Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

One method of bridging network interfaces Network
Here's my setup: on my ethernet LAN, I have my mini, my Xbox, and a Windows PC; on my wifi LAN, I have my mini, my internet router, and two other Macs. So I was looking for something that I would install on my mini so that my router would be accessible to my Xbox and Windows PC, and that would allow me to connect to those two from any Mac. Basically, I needed to bridge my ethernet and wifi LAN using Mac OS X.

Possible solutions:
  1. Use an Airport Express. Easy (simply configure the ethernet port with a static IP and disable all other features to have it bridge ethernet/wifi traffic), but not that cheap...
  2. Use IPNetRouterX. It looked easy to use, but I didn't really like the idea of forking over US$100 for a proprietary piece of software.
  3. Find some way to configure Mac OS X built-in ipfw/natd to do it.
I searched the web here and there, and nobody seemed to have done something similar.

So here's how I did it.
  1. Configured the mini wifi and ethernet network interfaces to be on separate subnets; I used 192.168.1.255 for wifi, and 192.168.2.255 for ethernet.
  2. Enabled Internet Sharing on my mini, to make the Airport's internet connection available to the ethernet-connected machines. This took care of half the problem: getting the Xbox and Windows PC to access the router.
  3. Edited /etc/hostconfig on my mini (to be the bridge in my setup). I changed IPFORWARDING=-NO- to IPFORWARDING=-YES-. Note: You can add that line if you don't have it. Then reboot.
  4. On each Mac I wanted to be able to access the Xbox / Windows PC, I created a static route to specify that I wanted to use my mini to reach those machines:
    sudo route add -host xbox_ip mini_wifi_ip
    sudo route add -host winpc_ip mini_wifi_ip
    This tells your Mac that to reach either xbox_ip or winpc_ip, it needs to use mini_wifi_ip as the gateway. The mini will then receive packets for the Xbox and Windows PC, that it will now forward to the appropriate machine. (Replace the sample names with your network's relevant IP addresses.)
  5. To make those static routes persistent accross reboots, I had to follow this how-to.
And done. I could now successfully ping and connect to either the Xbox or Windows PC from my wifi-connected Macs, and the Xbox and Windows PC could access the internet.
    •    
  • Currently 4.20 / 5
  You rated: 5 / 5 (5 votes cast)
 
[30,080 views]  

One method of bridging network interfaces | 17 comments | Create New Account
Click here to return to the 'One method of bridging network interfaces' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
One method of bridging network interfaces
Authored by: Junglboy on Oct 09, '06 08:15:57AM

Am I missing something with this hint? Isn't this what the "Internet Sharing" feature (System Preferences->Sharing->Internet tab) is for?



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: argh128 on Oct 09, '06 08:21:12AM

Internet sharing only allows one direction access.

This allows communication in 2 directions.

Machine A -- Router -- (Internet and Machine B)

This setup allows machine A to talk to Machine B, and Machine B to talk to Machine A.

Internet sharing would only allow Machine A to talk to Machine B.

Unfortunately, you need to know the IP address of the target machine.. but otherwise this works well.

---

A completely SANE Canadian.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: jmz on Oct 09, '06 08:33:12AM

Not true.
This is exactly what Internet Sharing does. Its simply a router so communication is possible in both directions. I have the very same setup here in my house and it works like a charme.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: gboudrea on Oct 09, '06 04:24:33PM
As mentioned here, simply enabling Internet Sharing doesn't allow machines on the wifi network to access machines on the wired network, only machines on the wired network to connect to machines on wifi. I wanted both.
Internet Sharing is only part of the solution.

- Guillaume

[ Reply to This | # ]
One method of bridging network interfaces
Authored by: chabig on Oct 09, '06 08:49:32AM

Let's get Rob to change the title of this hint to "One unnecessarily complicated method of bridging network interfaces."



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: gboudrea on Oct 09, '06 04:28:34PM
I'd be happy to hear it if you have a better solution so I can reach machines behind the mini's Internet Sharing from the "Internet" (which is basically what I needed to do).

As mentioned here, simply enabling Internet Sharing doesn't allow machines on the wifi network to access machines on the wired network, only machines on the wired network to connect to machines on wifi. I wanted both.
Internet Sharing is only part of the solution.

- Guillaume

[ Reply to This | # ]
One method of bridging network interfaces
Authored by: signal15 on Oct 09, '06 09:09:39AM

You have just set up your mac to be a router, NOT a bridge. A bridge operates at layer 2, not layer 3.

If you had set up a bridge, you would have created a virtual bridge interface and added both network adapters to it. The bridge interface would get a single IP address, and then anything connected to either interface could have an address from the same range, and would use the address of the bridge interface as their default gateway.

This way, broadcasts and multicast packets (such as the Redezvous protocol) would be able to be seen by all machines on both interfaces. In addition, a bridge will participate in Spanning Tree if you have multiple switches in your environment. A common use of bridging on hosts is configuring redundant interfaces to connect to multiple switches, in case a switch or a network link goes down.

Bridging is an actual networking term, and what you have set up has nothing to do with bridging.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: eno on Oct 09, '06 02:18:57PM

Doesn't Rob check these hints before publishing them? Or does Mac OS X need a knowledgeable technical editor to filter out the non-hints? As has already been pointed out, there is already a one-click solution built into the Sharing panel of the System Preferences.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: gboudrea on Oct 09, '06 04:25:49PM
As mentioned here, simply enabling Internet Sharing doesn't allow machines on the wifi network to access machines on the wired network, only machines on the wired network to connect to machines on wifi. I wanted both.
Internet Sharing is only part of the solution.

- Guillaume

[ Reply to This | # ]
KISS method
Authored by: maksim2042 on Oct 09, '06 02:22:21PM

You have over-complicated your network, and as a result you are proposing adding even more complications :-)

You have 2 routers, with 2 separate but probably colliding address spaces.

What you need to do is disable router functionality on one of the boxes (either wired or wireless), and slave the second box to the first - or replace your wireless router with a dumb access point.

Actually, since wireless routers probably have a few wired ports as well, you can get away without a second router altogether. If you run out of wired ports, get a hub or a switch.

This way you have a single address space, all of your devices can see each other, etc. And, you have fewer devices to maintain.

The only caveat is security. If you don't use authentication on your wireless network, you should consider it "hostile" because you never know who comes to steal your traffic. So lock up your wireless access - and you should be fine.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: digitol on Oct 09, '06 04:12:50PM

While I'm happy to have a hints website, some of them seriously need more quality control before they are posted. I am pretty sure this is a long and unnesessary way to network, albeit usually a way your typical PC WEENIE would do most things (my appologies to the original poster, I just couldn't resist taking that little jab at you). I'm childish. Anyhow, if there is anyone out there that is an absolute networking professional please let me know, I have a complex setup and would like to compare notes. In short I have multiple internet lines, one dsl and the other cable. So if anyone is up for it post here let me know. -digitol-



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: gboudrea on Oct 09, '06 04:37:19PM

Most people seems to have missed the point of what I was trying to achieve.

To simplify:
Computer A is on my LAN.
Computer B is on my LAN and has internet access.
Computer C is on the Internet.

Computer B has Internet Sharing enabled.
So now, computer A and B can both reach computer C. Yay!

But I also need computer C to be able to reach computer A on my private LAN.
To be able to do that, computer C needs to know where is computer A, so I forced a route (config. on computer C) to computer A that goes through computer B. And I configured computer B to route incoming connections for computer A to the LAN.

Anyone who has a better way to configure computer B to allow access to computer A from the Internet is welcome to reply to this comment.
From what I found though Google searches, there's no way to configure the default Mac OS X Internet Sharing to do port forwarding, or DMZ.

- Guillaume



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: Frederico on Oct 10, '06 02:00:44AM

I read two drastically different descriptions of your setup and goals; but if I just listen to the example in this reply-thread, I don't understand why you don't just port-forward inbound ("from the Internet"; Computer C) traffic to Computer B via your router's undoubted ability to accept port forward commands to a single subnet IP address (like a DMZ, but is still port restrictive).

For example, I have a wired and a wireless LAN both at my workplace.

The wireless LAN is top-level; i.e., it hosts all the standard client/guest computers, printers, etc., and can accept guest access either wired or wirelessly; it also uplinks to the Internet (via cable modem). It is, of course, firewalled, but less-restrictive, to allow more communication in/out and across the LAN. Ffile transfers and freedom of movement/access is critical to workflow, and risk is dealt with by safe practice, virus software, etc. It is vulnerable, and frequently attacked, but no critical or sensitive data lives for long at this level. This is superfluous to our conversation, but is here to explain why *I* need two LAN types, and why I don't just use a wired/wireless combo LAN (as cheap as $15) as others have suggested you just convert to.

The wired-only LAN is at the second level, using its own firewall and router, so that I can protect my sales stations and sensitive data, customer data (credit card info, sensitive files, etc.); it uplinks to the level one LAN.

The computers on the second level need to be able to see/use/access the printers and computers on the first level, and can easily do so by passing IP-specific requests up through the second-level router to the first-level router; as well as access the Internet, which just get passed normally from gateway to gateway. Requests in the other direction are summarily denied, except for the following:

I frequently need to access my primary workstation under the second level from either a computer on the first level, or via the Internet from home. Similarly, our web server also resides behind the firewall and router at level two.

In order to access these computers/services "from the Internet", I have the first level router set to port-forward, e.g., port 80 requests (HTTP) to the second-level router, and the second level router points those same requests to the web server IP address. The same is true for file access; AFS ports are forwarded to my workstation, as are VNC and SSH port requests. These, of course, are further protected by 128bit passwords and secure sockets.

Any need to access any other computer on the second level is passed through my station as host. This is the "bridge" to which you refer and seek.

While you have created a situation that works for you, and was free, but, for most people, a $15-$50 all-in-one wireless/wired router combo, which has built-in bridging (i.e., wired and wireless computers receive/can specify IP addresses in the same range and subnet mask) is the best solution, as it also unifies all behind a single firewall. You point out the ultra-cool AirPort as too expensive for your taste, but if you watch the specials, you can get D-Link, Lynksys, or lesser known but just as good brands (like Hawking), that also have printer ports for enabling "network" printers without resorting to printer sharing via a host, for as little as free, if you watch rebates and such.

e.g., this deal is common, and ones for less that are new with more featurres and with free shipping come along all the time:

[link:]http://dealmac.com/deals/Refurbished-Netgear-WGT624-108-Mbps-802-11-g-4-Port-Firewall-Router-for-15/132194.html[/link:]

HTH



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: conigs on Oct 10, '06 10:13:44AM
If I am understanding the original hint, this is what your network looks like now:
http://conigs.com/temp/gboudrea/before.png

Why not set it up like this:
http://conigs.com/temp/gboudrea/after.png

This way, the WAP, and by extension all your wifi devices, are on the same network as all your ethernet connections.

[ Reply to This | # ]
One method of bridging network interfaces
Authored by: mike3k on Oct 09, '06 07:20:47PM

Most wireless routers have a built-in Ethernet switch, so none of this should be necessary. I'm using a Linksys WRT54G with my servers & iMac connected to the ethernet ports and I connect to it wirelessly from my MacBook Pro & Mac Mini.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: digitol on Oct 10, '06 01:28:55AM

@gboudrea:

There is a MUCH easier way to do this. Just about any router nowdays will achieve what you need. Furthermore, if you need you can configure multiple ethernet interfaces in your network pane. Multihoming is what I think you may be after.



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: chucky23 on Jun 08, '10 05:51:13PM

Well, folks complained about this hint at the time, but four years later, I wanted to do exactly what gboudrea was trying to explain, and his explanation was the only really sufficient one on the internet.

I'm now able to use my Mac Mini to act as a 5ghz radio to serve my TiVo hi-def video via ethernet, without having to buy a separate $80 box. And gboudrea correctly explains how I can connect into the TiVo from within my LAN.

Hours and dollars saved. Thank you.



[ Reply to This | # ]