Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
CyDa SlumBummer

Separating modem and router in modem router combo

Recommended Posts

Posted · Original PosterOP

I am trying to run my traffic through a firewall before going to my network. I don't have the money right now to buy my own modem or wireless router, so I am stuck making this work with the ISP modem/router combo. I want to have traffic go from the modem in the modem/router combo, then go to the firewall (separate box), then back to the modem/router combo to use it's wifi for the house. The firewall is an opnsense vm.

 

Is this even possible?

Link to post
Share on other sites

generally, no. the output of the modem is hard wired to the input of the router.


this post was sponsored by folding gang. fold today or be a virgin forever.

Link to post
Share on other sites
3 minutes ago, CyDa SlumBummer said:

I am trying to run my traffic through a firewall before going to my network. I don't have the money right now to buy my own modem or wireless router, so I am stuck making this work with the ISP modem/router combo. I want to have traffic go from the modem in the modem/router combo, then go to the firewall (separate box), then back to the modem/router combo to use it's wifi for the house. The firewall is an opnsense vm.

 

Is this even possible?

can you setup vlans on the isp router? if so yes, otherwise no I don't think so...


 

 

Link to post
Share on other sites

You can set the Modem to Bridged Mode to disable the Router in it to allow the Firewall to perform all DHCP/Port Forwarding services but for the Combo to continue to act as an AP I don't believe this will work, no. You'd need to buy a stand-alone AP (or another router in AP mode) and plug it into the firewall.


Guides & Tutorials:

How to Format Storage Devices in Windows 10

A How-To: Drive Sharing in Windows 10

VFIO GPU Pass-though w/ Looking Glass KVM on Ubuntu 19.04

A How-To Guide: Building a Rudimentary Disk Enclosure

Three Methods to Resetting a Windows Login Password

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

 

Guide/Tutorial in Progress:

A Beginners Guide to Servers

 

In the Queue:

[Taking Suggestions]

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites

Modem/router combos are garbage(especially ISP provided), and they are not physically separated, in order to set up a physical firewall you have to hardwire from modem to firewall to router, most modem/router combos do not have the ability to do so as they are already internally connected. You could disable the router portion of the combo and set up a separate router or AP and use the combo as just a modem and that might work but you would have to buy another router or AP, I honestly recommend using it as it is until you can afford to replace both the modem and router, then worry about the firewall.


Main Desktop: Cpu - I9-9900k @5ghz | Mobo - Gigabyte Z390 Aorus Master | Gpu - Asus ROG STRIX 2080ti OC Ram - G.Skill Trident Z RGB 16GB 3200mhz | Aio - H100i Pro RGB | Psu - Evga 850 G3 | Case - Fractal Design Meshify C White | Storage - Samsung 970 Pro M.2 NVME SSD 1x 1TB 1x 512GB / 1x Seagate Ironwolf Pro 4TB HDD |

 

TV Streaming PC: Intel Nuc CPU - i7 8th Gen | RAM - 16GB DDR4 2666mhz | Storage - 256GB WD Black M.2 NVME SSD |

 

Phone: Samsung Galaxy S10+ - Ceramic White 512GB |

 

If you ask for a Mid Tower case recommend, I will 90% of the time recommend the Fractal Design Meshify C or S2.

Link to post
Share on other sites
8 minutes ago, Windows7ge said:

You can set the Modem to Bridged Mode to disable the Router in it to allow the Firewall to perform all DHCP/Port Forwarding services but for the Combo to continue to act as an AP I don't believe this will work, no. You'd need to buy a stand-alone AP (or another router in AP mode) and plug it into the firewall.

Actually this can sometimes be done, if the router lets you bridge the modem to a specific ethernet port then Access Point should still function on the rest of the LAN ports.  Its certainly possible with most routers that can support OpenWRT and I've also done it on Zyxel routers.  Of course you need to know a little about networking to get it configured.

 

The wildcard here is ISP provided router, as they are often locked down compared to stock firmware, so might not allow you access to the necessary options.


Router: i5-7200U appliance running pfSense.
ISP: Zen Unlimited Fibre 2 (66Mbit) + Plusnet Unlimited Fibre Extra. (56Mbit)

Link to post
Share on other sites
2 minutes ago, Alex Atkin UK said:

Actually this can sometimes be done, if the router lets you bridge the modem to a specific ethernet port then Access Point should still function on the rest of the LAN ports.  Its certainly possible with most routers that can support OpenWRT and I've also done it on Zyxel routers.  Of course you need to know a little about networking to get it configured.

 

The wildcard here is ISP provided router, as they are often locked down compared to stock firmware, so might not allow you access to the necessary options.

What has me thinking that it's not (at least in this instance) is when setting it to bridged mode the firewall will get the WAN IP. Even if he left the router enabled all the wired clients would have to deal with a double NAT and all the wireless clients wouldn't pass-though the firewall.

 

I agree if it's possible I don't think the specific hardware here is adequate. VLANs might enable one to rig something up but I haven't heard ISP provided equipment allowing this but then as you said OpenWRT. Unfortunately I have no experience with that.


Guides & Tutorials:

How to Format Storage Devices in Windows 10

A How-To: Drive Sharing in Windows 10

VFIO GPU Pass-though w/ Looking Glass KVM on Ubuntu 19.04

A How-To Guide: Building a Rudimentary Disk Enclosure

Three Methods to Resetting a Windows Login Password

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

 

Guide/Tutorial in Progress:

A Beginners Guide to Servers

 

In the Queue:

[Taking Suggestions]

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Just now, Windows7ge said:

What has me thinking that it's not (at least in this instance) is when setting it to bridged mode the firewall will get the WAN IP. Even if he left the router enabled all the wired clients would have to deal with a double NAT and all the wireless clients wouldn't pass-though the firewall.

 

I agree if it's possible I don't think the specific hardware here is adequate. VLANs might enable one to rig something up but I haven't heard ISP provided equipment allowing this but then as you said OpenWRT. Unfortunately I have no experience with that.

You don't need VLANs as long as the ISP router lets you bridge the modem to a specific LAN port, the rest of the LAN ports will still be bridged to the WiFi.  (IF the router doesn't disable WiFi in bridge mode)

 

Basically the modems bridged port goes to the firewalls WAN port, one of the remaining LAN ports goes to the firewalls LAN port.  Its a bit messier with wires, but does the same thing you would with VLANs and a single cable.


Router: i5-7200U appliance running pfSense.
ISP: Zen Unlimited Fibre 2 (66Mbit) + Plusnet Unlimited Fibre Extra. (56Mbit)

Link to post
Share on other sites
1 minute ago, Alex Atkin UK said:

You don't need VLANs as long as the ISP router lets you bridge the modem to a specific LAN port, the rest of the LAN ports will still be bridged to the WiFi.  (IF the router doesn't disable WiFi in bridge mode)

 

Basically the modems bridged port goes to the firewalls WAN port, one of the remaining LAN ports goes to the firewalls LAN port.  Its a bit messier with wires, but does the same thing you would with VLANs and a single cable.

Ah, alright I see what you mean. Makes sense. I take it though not all modem/routers behave in this way?


Guides & Tutorials:

How to Format Storage Devices in Windows 10

A How-To: Drive Sharing in Windows 10

VFIO GPU Pass-though w/ Looking Glass KVM on Ubuntu 19.04

A How-To Guide: Building a Rudimentary Disk Enclosure

Three Methods to Resetting a Windows Login Password

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

 

Guide/Tutorial in Progress:

A Beginners Guide to Servers

 

In the Queue:

[Taking Suggestions]

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
4 minutes ago, Windows7ge said:

Ah, alright I see what you mean. Makes sense. I take it though not all modem/routers behave in this way?

Indeed, but its some years since I've used an ISP provided router so I have no idea how common this functionality is now.  I know some ISPs have been known to use the Zyxel routers that DO allow this, I get the feeling its the nasty big US ISPs that still tend to lock things down.

 

We tend to have an insanely diverse selection of routers in the UK, but again the bigger the ISP, the more likely its locked down.


Router: i5-7200U appliance running pfSense.
ISP: Zen Unlimited Fibre 2 (66Mbit) + Plusnet Unlimited Fibre Extra. (56Mbit)

Link to post
Share on other sites
5 minutes ago, Alex Atkin UK said:

I get the feeling its the nasty big US ISPs that still tend to lock things down.

Can confirm. In the US. New ISP router disabled NAT Lookback and I have not been able to find any setting at all to re-enable it. Would no surprise me if current modem/routers disabled all ports but port 1 and Wi-Fi for the user Router/firewall.


Guides & Tutorials:

How to Format Storage Devices in Windows 10

A How-To: Drive Sharing in Windows 10

VFIO GPU Pass-though w/ Looking Glass KVM on Ubuntu 19.04

A How-To Guide: Building a Rudimentary Disk Enclosure

Three Methods to Resetting a Windows Login Password

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

 

Guide/Tutorial in Progress:

A Beginners Guide to Servers

 

In the Queue:

[Taking Suggestions]

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Posted · Original PosterOP

It looks like I can enable bridge mode on mine. I will try to configure as recommended when I get home tonight. Thank you for the input. Hopefully I can get this to work because I need to do it for a university research project.

1 hour ago, CyDa SlumBummer said:

 

 

Link to post
Share on other sites

You could man-in-the-middle a router, basically You would change the DHCP gateway so that all traffic goes through the firewall.

 

You could do this by connecting the wan and the lan to the modem/router, turn off dhcp on the combo, set a static ip on both ports in the firewall and enable dhcp on the firewall. make sure that the wan port has the correct gateway and that lan and wan are on different subnets.

Link to post
Share on other sites
Posted · Original PosterOP

So I set static IPs, disabled DHCP, setup opnsense as the DHCP server and wireless connection went down. What I am thinking is that I need to set the modem to bridge mode to keep the modem from screwing everything up haha. I will see what happens tonight after the family goes to sleep.

 

Side note:

Waiting until late night when everyone is asleep makes this feel like I'm a mad scientist creating a monster. Makes it feel even more fun.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×