Routing /Firewall with Bridged IP

Similar Messages

• Can i connect my time capsule with my router as a bridge ?

  can i connect my time capsule with my router as a bridge ?

  I am a bit lost .. did you work this out?? You are running a second thread.. and answered it with this question.
  The TC can be bridged.. plug it into the main router by ethernet and run it in bridge mode.. that is router bridge.
  Do you mean wireless bridge??
  If you mean wireless bridge the answer is maybe but unlikely.
  If you setup the TC to join a wireless network.. it becomes a dumb client not a bridge.
  So to get it to wireless bridge you need to use another apple router.. that is the only way to get them to work.
  If you want specifics ask specific questions.

• Experience with router/firewall appliance?

  Hi,
  I'm searching for a router/firewall appliance to run as a virtual machine in front of a larger number of VMs.
  What I need:
  * L2TP for remote user access
  * Ethernet/L2 VPN for hosting ActiveDirectory servers for customers
  So far I've tested Vyatta, but I don't want to use it becuase the WebUI is not included in the free license (and their licensning is a bit inflexible). I've also tested pfSense, but I dislike the fact that their L2TP server doesn't support DNS suffix, which I kind of need to get all Microsoft SMB shares working nicely.
  Any recommendations? I prefer if it's open source/free or relativley affordable (less than $400).

  You should probably download and try Halon's https://solutionexchange.vmware.com/store/products/halon-vsr-virtual-security-router 'cause it supports both L2 tunnels and search domain over VPN. There's a free version.

• Proper Firewall Behind Router and with Router

  What is the best way to set-up my system? I have 5 home mac's behind a D-Link router, connected to Verizon DSL. I had the router set to give open access to one of my Mac's, and that Mac got hacked via SSH connection attempts. I turned on the Mac's firewall, but I do not know if this is necessary, as I have read you don''t need a firewall behind a router. I suppose there is a better way to set the router. I do want to permit me to SSH and Apple Remote Desktop into the Mac however. How do I allow valid users to SSH in, without be exposed to hack attacks?

  Use your browser to access the router and setup the router firewall.
  If it has a stealth setting, use that. Each router is a bit different.
  The Leopard firewall can be set to "Set access for specific services...." and then each app will ask for permission, once, to use the firewall.
  While it may be true that you don't need a firewall behind a router, that really depends on how good the router firewall is. If the router has no firewall, then that statement is completely false. All a naked router provides is Network Address Translation, which is not enough for security these days.
  I would suggest you point your browser at this website:
  https://www.grc.com/x/ne.dll?bh0bkyd2
  and run a port scan.
  My Verizon DSL router has all the ports stealthed, meaning that they do not respond in any way to a ping or traceroute. To most hackers, they simply do not exist.
  I also use the Leopard firewall.
  Do not use any sharing service unless you actually need it, and if you don't need it, turn it off, especially any of the Remote services, Internet sharing, etc.
  You can also install LittleSnitch to monitor you systems port activity and see if anyone is accessing your machine.
  Finally, it's never a good thing to use an administrator account when a regular account will serve the purpose.

• "I didn't respond", no router/firewall/...

  Hi all! I've got this problem with iChat AV, I can't connect to my friend or apple test account for either video or audio only chat, and it says "... did not respond" for both me and my friend and instead of ... is our name (not the other party)
  Both of us have 256/64 connection, no router/firewall, directly connect to internet. My ip address (assigned by my isp) is 213.207.24x.xxx (and so i my friends). I'm sure there's no port blocking on my service. I've set quicktime streaming speed to 256, and tried iChat's bandwidth limit to none/100kb but nothing changed.
  My mac is 15" mbp, and my friends' is 20" intel iMac. Both have latest updates (OS X 10.4.6, iChat 3.1.4 v432 <instantmessage framework v427>)
  any suggestions?
  thank you all!

  HI ShayanOH,
  Welcome To The Apple Discussion Pages.
  If the device you connect to the internet with is in Bridge mode as you suggest (by the IP listed) then the ports should be open (in fact all of them will be)
  There are two settings that might help.
  System Preferences > Quicktime > Streaming tab should have the drop down set to your download speed (256k)
  In iChat > Preferences > Vidoe section > Bandwidth Limit drop down should be set to NONE. (I see that you have set these).
  Having said all that the minimum connection speed for iChat 3 is quoted by Apple is 100kbps and your uplink is slower than this.
  iChat 3 makes a hardware check which includes the Connection speed.
  iChat returns an error if your connection speed is below 50kbps.
  I would check what your actual connection speed is
  http://www.auditmypc.com/internet-speed-test.asp Or
  http://www.adslguide.org.uk/tools/speedtest.asp
  You will tend to get a result that is 80-90% of what you pay for. iChat will use about 80% of that. Starting at 64k may drop you below the 50k mark.
  12:07 PM Tuesday; May 9, 2006

• Having problems with Bridge shutting down after saving photo in PS Cs5,,,,,,,,,  Also when i attempt to update either PS or bridge get an error message in Adobe application manger "Error loading updater workflow"

  Having problems with Bridge shutting down after saving photo in PS Cs5,,,,,,,,,  Also when i attempt to update either PS or bridge get an error message in Adobe application manger "Error loading updater workflow"

  Sorry for the late reply. My email firewall has become a little over zealous & sent a lot of my emails straight to my junk email folder, so I have only just now discovered your reply in my junk mail folder.
  The only "don't open files exceeding xxx megabytes" instruction I can find in my Prefs, is in the Bridge Prefs for Thumbnails, & mine is set at 1000mb. The biggest files I handle are bigger than 200mb so I should be able to open a few, not just one.
  However, this doesn't explain why I can open a psd format file of 180mb, close it, but then can't open a RAW format file of only 26mb immediately after.
  I can open the RAW file only if I restart my computer - very annoying!
  However, thanks for the advice about the video card & memory.
  So, I'm still stuck as to what the issue is.

• Networking issues with bridged connection

  So in my network I have a netgear C6300 with a Motorola surfboard(modem/router also with dhcp turned off) connected via Ethernet to provide a separate wifi network on the other side of the house. I've been having frequent connection drops that last for about
  10 seconds. I figured out my wireless adapter(netgear a6210) is bridged to the Motorola(see screenshot) and I'm wondering how to disable this bridge because I think it might be causing the connection issues. But when I try to remove the bridge is says gives
  an error. If I disable the Network bridge my adapter stops working. Any ideas?
  Note: before it was saying Motorola... under the enabled, bridged.
  Edit:
  This: I also noticed it switched from Motorola like the picture below to NETGEAR58-5G(like above)

  Hi slycoder127,
  If yo uare currently running Windows 10 build 10049, then you should take a look at the thread below:
  No access to Internet Protocol (v4 or v6) in 10049
  Which might cause some of the adapter function not working at the current build.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Routing Issue with 3550

  I am having a routing issue with a 3550 switch. I have 5 vlans and I need one of the vlans to access a different router based on destination IP rather than our edge router. I have entered a static route on the 3550 that points to the secondary router whenever a certain network is tried to be accessed. My problem is I can't seem to get the traffic to flow correctly. When I trace route an address on the Internet the path shows as expected, the 3550 then my firewall then my edge router. When I trace an address that is on the other side of the secondary router I get the 3550 as the first hop, then nothing. I can ping the address so I know the path is up. What could be the issue? Thanks in advance.

  Hello,
  in addition to Mahmood´s post, what do you have defined as the next hop for the default route to the secondary router ? If you use an interface on the 3550 as the next hop, make sure that whatever is connected is in the same subnet, otherwise use the IP address of the next hop. So, let´s say your remote network is 192.168.1.0, and the secondary router is connected to FastEthernet0/1, your default route should look like this if the secondary router is in the same subnet (in this example, the IP address of the secondary router would be 172.16.1.2):
  interface FastEthernet0/1
  no switchport
  ip address 172.16.1.1 255.255.255.252
  ip route 192.168.1.0 0.0.0.255 FastEthernet0/0
  Otherwise, try:
  ip route 192.168.1.0 0.0.0.255 172.16.1.2
  where 172.16.1.2 would be the address of the secondary router.
  Does that make sense ?
  Regards,
  GNT

• Problem with bridge and getting internet on android

  My ISP uses a modem/router that's mounted outside of my house. From there it runs into my Linksys E1200. Since it's a router connected to a router I have to use it as an access point. I don't have any cable connected to the internet port in other words.
  So I get a cheap LG Adroid for wifi only. The phone hasn't been activated and it doesn't have a service plan. The wifi works on it though as I've connected and used the wifi at businesses that provide it for free.
  My desktop is wired with a ethernet cable. My notebook is wireless and it connects and get the internet. So ISP router> Linksys in bridge mode. The cable from the router can be put in any port but it's in a yellow one. My notebook on the other side of the house conected via wifi and getting the internet.
  My problem is the phone. No matter what I've tried it connects to the router but I end up getting a "Internet not availible: message shortly after. I didn't know whether to use the Linksys IP info to setup on the phone or the IP of my ISP's router/modem. I've tried to enter both on the phone when modifying the network.
  I unplugged everything but my desktop and connected it to the Linksys. Did ipconfig /all. Used a browser to get to the Linksys setup. Set it in bridge mode. Disabled DCHP. All security is disabled., including the WPS that's a feature on my router. Specified my own IP info in the setup tab, using the information I got from the ipconfig. Rehooked up the cables in the back. All is well. I have internet o nthe desktop and the notebook, just not the phone. To get to the Linksys setup page I not longer do the 198.162.1.1. I enter the gateway of my isp's modem/router.
  I've entered all of this same information on the phone with a static connection instead of DCHP.Choose a IP that was a few digits higher than the gateway.  I still get the "Internet not availible" that Cisco reports back. On the desktop I pinged the IP I assinged my phone. Packets are recieved. I can aslo acces the Linksys setup page on my phone so it really is connecting to the router.
  I'm at my wits end. I've tried different things, too many to remember. If anyone has any idea I would appreciate it.
  Solved!
  Go to Solution.

  No the phone should get it's IP from your DHCP server.
  The IP Address of the Linksys  is just so you can access it and has nothing to do with the network. You turned it into a repeater\switch.
  What is your DHCP server's IP Address and DHCP range? This info will basically spell things out.
  If you plug a computer into one of the Linksys lan ports it should work normally and so should the wireless devices in that case
  Please remember to Kudo those that help you.
  Linksys
  Communities Technical Support

• I have a router/firewall - do I need an AirPort Extreme Base Station?

  My current home network consists of my iMac, a Linux box that I use as a server, and my work Windows laptop that I connect to my home network via an Ethernet cable. I have a Netgear router/firewall. I don't have wireless access to my home network yet.
  I'll be getting a new Apple laptop of some sort in the near future, so I am interested in adding in wireless. I'm used to the firewall capabilities of my Netgear router/firewall, and am confortable mucking around with netwrok configurations.
  I would imagine that if I get an AEBS, it will take the place of the Netgear router/firewall. I also figure that I can just get a wireless access point to add wireless capability to my network, but that would mean a second box.
  What I would like to know is how configurable are the firewall functions of the AEBS. With my current router/firewall, I can do the following:
  1. Define what ports/services I would like to allow (FTP, ssh, etc.)
  2. Set times as to when those services are open
  3. Direct incoming and outgoing services to specific IP addresses on my local network (if an FTP request comes in, it automatically goes to my iMac, wheras ssh goes to my Linux box).
  Can any/all of these be done with an AEBS?
  I did try to ask the people at the local Apple store, where I was informed that the AEBS actually did not have any firewall capabilities, despite what the box says, and that I should rely on the Sharing part of System Preferences.
  iMac G4 1 GHz   Mac OS X (10.4.4)  

  The AEBS does not have built in firewall software as the retaili folks said.
  You will be able to set up port forwarding those so specific ports coming to your public IP address getting routed to a specific private IP address (your iMac vs. Linux box example). However, you can not associate certain times for these functions to occur....
  ...unless, maybe, an Apple Script was created to upload an alternative configuration to the AEBS. I'm not sure though; just thinking outloud. Maybe one of the Apple Scripting guru's on this forum could take the lead on that idea.

• Belkin Router Firewall Settings - Need Help Please

  Hi
  I'm new to Apple and love the machine, but I am having a problem with the firewall on my router. Let me explain the setup, then the problem...
  I have the following in my home network:
  1 hp desktop running Windows XP Media Center Edition, SP3 (Professional)
  1 Belkin wired / wireless router
  1 Canon Pixma MP500 Printer set for Sharing (Connected to hp desktop through USB)
  1 iMac 20" running Leopard OS
  The hp desktop and the iMac are both hardwired to the router. The router's security settings are as follows:
  Will NOT broadcast the SSID
  Mac Filtering is ENABLED (iMac MAC address is included in list of allowed connections)
  WPA-PSK Security ENABLED
  Wireless connectivity is ENABLED (For Wii, PSP, and Xbox 360)
  Now the problem...
  Everything on the network works beautifully, except the iMac. It will not allow iChat services, will not allow sharing of the desktop with other iChat members. It does, however, connect to the internet, but will not access the hp shared folders or printer. When I attempt to even add the printer, the printer does not even show up. I DO have Bonjour installed on the hp, but when I run Bonjour, I get a message that reads something like, "There are no Bonjour enabled printers available."
  I know it is the firewall built into the Belkin router because I placed the iMac into the Demilitarized Zone, and everything started working as expected. For those of you not familiar with DMZ on the router, it basically allows you to pick an IP address to place outside of the firewall, so you can keep the router firewall enabled, but you can choose an IP address (i.e., a computer) that is not behind the firewall.
  After placing the iMac in the DMZ, I went to add the shared printer on iMac. Not only did it show up immediately and give me the ability to add it and print to it, but I could also browse shared folders on my hp. I was also able to connect to a friend on iChat, and we were able to share each other's desktops.
  Before placing the iMac in the DMZ, I opened a couple of ports (I don't recall which ones at the moment), and I was able to get iChat AV to work properly, but could not get the shared desktop feature to work. I believe if I had a comprehensive list of ports to enable, I could get this issue resolved, but I can't seem to find such a list anywhere on Apple's web site (or any other web site for that matter). Do any of you have such a list of ports??
  I can provide more information if needed, but any help on this matter would be greatly appreciated.
  Thanks a lot in advance for your help.

  Thank you, Larry.
  I found a soft copy of the Belkin router's setup instructions on-line. I am going to enable the UPnP feature, as the manual indicates that it is necessary to have this feature enabled to do the things I want to do. The manual also indicates that the router ships with this feature disabled by default. I have not had a need to enable the feature when I had two PCs, so hopefully this will solve the problem.
  In either case, thanks for directing me to the common ports. If enabling the UPnP feature does not work, at least I can see which ports I need to enable.

• I have just installed Lion OS and Face Time encounters server problems on sign up. I have sought the firewall problem without success and even temporarily turned off firewall with no success.

  I have just installed Lion OS and Face Time encounters server problems on sign up. I have sought to rectify the firewall problem without success and even temporarily turned off firewall with no success. Any ideas?

  Some folks have discovered that changing their DNS service fixes FaceTime connection issues.
  The ideal way is to configure your modem/router with DNS service, but often settings in System Preferences/Network/Advanced/DNS on your Mac will override the router settings. Try either of these;
  OpenDNS
  208.67.222.222, 208.67.220.220
  Google Public DNS
  8.8.8.8, 8.8.4.4

• I have bought a TC to extend the range of the wireless network in the house and would like someone to explain the best way to do this? My combine router/modem is supplied by Movistar(in Spain) model Xavi 7958 router ADSL with four ethernet ports.

  What is the best way to extend my wireless network in the house using a TC? I currently use a combined router/modem supplied by Movistar(live in Spain) model XAVI 7958 router ADSL with four ethernet ports. What is the best configuration and can you explain what is meant by bridging and which is best to bridge for signal strenght TC or Xavi modem/router? Have ipads, iphones, apple tv...etc and want a connection them all in the whole house which, not just downstairs, to our wireless network.

  You cannot wireless bridge Apple to non-apple router.. so that is out.
  The only way you can do this is run ethernet or EOP adapters.. and place the TC in a location where the other apple idevices can reach it.
  If you want to repeat wireless with apple routers you have to use another apple router next to the modem.. plugged in an running as an AP.
  Basically the TC is the wrong piece of equipment unless you want Time Machine backups.. take it back and buy a universal repeater.. not apple. Or buy more apple stuff like an extreme or express.. one apple router is useless to you without running ethernet.

• Problems with Bridge mode at a hotel

  Hi there,
  I have my Airport Express (N) set up to create a wireless network, use DHCP, and be in Bridge mode. When I plug in the Ethernet cable from a hotel (where you are required to subscribe and pay for their service), I can use the internet from my laptop wirelessly without problems. However when I connect to wifi from my iPhone 3GS, it connects to the network, but prompts me to repay for another service. The site also states that the price is 'per computer'. I was under the impression that when a router was in Bridge mode, it was invisible to the hotel network, and you can share the internet connection with multiple computers, but somehow the hotel is detecting exactly that. Am I missing anything here?

  Sorry, the hotel router is configured to charge you for each separate device that connects. In other words, if you connected with your computer and paid the fee, and then another person tried to connect their laptop, the hotel router sees another device and will charge for that device.
  Bridge mode on the Express allows you to configure your computer so that the hotel router sees your computer as the connecting device. Bridge mode is the only setting that will work correctly to allow you to configure your Express.
  Specifically, the hotel assigns an IP when you connect your computer, if you try to connect another device, it needs to assign another IP address. The hotel will charge you for each IP address.

• Standard (application-based) firewall with one additional port open?

  Lion and Snow Leopard both have application based firewalls.  I want to allow access to a Minecraft server on port 25565 but I don't want to allow all of Java.  How can I open one port in addition to leaving the standard firewall in place?

  Hi
  The Zone based firewall uses "inspect" statements, that's just what it does.
  A simple zone-based firewall that will inspect all traffic going from the local network to the internet and protecting the outside interface of the router, but allowing anyconnect connections would look something like this:
  ip access-list standard INSIDE-NETWORK_ACL
   permit 192.168.1.0 255.255.255.0
  class-map type inspect INSIDE-NETWORK_CMAP
   match access-group name INSIDE-NETWORK_ACL
  class-map type inspect HTTPS_CMAP
   match protocol https
  policy-map type inspect INSIDE-TO-OUTSIDE_PMAP
   class type inspect INSIDE-NETWORK_CMAP
    inspect
  policy-map type inspect OUTSIDE-TO-SELF
   class type inspect HTTPS_CMAP
    pass
  zone-pair security INSIDE-TO-OUTSIDE_ZP source INSIDE destination OUTISDE
   service-policy type inspect INSIDE-TO-OUTSIDE_PMAP
  zone-pair security OUTSIDE-TO-SELF_ZP source OUTSIDE destination self
   service-policy type inspect OUTSIDE-TO-SELF
  I haven't personally configured Zone Based Firewall with anyconnect. So if this doesn't work you can look at this link: https://supportforums.cisco.com/document/46481/anyconnect-ios-zone-based-firewall-zbfw