Bridge or Tunnel or NAT ?

Similar Messages

• Can a Cisco 881 router create an L2TP/IPsec tunnel via NAT to Windows 2008?

  Hi
  Was anyone successfull in setting up an L2TP/IPsec tunnel through NAT-T against a Windows 2008/ R2 RRAS server? I am using an 881 router and the layout is someting like this:
  Client -> 881 -> NAT -> internet -> Windows 2008 RRAS
  The tunnel goes form the 881 to the Windows server (not from the client...).
  Thanks
  Roland

  Hi Federico
  Thanks for your help! Much appreciated.
  In my case this should be transparent to the client - I would like not to initiate the connection from the client.
  Does that makes sense? I am considering L2TP because Windows 2008 R2 doesn't support IPSec tunnels through NAT (2008 R2 being the responder and the Cisco router the initiator of the IPSec connection).
  Regards
  Roland

• Tunnel over NAT

  Hi All
  In our network we have configured tunnel over NAT setup
  this tunnel is flapping continuously
  with log meesage CRYPTOSESSION UP & DOWN
  Attaching the configuration detail on the remote Side router
  there is Crypto Seesion Up & Down log in the Hub Side router

  Hi, Yes i have removed the crypto map from the tunnel & applied only in Fastethernet but the tunnel is still flapping
  with the same log messages:
  Aug 14 17:28:55: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 165.204.14.205 (Tunn
  el160) is down: interface down
  Aug 14 17:29:33: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer 195.75.9
  7.209:4500 Id: 195.75.97.209
  Aug 14 17:29:33: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN. Peer 195.75.9
  7.209:4500 Id: 195.75.97.209
  Aug 14 17:29:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel160, chan
  ged state to up
  Aug 14 17:30:21: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 165.204.14.205 (Tunn
  el160) is up: new adjacency
  Configuration Detail
  dubai-vpn1#sh running-config interface tunnel 160
  Building configuration...
  Current configuration : 388 bytes
  interface Tunnel160
  description Primary GRE to drsfso-vpn1
  bandwidth 512
  ip address 165.204.14.206 255.255.255.252
  ip mtu 1400
  ip hello-interval eigrp 1 40
  ip hold-time eigrp 1 220
  ip route-cache flow
  ip tcp adjust-mss 1360
  no ip mroute-cache
  load-interval 30
  delay 1000
  qos pre-classify
  keepalive 20 5
  tunnel source FastEthernet0/1
  tunnel destination 195.75.97.209
  end
  Regards
  Gopinath.V

• Ace module in bridged mode with client nat

  Could someone confirm whatever a NAT is supported for ACE-20 module, please?
  Let me to explain technical details.
  I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure
  if the configuration below is correct. ACE module should be configured in bridge mode with two
  vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36.
  NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding
  "policy-map type loadbalance"
  Could you check two parts of configs and advise me if the ACE config is
  properly converted from CSM and will be working in the same way (especialy for NAT).
  Thank you in advance.
  CSM config
  =======
  vlan 36 client
    ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
    gateway 10.36.3.1
  vlan 436 server
    ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
  natpool WEB-MAIL 10.36.3.100 10.36.3.100 netmask 255.255.255.0
  sticky 30 netmask 255.255.255.255 address source timeout 60
  probe SHAREPOINT tcp
    interval 30
    failed 120
    open 3
    port 80
  probe WEBMAIL-443 tcp
    interval 5
    failed 60
    open 2
    port 443
  serverfarm WEBMAIL-443
    nat server
    nat client WEB-MAIL
    predictor leastconns
    real 10.36.3.101 443
     inservice
    real 10.36.3.102 443
     inservice
    probe WEBMAIL-443
  serverfarm WEBMAIL-80
    nat server
    nat client WEB-MAIL
    predictor leastconns
    real 10.36.3.101 80
     inservice
    real 10.36.3.102 80
     inservice
    probe SHAREPOINT
  vserver WEBMAIL-443
    virtual 10.36.3.100 tcp https
    serverfarm WEBMAIL-443
    sticky 60 group 30
    replicate csrp sticky
    replicate csrp connection
    persistent rebalance
    inservice
  vserver WEBMAIL-80
    virtual 10.36.3.100 tcp www
    serverfarm WEBMAIL-80
    replicate csrp connection
    persistent rebalance
    inservice
  ACE config
  =======
  probe tcp WEBMAIL-443
    interval 5
    open 2
    passdetect interval 60
    port 443
  probe tcp SHAREPOINT
    interval 30
    open 3
    passdetect interval 120
    port 80
  serverfarm host WEBMAIL-443
    predictor leastconns
    probe WEBMAIL-443
    rserver 10-36-3-101 443
      inservice
    rserver 10-36-3-102 443
      inservice
  serverfarm host WEBMAIL-80
    predictor leastconns
    probe SHAREPOINT
    rserver 10-36-3-101 80
      inservice
    rserver 10-36-3-102 80
      inservice
  class-map match-all WEBMAIL-80
    match virtual-address 10.36.3.100 tcp eq www
  class-map match-all WEBMAIL-443
    match virtual-address 10.36.3.100 tcp eq https
  sticky ip-netmask 255.255.255.255 address source 30
    serverfarm WEBMAIL-443
    replicate sticky
    timeout 60
  policy-map type loadbalance first-match WEBMAIL-80
    class class-default
      serverfarm WEBMAIL-80
      nat dynamic 1025 vlan 436 serverfarm primary
  policy-map type loadbalance first-match WEBMAIL-443
    class class-default
      sticky-serverfarm 30
      nat dynamic 1025 vlan 436 serverfarm primary
  parameter-map type http HTTP_ADV_OPT
    persistence-rebalance
  policy-map multi-match IFVLAN36-POLICY
  class WEBMAIL-80
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-80
      loadbalance vip inservice
      loadbalance vip icmp-reply active
    class WEBMAIL-443
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-443
      loadbalance vip inservice
      loadbalance vip icmp-reply active
  interface vlan 36
    bridge-group 36
    service-policy input IFVLAN36-POLICY
    mac-sticky enable
    no shutdown
  interface vlan 436
    bridge-group 36
    nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0
    no shutdown
  interface bvi 36
    ip address 10.36.3.3 255.255.255.0
    peer ip address 10.36.3.4 255.255.255.0
    no shutdown

  Hello F.Makarenko-
    You will want to use PAT while you do nat, so change the natpool configuration to this:
     nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0 pat
    You also need to apply the nat like this:
  policy-map multi-match IFVLAN36-POLICY
  class WEBMAIL-80
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-80
      loadbalance vip inservice
      loadbalance vip icmp-reply active
      nat dynamic 1025 vlan 436
    class WEBMAIL-443
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-443
      loadbalance vip inservice
      loadbalance vip icmp-reply active
      nat dynamic 1025 vlan 436
  If you are going to build out a lot of classes, you can instead do source nat like this:
  policy-map multi-match IFVLAN36-POLICY
  class WEBMAIL-80
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-80
      loadbalance vip inservice
      loadbalance vip icmp-reply active
  class WEBMAIL-443
      appl-parameter http advanced-options HTTP_ADV_OPT
      loadbalance policy WEBMAIL-443
      loadbalance vip inservice
      loadbalance vip icmp-reply active
  class class-default
      nat dynamic 1025 vlan 436
  Regards,
  Chris Higgins

• IPSEC tunnel with NAT and NetMeeting

  I have established an IPSEC tunnel with two Cisco 2621 routers. Clients over the Internet are able to dial into the MCU server, which is behind one of the Cisco 2621 routers configured with NAT but the MCU is not able to call the client. The MCU is able to call any server or client on the LAN however it is not able to call anyone passed the router configured with NAT. Could anyone who has experience with NAT and IPSEC help me out?
  Thanks,

  The following doc should help...
  http://www.cisco.com/warp/public/707/ipsecnat.html

• Vpn tunnels and Nat on Cisco soho 91 routers ??

  Is it possible to create the following, using the soho 91 routers:
  Router A (192.168.1.0) network
  E0 192.168.1.250
  E1 external ip (world ip)
  Router B (192.168.99.0) network
  E0 192.168.99.1
  E1 external ip (world ip)
  Router C (192.168.103.0) network
  E0 192.168.103.1
  E1 external ip (world ip)
  tunnel1 = from Router A to Router B
  tunnel2 = from Router A to Router C
  on Router A
  ip route 192.168.2.0 255.255.255.0 192.168.1.2
  ip route 192.168.3.0 255.255.255.0 192.168.1.3
  ip route 192.168.4.0 255.255.255.0 192.168.1.4
  ip route 192.168.99.0 255.255.255.0 to-tunnel1
  ip route 192.168.103.0 255.255.255.0 to-tunnel2
  ip route nat (everything thing else)
  on Router B
  ip route 192.168.1.0 255.255.255.0 to-tunnel1
  ip route 192.168.103.0 255.255.255.0 to-tunnel1
  ip route nat (everything else)
  on Router C
  ip route 192.168.1.0 255.255.255.0 to-tunnel2
  ip route 192.168.103.0 255.255.255.0 to-tunnel2
  ip route nat (everything else)
  Thanks.
  Wayne

  I assume you are using GRE tunnel and not IPSec. If GRE tunnel, the configuration looks OK except for Router C. The "ip route 192.168.103.0 255.255.255.0 to-tunnel2" should be "ip route 192.168.99.0 255.255.255.0 tunnel2 " pointing to the network connected to Router B. Also the correct command should not have "to-tunnel1", it is simply "tunnel1"

• 2800 w/ site-site tunnel using NAT and user tunnels

  I am using a 2800 to terminate a site-site IPSec tunnel using a crypto map. It is also used to terminate several user tunnels.
  Because of overlapping private address space there is a source NAT rule in place that overloads addresses prior to routing them across the site-site tunnel.
  The problem is that the user tunnels are not able to communicate with any host located on the far end of the site-site tunnel. The site-site tunnel (and it's NAT) works just fine for users coming from any other interface on the 2800.
  Does anyone have any ideas? I've gone ahead and attached the existing configuration for those that are brave or incredibly smart :) It is a fairly trashed config though, and I'm still trying to clean it up from where it was.
  Thank you VERY much ahead of time,
  Steve

  Duplicate posts.  :P
  Go here:  http://supportforums.cisco.com/discussion/12152361/2nd-site-site-ipsec-tunnel-nat-traversal-setting-fail-establish-however-1st

• OpenVPN and bridge mode tunnels - Wiki'fied.

  After spending the last couple of days messing around with OpenVPN to work in bridge mode, I've made a wiki to help other people.
  I assigned a couple of variables in /etc/rc.conf - I hope that's not against the Arch way of doing stuff. And I could use some help on my /etc/rc.d/openvpn to make it more elegant (see my note in the wiki)
  Let me know if it works or doesn't work for anyone else.
  http://wiki.archlinux.org/index.php/OpenVpnBridge

  There are other similar projects:
  http://www1.cs.columbia.edu/~lennox/udptunnel/
  http://vtun.sourceforge.net
  though I've never tried them...
  And about vpn docs did you check these webpages?
  http://www.linux-sec.net/VPN/
  http://www.linuxhomenetworking.com/linu … -linux.htm
  http://gentoo-wiki.com/HOWTO_OpenVPN_primer
  EDIT: BTW vpn bridge wiki page is here:
  http://wiki2.archlinux.org/index.php/OpenVpnBridge

• CAPWAP tunnel through NAT interface

  I'm not sure if anyone has tried this but are there any complications with connecting a lightweight AP through a NAT'd interface back to the WLC?  I know I'll have to open 5246 and 5247, but are there any other issues that I should be aware of?

  We have a neighboring hospital where some of our docs want to set up a clinic using their iPads back to our network.  Right now, we have a NAT'd interface from their network to ours and I haven't been able to test setting up an AP through a NAT interface.  I forgot about Office Extends and now remember from your Twitter updates from CL11.  I'll probably go that route.  Are there any issues that may come up from using Office Extends?

• ASA IPsec Remote Access VPN | NAT Question

  We have a situation where a company that needs remote VPN access to our network is having an IP conflict with our subnet.  I know this is a common issue and can often be resolved on the client side by changing the metirc on the network interface, but I am looking for a better solution on our end so I do not have to suggest workarounds.
  Part of the problem is likely that our subnet is "too big", but I'm not going to be changing that now.
  We are using 10.0.0.0/24 and the remote is using 10.0.11.0/24 and 10.1.0.0./16
  I played around with some NAT rules and feel that I am missing something  I am looking for suggestions, please.
  Thank you.

  Hi,
  This depends on your ASA firewalls software version and partly on its current NAT configurations.
  I presume the following
  Interfaces "inside" and "outside"
  VPN Pool network of 10.10.100.0/24 (or some 192/172 network)
  Software 8.2 and below
  access-list VPN-POLICYNAT remark Static Policy NAT for VPN Client
  access-list VPN-POLICYNAT permit ip 10.0.0.0 255.255.255.0 10.10.100.0 255.255.255.0
  static (inside,outside) 192.168.10.0 access-list VPN-POLICYNAT
  Key things to keep in mind with this software level is that if any of our internal hosts on the network 10.0.0.0/24 also have a "static" configuration that binds their local IP address to a public IP address then you might have to insert the above configuration and then remove the original "static" command and enter it back again.
  This will change the order or the "static" commands so that the original "static" command wont override this new configuration as they are processed in order they are inserted to the configuration. The remove/add part is just to change their order in the configuration
  Software 8.3 and above
  object network LAN
  subnet 10.0.0.0 255.255.255.0
  object network LAN-VPN
  subnet 192.168.10.0 255.255.255.0
  object-group network VPN-POOL
  subnet 10.10.100.0 255.255.255.0
  nat (inside,outside) 1 source static LAN LAN-VPN destination static VPN-POOL VPN-POOL
  In the above configuration we do the same as in the older software versions configuration but we have the number "1" in the "nat" configuration which places it at the very top of your NAT configurations and therefore it applies. No need to remove any existing configuration and enter them again like in the old software
  In addition to the above NAT configuration you naturally have to make sure that the traffic to the NATed LAN network goes to the VPN. So if using Split Tunnel the NAT network needs to be added to the VPN ACL. If using Full Tunnel then naturally everything should already be coming through the VPN. I imagine though that you are using Split Tunnel, or?
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Back to my Mac, NAT, CTU setup, Airport Utility

  I've used Back to my Mac from home to access my iMac at the office in the past, but after the Yosemite update, I am not seeing "Shared" listed in the SideBar of Finder Windows anymore, and I also get the following warning in System Preferences > iCloud > Back to My Mac:
  Set up router for better performance.
  Clicking "Details" yields this message:
  Back to My Mac may be slow because NAT Port Mapping (NAT-PMP) or Universal Plug and Play (UPnP) is turned off on your router.
  Let me explain my router setup 
  My iMac at home is connected to the internet via fiber optic line here in Japan.  The fiber cable comes from the wall to a white plastic NTT box that has 4 green LED lights, the only one of which that blinks is labeled UNI.  That box is the Ｂフレッツ ONU shown on this WIKI page:
  http://ja.wikipedia.org/wiki/%E5%85%89%E5%9B%9E%E7%B7%9A%E7%B5%82%E7%AB%AF%E8%A3 %85%E7%BD%AE
  The Fiber cable form the wall goes INTO that ONU, and then there's an Ethernet cable that goes OUT of it into the WAN port of another NTT box with a black front-face, Model 2004WS, which is called a "CTU" and which I assume is the actual "Router" in my setup.  I then have an ethernet cable going between the LAN1 port of that CTU and the WAN port on my Airport Extreme Base Station (the WAN port on my Airport Extreme has what looks to be a sun-shine icon).  Another Ethernet cable goes out of my CTU at the LAN4 port and leads into a dark blue VOIP Adapter box. And the LAN3 output of my CTU leads into an Ethernet Hub, from which I connect my iMac and SE/30 (yes, that vintage Mac can connect to the internet!).  (My iPad connects wirelessly.)
  The 3 NTT boxes I just described are shown in this photo:
  http://hoe.moe-nifty.com/hoe/images/HI350155.JPG
  If I open Airport Utility 6.3.4, click the Airport Extreme icon, then click the Edit button, within the Network tab, I see the "Router Mode" is Off (Bridge Mode).
  When I launch Network Utility and click Traceroute and type "icloud.com" and click the Trace button, Line 2 shows three asterisks " * * * ".  That seems to be saying that I DO NOT have a "Multiple NAT configuration," as per this:
  http://support.apple.com/en-us/TS1208
  I can log into my CTU via Safari using the following URL:
  https://ctu.fletsnet.com/CtuC231/init.do
  At left there is a button named "詳細設定" which means "Advanced Settings."  Clicking that button shows me various settings, and I can see that this CTU is acting as the DHCP Router, and that UPnP is enabled.  There is no mention of "NAT" at all, so I assume that NAT is OFF on this CTU.
  The following Apple Support article is suggesting that to resolve Back to My Mac issues, I would need to change the "Router Mode" from "Off / Bridged" to "DHCP and NAT":
  AirPort Utility 6.x: Set NAT options for your base station or AirPort Time Capsule
  But since my CTU is already acting as the DHCP server, wouldn't changing the Airport Extreme Router Mode from Off/Bridge to DHCP wreak havoc on my setup?
  What should I do?
  Thanks.
  P.S.  I also have a Brother Laser printer MFC-7840W that connects wirelessly via the Airport Extreme, and in the Network tab of Airport Utility "Timed Access Control" is enabled and that printed (wireless client) is enabled.  It took me a heck of a long time to figure out how to get that printer to work wirelessly, so I don't want to mess it up and no longer be able to print if I switch from Off/Bridged to DHCP and NAT.

  There are a number of reports of BTMM not working any longer with Yosemite. Apple's solution so called is hugely simplistic.. and it doesn't help for most people.
  Since it worked before Yosemite and fails to work with Yosemite.. the issue is very clear.. Yosemite has the worst networking of any Apple OS release yet.
  Your setup of the Airport is completely irrelevant.
  And if the CTU is not working .. i think your best strategy is to go back to a working OS.. Apple have a lot more bug killing to do before Yosemite should see the light of day.
  You can still connect manually.. if you have somebody in your office or it is accessible to you .. then you can open port 548 and directly link. BTMM is just an automated system.. a no hassles.. no fuss system.. which is great when it works but is otherwise completely useless when broken.
  BTW does your iCloud access still work??

• Adobe Bridge CC kann nicht gestartet werden (OS X 10.9.1)

  Hallo erst mal,
  ich habe mir vor ein paar Tagen die Adobe Creative Cloud zugelegt und einige Apps mit dem AdobeApplicationManager herunter geladen. Unteranderem auch Adobe Bridge. Die Installation funktionierte scheinbar ohne Probleme. Nun kann ich die App aber nicht starten. Es folgt sofort die Meldung "Fehler! Der Vorgang konnte nicht erfolgreich abgeschlossen werden". In sämtlichen Menüs (z.B. Photoshop CC) steht der Eintrag "In Bridge suchen...". Auch aus einem Programm heraus kann ich Bridge nicht starten.
  Natürlich habe ich bereits mehrmals Bridge deinstalliert und wieder neu installiert, aber ohne Erfolg.
  Auch Photoshop CC gibt beim Programmstart eine Fehlermeldung heraus ("Der Vorgang konnte nicht ausgeführt werden, weil ein Programmfehler aufgetreten ist").
  Hat jemand eine Idee oder eine Lösung?
  Viele Grüße
  GWP4u

  Hallo,
  ich habe genau das gleiche Problem, jedoch hatte ich vorher die ganze Zeit schon die Creative Cloud wunderbar bei mir am laufen, habe gestern meinen Computer neu aufgesetzt und jetzt lassen sich alle Programme ausser Bridge öffnen... Auf Ratschlag eines anderen Forums habe ich versuche die Zugriffsrechte zu reparieren, das hat jedoch nicht geholfen. Seltsamerweise funktioniert jedoch ein anderer Tipp: Ich hab einen neuen Benutzer auf meinem MacBook angelegt, und mit diesem neuen Benutzer kann ich es dann problemlos öffnen... Ich habe keine Ahnung woran das liegen mag und was man dort genau machen kann, kann nur empfehlen es mal auszuprobieren... Da ich mein MacBook eh grade neu aufgesetzt hatte werde ich es einfach nochmal kurz platt machen, nochmals neu installieren und hoffen es klappt dann, aber wenn das natürlich auf einem Mac ist den man nicht mal eben platt machen kann weiss ich leider auch keinen Rat. Vielleicht kann damit aber jemand was anfangen und dir weiterhelfen
  Liebe Grüsse

• Xfintity router/modem with Airport extreme moderate/strict nat?

  I switched to comcast xfinity and they gave me a modem with a router built in and we are trying to use the Airport Extreme to get better signal using Bridge Mode in Airport Utility. It all worked fine but then on my PS3 and Xbox 360 it says that I have a moderate/strict nat type any help on how to get a open nat?

  Suggest that you double check to make sure that the AirPort Extreme is setup in Bridge Mode.
  Open AirPort Utility - click Manual Setup
  Click the Internet icon
  Settings should look like this:
  Connect Using = Ethernet
  Connection Sharing = Off (Bridge Mode)
  Update to save any changes
  When the AirPort Extreme is in Bridge Mode, DHCP and NAT are turned off.
  These services are being provided by the Comcast gateway, so any NAT issues rest with the Comcast gateway. You may need to call Comcast support to ask them about changing the NAT settings on the device.

• GRE Tunnel and static PAT

  Hi to all,
  I would like to know if it is possible to create a static Port Address Translation (PAT) that would translate a routable IP address to a private address where  a GRE tunnel would end.
  In other words, I am trying to see if we can use a static PAT for a GRE tunnel like the one that we can used to reach a HTTP server using a private IP address via static PAT to a routable IP address.
  Just trying to see if it is possible to initiate a GRE tunnel from 192.168.1.1 (R1) and used 1.1.1.1 (R2), IP address reachable via internet, as destination address, in the case where we would do a PAT translation on R2 in order to actually terminate the tunnel on R3 router. The static PAT on R2 would translate 1.1.1.1 to 172.16.1.2.
  I am basically looking for an equivalent to the following static PAT but for GRE tunnel
            ip nat inside source static tcp 10.10.10.5 80 192.168.2.1 80
  Thanks for your help
  Stephane

  Hello Stephane,
  GRE is neither TCP nor UDP, GRE has its own protocol number 47. You can allow the traffic by either by calling GRE instead of TCP or UDP or by just putting a normal IP static NAT entry.
  Extended IP access list GRE
      10 permit tcp any any eq 47 log <--- No Hits
      15 permit tcp any any log          <--- No Hits
      20 permit udp any any eq 47 log <--- No Hits
      25 permit udp any any log          <--- No Hits
      30 permit gre any any log (20 matches)
      40 permit ip any any (43 matches)
  *Mar  1 00:27:48.435: IP: tableid=0, s=10.10.10.2 (local), d=10.10.10.1 (Tunnel1), routed via FIB
  *Mar  1 00:27:48.435: IP: s=10.10.10.2 (local), d=10.10.10.1 (Tunnel1), len 100, sending
  *Mar  1 00:27:48.435:     ICMP type=0, code=0
  *Mar  1 00:27:48.435: IP: s=192.168.9.5 (Tunnel1), d=192.168.8.2 (FastEthernet0/0), len 124, sending, proto=47
  I hope it helps great for you. Please rate if you fell this is helpfull.
  Thanks,
  Kasi

• Using ethernet port as bridge to a wireless network in a mini mac

  Do you guys know how to use a mini mac as a bridge? You see I have enabled the "share internet" (via wireless) with a mini mac that is connected to the Internet via Ethernet.
  All works fine, except: _the devices from the Ethernet network can not be seen by the computers which are connected wirelessly to the mini mac._
  *How can I make this computer bridge?*
  I have researched for a while and I have come up with the following response:
  +t is not a bridge, it is a NAT. I believe u can not set do bridging on mac so easy. You have to study FreeBSD networking documents, and do it at command line.+
  +Mac networking core is FreeBSD 5. Some features is avaliable at GUI (Like NAT) and u do not have to use command line complicated tasks. But AFAIK bridging is not so.+
  Does anyone have any idea of a step-by-step instruction on how to do this? Or is there a software that eases this? Since I am not a network expert, I do not plan in braking my network.
  Is a bit annoying as I hear that Windows can do this in 3 clicks...
  Thanks for your help.

  If I read you correctly, this is not a bridge. Internet Sharing is to connect devices via the Mac, but not to act as a router. If you look at the IP numbers, they are not in the same series (e.g. 10.0.0.2 and 10.0.2.2), so ethernet connected devices will not be able to see the wifi ones. A cheap wifi router in bridge mode would be an easier solution.