Bridging a TP-Link ADSL Modem With Web GUI Access from Lan Side

Sometime you have to configure large over complex "enterprise" grade devices and other times you have to deal with consumer grade hardware with confusing interfaces and puzzling feature omissions or bugs.

Setting up Bridge Mode on TP-Link TD8177, ADSL Modem

We  come face-to-face with the consumer grade devices when configuring branch ADSL connectivity, setting up VPNs etc. One device we like for its simplicity is the TP-Link TD8177. It is just an ADSL modem with single LAN port.  The device has no built-in wifi access point, no extra and unneeded Lan ports but it's firmware does have the basic router functionality if needed. (We wish we could get the one without the annoying USB port, the sole purpose of which seems to be allowing people to configure the device on Windows, but the model is not available in SA.)

If the customer's budget allows we prefer to turn the device into bridge mode and have a dedicated firewall appliance device installed with Linux of FreeBSD do the firewalling and routing. This is something we strongly recommend to our customers rather than relying on the manufacturer to keep the firmware up-to-date.

Setting the ADSL Modem in Bridge Mode

To put the device in bridge mode look for the setting under "Interface Settings" -> Internet ->Encapsulation -> "Bridge Mode". Note: This is different to the "Interface Settings" -> Internet -> "Bridge Mode" ->Encapsulation ->RFC1483  setting which is to do with how one encapsulates Ethernet frames in DSL frames before sending them down the wire to the DSLAM (as far as I can tell). This latter setting is something that is quite different form the bride mode of the former configuration.

How to Access ADSL Modem Web GUI in Bridge Mode?

What's great about the TP-Link TD8177 is that putting it in bridge mode, and setting up PPPoE on the FreeBSD or Linux box, still allows access to the device via its assigned IP address. This address can be assigned via the GUI interface as per normal. The problem however is trying to access the ADSL modem via its IP address from the Lan side of the firewall if the Lan side is in a different IP address range to the ADSL modem/router.

Trying to set a static route under "Advanced Setup" -> Routes proved to be impossible due to a bug in the web gui or back-end script that implements the results of the configuration via the GUI. Assuming we have the modem with IP address 192.168.80.2 and the firewall has address 192.168.80.1 and we want to be able to access the web gui on 192.168.80.2 from our lan network of 192.168.55.0/24.

Trying to set up a route to a network such as 192.168.55.0/24 with the ip of the firewall interface (192.168.80.1) as the gateway results in a routing table entry being created with the interface of the ADSL Virtual Circuit port. This is despite selecting the gateway tick box and providing a gateway address. It will only access an IP address that matches the IP address of the ADSL modem. The end result is that traffic can reach the ADSL modem but the modem tries to send the response down the ADSL port.

Telnet and CLI to the Rescue

Luckily the TP-Link TD8177 can be configured by the command line. One simple needs to telnet into the device. We were happy to find that adding a route manually worked!

"ip route add 192.168.55.0/24 192.168.80.1 1"

Immediately the routing entry was added we got responses to our ping requests. Sadly the joy was short-lived as the modem lost the settings on reboot. A bit more googling revealed that we needed to use the "addrom" set of commands to make the changes persistent.

ip route addrom index 2
ip route addrom name lan
ip route addrom set 192.168.55.0/24 192.168.80.1 1
ip route addrom save

Note: The index number above can be obtained by looking at the routing table entries under "Advanced Settings"->Routing and incrementing the last routes index by 1.

Now the device retains its setting on reboot and we get the best of both worlds. Our PPPoE connection is managed via our firewall and we can still access the ADSL GUI interface if necessary.

The TP-Link TD8177 are nice, no-nonsense devices!

Happy Hacking