NR7101: Access Management Service (UI) in IP passthrough (bridge) mode

k1s

If you unplug the WAN with the modem then you can connect to Management

No, it makes no difference if the other modem is plugged in or not, as soon as the NR7101 is plugged into (any) router port, it cannot be reached via it's ethernet cable.

you can't access Management of NR7101 unless your able to make a routing rule.

What would the routing rule be?

PeterUK

Ok @k1s try this don't have modem connected connect NR7101 to WAN test your LAN has internet then try Management

What would the routing rule be?

like this

PeterUK

@monty03

the layout Zyxel vs Ubiquiti are different on how one does it to the other so maybe you need static route + Source NAT and Masquerade for it to work?

when you did static route you use next-hop interface and not a IP?

monty03

I tried to use static route with next-hop interface and a source nat rule with masquerade as well. I think the NR7101 must be the cause of the problem, because if I use a ZTE 5G modem, access to its GUI works fine with the same configuration.

PeterUK

But here the thing you say “When I connect my laptop directly to the NR7101 I get the IP from my service provider e.g. 77.116.241.xx and I can access the NR7101 via IP 192.168.2.1.” So your Ubiquiti must be getting 77.116.241.xx you are on 192.168.1.0 subnet traffic goes to your gateway for 192.168.2.1 you then SNAT from 77.116.241.xx to go to 192.168.2.1 but if it work when your laptop directly connected to the NR7101 then why the problem?

What if you change NR7101 Management IP to another and without any other Internet connection connected?

k1s

https://community.zyxel.com/en/discussion/comment/54405#Comment_54405

Thanks for your suggestion. Synology RT6600ax does not have a UI like yours (no next hop options). We can only add static routes like this:

The UI allows for 2 internet connections like this:

NR7101 is plugged into 'Primary Interface'. (ZTE 5G modem is in the Secondary 'LAN1'). The mode of operation is set under 'Smart Wan', like this:

As you can see, it shows 'Inactive' for some reason, and asks prompts me to configure it. The options are as below:

I've no idea what to put in there. Nebula shows the IP Address
as 10.35.22.8, and DNS servers as
10.203.xx.xx, 10.203.xx.xx, but I'm sure these are not what is expected here.

enjayaitch

I realise that this is an old post, but I faced exactly this issue with my UDM and NR7101. When in normal mode, the NR7101 is accessible from inside my LAN according to the settings in the 'bridge1' Interface Group under (Home Networking) - the IP reported for the WAN port by UDM is an address in the same range, assigned by the NR7101 to the UDM.

In IP passthrough mode, the IP address reported by the UDM on the WAN port is consistent with the 'public IP' shown in the NR7101 config screen. In my case this is not a true public IP but a private one in the range 10.x.x.x, due to carrier-grade NAT for mobile networks.

The bizarre thing is this: the NR7101 config page is accessible at an IP address one above or one below the 'public' IP assigned. Whether one above or one below is seemingly random and changes every time the public IP changes.

I have not set anything up in the 'Maintenance' → 'Remote Management' → 'MGMT Services for IP Passthrough'. HTTP is currently disallowed there yet I am able to access the config page unencrypted. This suggests that it can't be travelling via the internet from inside my LAN, so must be a direct route to the 'LAN side' config of the NR7101.

My knowledge is insufficient to understand how or why this works, whether it's a feature of the UDM or the 7101, but for anyone desperate to get at the config page in IP Passthrough mode from inside a Unifi LAN, give this a try!