Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'One method of bridging network interfaces' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
One method of bridging network interfaces
Authored by: gboudrea on Oct 09, '06 04:37:19PM

Most people seems to have missed the point of what I was trying to achieve.

To simplify:
Computer A is on my LAN.
Computer B is on my LAN and has internet access.
Computer C is on the Internet.

Computer B has Internet Sharing enabled.
So now, computer A and B can both reach computer C. Yay!

But I also need computer C to be able to reach computer A on my private LAN.
To be able to do that, computer C needs to know where is computer A, so I forced a route (config. on computer C) to computer A that goes through computer B. And I configured computer B to route incoming connections for computer A to the LAN.

Anyone who has a better way to configure computer B to allow access to computer A from the Internet is welcome to reply to this comment.
From what I found though Google searches, there's no way to configure the default Mac OS X Internet Sharing to do port forwarding, or DMZ.

- Guillaume



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: Frederico on Oct 10, '06 02:00:44AM

I read two drastically different descriptions of your setup and goals; but if I just listen to the example in this reply-thread, I don't understand why you don't just port-forward inbound ("from the Internet"; Computer C) traffic to Computer B via your router's undoubted ability to accept port forward commands to a single subnet IP address (like a DMZ, but is still port restrictive).

For example, I have a wired and a wireless LAN both at my workplace.

The wireless LAN is top-level; i.e., it hosts all the standard client/guest computers, printers, etc., and can accept guest access either wired or wirelessly; it also uplinks to the Internet (via cable modem). It is, of course, firewalled, but less-restrictive, to allow more communication in/out and across the LAN. Ffile transfers and freedom of movement/access is critical to workflow, and risk is dealt with by safe practice, virus software, etc. It is vulnerable, and frequently attacked, but no critical or sensitive data lives for long at this level. This is superfluous to our conversation, but is here to explain why *I* need two LAN types, and why I don't just use a wired/wireless combo LAN (as cheap as $15) as others have suggested you just convert to.

The wired-only LAN is at the second level, using its own firewall and router, so that I can protect my sales stations and sensitive data, customer data (credit card info, sensitive files, etc.); it uplinks to the level one LAN.

The computers on the second level need to be able to see/use/access the printers and computers on the first level, and can easily do so by passing IP-specific requests up through the second-level router to the first-level router; as well as access the Internet, which just get passed normally from gateway to gateway. Requests in the other direction are summarily denied, except for the following:

I frequently need to access my primary workstation under the second level from either a computer on the first level, or via the Internet from home. Similarly, our web server also resides behind the firewall and router at level two.

In order to access these computers/services "from the Internet", I have the first level router set to port-forward, e.g., port 80 requests (HTTP) to the second-level router, and the second level router points those same requests to the web server IP address. The same is true for file access; AFS ports are forwarded to my workstation, as are VNC and SSH port requests. These, of course, are further protected by 128bit passwords and secure sockets.

Any need to access any other computer on the second level is passed through my station as host. This is the "bridge" to which you refer and seek.

While you have created a situation that works for you, and was free, but, for most people, a $15-$50 all-in-one wireless/wired router combo, which has built-in bridging (i.e., wired and wireless computers receive/can specify IP addresses in the same range and subnet mask) is the best solution, as it also unifies all behind a single firewall. You point out the ultra-cool AirPort as too expensive for your taste, but if you watch the specials, you can get D-Link, Lynksys, or lesser known but just as good brands (like Hawking), that also have printer ports for enabling "network" printers without resorting to printer sharing via a host, for as little as free, if you watch rebates and such.

e.g., this deal is common, and ones for less that are new with more featurres and with free shipping come along all the time:

[link:]http://dealmac.com/deals/Refurbished-Netgear-WGT624-108-Mbps-802-11-g-4-Port-Firewall-Router-for-15/132194.html[/link:]

HTH



[ Reply to This | # ]
One method of bridging network interfaces
Authored by: conigs on Oct 10, '06 10:13:44AM
If I am understanding the original hint, this is what your network looks like now:
http://conigs.com/temp/gboudrea/before.png

Why not set it up like this:
http://conigs.com/temp/gboudrea/after.png

This way, the WAP, and by extension all your wifi devices, are on the same network as all your ethernet connections.

[ Reply to This | # ]