Re: Bridge mode vs. router mode in DSL modems
On Mon, 7 Mar 2011 00:54:19 -0600 Jason Hsu jhsu802...@jasonhsu.com wrote: QUESTIONS: 1. How do I know if my DSL modem is the culprit blocking remote access to my computer? 2. Exactly what is the difference between bridge mode and router mode in a DSL modem? I read that if my DSL modem is blocking remote access to my computer, switching it to bridge mode would remedy this. 3. Why does switching my DSL modem to bridge mode cut off Internet access, and why does switching it back to router mode restore Internet access? A router connects two or more different IP broadcast domains (different network addresses) and contains routing rules to decide which interface to use in relaying packets it receives. An Internet router generally also contains a simple firewall and does NAT translation. A bridge is effectively a piece of wire, passing everything between two parts of the same broadcast domain and doing no processing. So when you switch from router to bridge mode, the next connection assigns a public IP address to the next piece of equipment in from the bridge. If it cannot accept that address, there's a problem. If the firewall rules do not allow for the public IP address, there's a problem. The piece of equipment connected to the bridge is also exposed directly to the Internet. Only use bridge mode if you know exactly what it does, and that's what you want, and for most people it won't be. BACKGROUND: I have a small home network. The setup is: Internet - DSL modem - Firewall/server computer - Ethernet switch - Main computer The DSL modem is an Embarq EQ-660R ADSL router. My ISP is CenturyLink. I'm trying to set up an SSH server on the firewall/server computer. I have a free account from DynDNS, but their Open Port Tool (at https://www.dyndns.com/support/tools/openport.html , which I set to port 22) gives me the timed out error message. I don't think the Shorewall firewall on the firewall/server is the problem, as I have the /etc/shorewall/policy file set to accept firewall-to-all communications (through port 22) and the /etc/shorewall/rules set to accept net-to-firewall (through port 22). Some searches on Google gave me the idea that my DSL modem could be the culprit. This brings me to the questions at the beginning of this post. You have a fair way to go before you should advertise as a consultant. A good working knowledge of networking is an absolute requirement. *You* should be able to tell *us* the difference between a bridge and router, and you should certainly be able to troubleshoot this kind of problem. 1. Check that sshd is actually running and is accepting connections on the WAN port. Try a connection first from localhost, and examine the configuration file to check that the WAN port and your user are allowed. By default, with no changes made, it should work. 2. Check that ssh works from a computer directly connected to your server's WAN port (crossover cable possibly required). You'll need to tweak IP configurations to do this. 3. Check that the router has a forwarding rule to pass ssh to the server when back in normal configuration. 4. Check with http://grc.com Shields Up!! as to whether it can see port 22. Ignore Steve's dire warnings everywhere. If you get to this point without success with external ssh, any further issues are due to ISP port blocking (an urban myth, as far as I can see) or dynamic DNS issues. A consultant really ought to have a fixed IP address, as a dynamic IP address introduces uncertainties where you don't need them. Oh, and when ssh is working, move it to an unprivileged (high) port. It doesn't add much security, but it keeps a lot of rubbish out of your logs, and that's certainly worth doing. And you have configured it to work with keys, not passwords, haven't you? -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110307084258.14f12...@jresid.jretrading.com
Re: Bridge mode vs. router mode in DSL modems
[text rewrapped to 72 characters] On Lu, 07 mar 11, 00:54:19, Jason Hsu wrote: [snip 1. and 2.] The other points already addressed by Joe. 3. Why does switching my DSL modem to bridge mode cut off Internet access, and why does switching it back to router mode restore Internet access? My cristal ball says your DSL modem also does PPPoE (or similar). If this is not the case it might be enough to properly setup your firewall machine (DHCP or static IP). If you need assistance with this you have to provide much more info about your connection. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Bridge mode vs. router mode in DSL modems
Jason Hsu wrote: QUESTIONS: 1. How do I know if my DSL modem is the culprit blocking remote access to my computer? Test with modem in bridge mode, get server [or just a PC / laptop] to do a PPP login, then the server will have an IP that is directly accessible from the Internet. Remotely, perhaps via a friend, see if your connection responds to pings. Next see if the ssh server on server is working, check log files for login attempts -- it may be that the ISP is not forwarding some ports to your connection. Generally speaking, you probably want to set a modem to be in bridge mode with a purpose built firewall handling the PPP login and doing the routing for your network. Some modems (many really), do this quite well. 2. Exactly what is the difference between bridge mode and router mode in a DSL modem? I read that if my DSL modem is blocking remote access to my computer, switching it to bridge mode would remedy this. If the modem is doing PPP login, then it is likely passing data (routing) via NAT. 3. Why does switching my DSL modem to bridge mode cut off Internet access, and why does switching it back to router mode restore Internet access? Bridge mode doesn't handle the ISP login, you still need to login somewhere. Cheers -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d74b243.3030...@affinityvision.com.au
Re: Bridge mode vs. router mode in DSL modems
Jason Hsu put forth on 3/7/2011 12:54 AM: 1. How do I know if my DSL modem is the culprit blocking remote access to my computer? The DSL modem is an Embarq EQ-660R ADSL router. My ISP is CenturyLink. Everything you need to know is here: http://embarq.centurylink.com/embarq/refDocs/user_guides/internet/HSI_660rportforward.pdf -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d752b9d.7000...@hardwarefreak.com
Bridge mode vs. router mode in DSL modems
QUESTIONS: 1. How do I know if my DSL modem is the culprit blocking remote access to my computer? 2. Exactly what is the difference between bridge mode and router mode in a DSL modem? I read that if my DSL modem is blocking remote access to my computer, switching it to bridge mode would remedy this. 3. Why does switching my DSL modem to bridge mode cut off Internet access, and why does switching it back to router mode restore Internet access? BACKGROUND: I have a small home network. The setup is: Internet - DSL modem - Firewall/server computer - Ethernet switch - Main computer The DSL modem is an Embarq EQ-660R ADSL router. My ISP is CenturyLink. I'm trying to set up an SSH server on the firewall/server computer. I have a free account from DynDNS, but their Open Port Tool (at https://www.dyndns.com/support/tools/openport.html , which I set to port 22) gives me the timed out error message. I don't think the Shorewall firewall on the firewall/server is the problem, as I have the /etc/shorewall/policy file set to accept firewall-to-all communications (through port 22) and the /etc/shorewall/rules set to accept net-to-firewall (through port 22). Some searches on Google gave me the idea that my DSL modem could be the culprit. This brings me to the questions at the beginning of this post. -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110307005419.585298b3.jhsu802...@jasonhsu.com
