Is this a bug?

My LAN uses IP addresses in the range 10.11.12.x. From a computer on the LAN, I do

and my modem responds. Selfishly, I like this behavior as it lets me see techie details of my ISP connection. But it seems like a bug. That is, the router sent an request for a local-only IP address out the WAN port. By definition, this IP address can’t be on the Internet.

I have seen this happen at two locations, one with a Balance router on firmware v5 and one with a Surf Soho with firmware v6. The modems were different at each location.

Is it a bug?

Again, not that I mind it, as its useful to be able to talk to the modems. Thanks.

Hi Michael,

  1. May I know what is the IP on Balance router WAN interface?

  2. Balance router WAN interface is configured as NAT or IP Forwarding?

This is not a bug and it happens because the ISP modem has a default management IP of The ISP modem will not try to route this address out to the internet, but rather bring up the modem’s web admin page.

If you need the IP address, I’ll provide it by email, not in a public forum. I’m not sure I understand your second question. The Balance router is connected to two wired ISPs, cable and DSL. So, there is no one IP for the router. If NAT is the default mode of operation, that’s what it is.

Perhaps I wasn’t clear. I realize that the ISP modem responds to, but the Peplink router does not know that. Or does it? I would think that it only knows about the public IP address from the ISP on the WAN side. Or, does it know that the cable box responds to this IP. If the router passes this IP from the LAN side to the WAN side, won’t it also pass other 192.168.x.x IPs? And 10.x.x.x IPs too?

The heart of the question is whether the Peplink routers (again I have seen this on two different models) pass requests for internal IP addresses out the WAN port on purpose or if its an oversight.

I should add that there is no VPN connection involved with either router. I can see if one side of a Peplink VPN connection was 192.168.88.x and the other side was 192.168.99.x, then of course, these private IP address need to be allowed out the WAN port.

Thank you.


Per TK’s first question I believe he is just looking to see if the WAN interface IP on the Balance is a public IP or if the balance was getting a NAT IP 192.168.100.x from the ISP Modem.

If the ISP modem is in bridged mode and the Balance is receiving a Public IP you should be able to reach the ISP modem at it’s private management IP. You will just need to make sure that you are going out the correct WAN interface to reach the modem. May need to create a outbound policy for this:

Source Any:
Protocol: Any
Algorithm: Enforced (Choose the applicable WAN)

To answer TK’s question, the WAN interfaces all see a public ISP IP address. Sorry if that wasn’t clear.

I am indeed able to reach the ISP modem (all are dumb modems, not gateways) at its private management IP address ( As for going out the correct WAN port, one router was a Surf Soho which was only connected to a single ISP. The other router, a Balance model, is connected to a cable modem and a DSL modem. For whatever reason it sends the to the cable modem.

But, the question is, why does the router send any packet with an internal IP address out the WAN port? This seems like an oversight. Or, am I missing something?

Certainly with a Peplink site to site VPN, this is necessary, but there is no VPN involved in my cases. Thanks.


This is normal and Jarid has explained this. Let me elaborate further the reason.

Please find the attached.

Traffics flow 1 - PC try to access modem. The packet definitely can reach to modem since Balance router point modem as default gateway. In other word, Balance router route to modem.

Traffics flow 2 - Modem replies the request (modem replies Believe modem can accept and return to different subnet (Certain product support this like our Pepwave AP).

Hope this help.