags [.], cksum 0x69f7 (correct), ack 4291, win 305, options [nop,nop,TS val 301761402 ecr 173953352], length 0
18:50:41.612860 IP (tos 0x0, ttl 64, id 57485, offset 0, flags [DF], proto TCP (6), length 52)

     

    What the... is going on... I can't understand...

     
    Sophos XG Home Licence.

    Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
  • 0 in reply to ChriZathens

    "Changed the additional address to /30, but still the same"

    Not the same!  We're now getting mostly ACKs in the tcpdump and not the outrageously high seq numbers.  Did you see any blocks in the Firewall or Intrusion Prevention logs at the time of this last test?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Did not check the first time, but gave it another try right now and nothing in firewall log, nor in IPS...

     
    Sophos XG Home Licence.

    Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
  • 0 in reply to ChriZathens

    This is strange.  What do you see if you test while running tcpdump on the Internal NIC with src the IP of the modem and dst the IP of your phone - does the UTM see responses sent to your phone?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello again, Bob!

    Yes, it is strange... Every device but my personal smartphones can access the modem's WebGui..

    I will check the tcpdump once I am home...

    I think I will delete every and single trace of the phones from the UTM, delete any rules, associated with them and delete the WiFi from my phones.

    Then start over again, as if it is the first time they are accessing the home network and check their behavior...

     
    Sophos XG Home Licence.

    Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
  • 0 in reply to sachingurung

    Hi Sachin,

    the UTM needs no ARP entry for 192.168.2.2, its a secondary UTM IP....

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML