Skip to content

Instantly share code, notes, and snippets.

@russelldavies

russelldavies/README.md

Created October 7, 2022 14:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save russelldavies/72401a59b3e51fcb781d13ca040c7dee to your computer and use it in GitHub Desktop.
Save russelldavies/72401a59b3e51fcb781d13ca040c7dee to your computer and use it in GitHub Desktop.
Download ZIP
Accessing a Modem through a Ubiquiti USG
Raw
README.md

The configuration here assumes that the USG is configured at 192.168.1.1/24 and the modem at 192.168.0.1/24.

IP Masquerading

For this method we need to create a virtual interface on the USG's WAN port configured to the same subnet as the modem. As the USG will be configured with both its own subnet and the modem's, it knows how to route traffic between them. Heowever, without a static route, the modem doesn't know how to route traffic back to the USG's LAN. The solution is make the USG do some NAT so that the USG's LAN packets have their IP address masqueraded so the packets appear to come from the USG's virtual interface rather than the LAN.

On the USG create a virtual network interface (psuedo interface) with an IP address on the same subnet as the modem (192.168.0.100 is chosen here) and add a masquerading rule:

configure
set interfaces pseudo-ethernet peth0 link eth0
set interfaces pseudo-ethernet peth0 address 192.168.0.100/24
set interfaces pseudo-ethernet peth0 description "Access to modem"

set service nat rule 5000 type masquerade
set service nat rule 5000 destination address 192.168.0.1
set service nat rule 5000 outbound-interface peth0
commit
save
exit

To make this permanent configure the USG's config.gateway.json file:

{
  "interfaces": {
    "pseudo-ethernet": {
      "peth0": {
        "address": ["192.168.0.100/24"],
        "description": "Access to Modem",
        "link": ["eth0"]
      }
    }
  },
  "service": {
    "nat": {
      "rule": {
        "5000": {
          "destination": {
            "address": ["192.168.0.1"]
          },
          "outbound-interface": ["peth0"],
          "type": "masquerade"
        }
      }
    }
  }
}

Using Static Routes

Note that this method requires adding a static route on the modem which may not be possible if it's a generic consumer product.

On the USG create a virtual network interface (psuedo interface) with an IP address on the same subnet as the modem (192.168.0.100 is chosen here):

configure
set interfaces pseudo-ethernet peth0 link eth0
set interfaces pseudo-ethernet peth0 address 192.168.0.100/24
set interfaces pseudo-ethernet peth0 description "Access to modem"
commit
save
exit

Add the following route on the modem so it knows how to route traffic back to the USG:

# ip route add <USG subnet> <subnet mask> <USG WAN IP> static
ip route add 192.168.1.0 255.255.255.0 192.168.0.100 static

To make this permanent configure the USG's config.gateway.json file:

{
  "interfaces": {
    "pseudo-ethernet": {
      "peth0": {
        "address": ["192.168.0.100/24"],
        "description": "Access to Modem",
        "link": ["eth0"]
      }
    }
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment