[User] bridged configuration

Ranganathan Krishnan rk at selwastor.com
Wed Jan 14 17:42:40 PST 2015 

On Jan 12, 2015, at 10:26 AM, Jeremy Malcolm <jmalcolm at eff.org> wrote:
> 
>> Rather can you please explain the problem you are trying to solve. 
>> Perhaps there is a way to achieve without large changes.
> 
> Here is what my network looks like:
> 
> +---------+    +-------+    +-------+ 
> |DSL modem+----+ Linux +----+ Apple | 
> +---------+    |  box  |    |airport| 
>                +---+---+    +-+----++ 
>                    |          |    |  
>                    |          |    |  
>                 +--+--+       +    +  
>                 | VPS |      eth  wifi
>                 +-----+               
> 
> The DSL modem is currently in bridge mode which means it is invisible to the network, the Linux box receives the WAN IP address from my ISP and is currently doing the NAT and DHCP, and the Airport is also in bridge mode and is only responsible for putting its ethernet ports and wifi onto the same network as the Linux box.
> 

So the OpenWireless router is to replace the Apple airport, I assume. 

How important is it that the ethernet ports and wifi be on the same network 
as the linux box ? If it is not critical (if some thing breaks because of 
additional networks for eth and wifi let me know, there are probably 
relatively simple changes on the openwireless router that can fix
that). 

Alternatively (and preferable from a security viewpoint) is to connect the 
WAN port on the OW router to the DSL modem and let it get address from 
ISP via DHCP and do the NAT. Then have your linux box connect to an 
ethernet port on the OW router (possibly with additional NAT).    That way 
the openwireless traffic never comes inside your network -- going straight 
to the ISP. We put in strong firewall rules to prevent OW users from 
accessing  anything on your internal network. If there are certain ports that 
need to be opened on the OW router so services on the Linux box/VPS 
are accessible, that is relatively easy to do. 

Let me know if either of these options will work for you.

Ranga

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/user/attachments/20150114/1cd03501/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.eff.org/pipermail/user/attachments/20150114/1cd03501/attachment.sig>

More information about the User mailing list