[lug] router in bridge mode

Nate Duehr nate at natetech.com
Fri Aug 23 16:06:53 MDT 2002 

A router like a Cisco 678 in bridge mode may have enough "intelligence"
not to pass packets not destined to the upstream router... depending on
how it was set up.  Anything's possible with the right filters and
setup.  (GRIN)

I had a bridge-style connection to Rhythms (long ago).  I never saw any
traffic destined for anyone else, and presumably they never saw my other
traffic between non-public-IP machines plugged into a hub inside the
router... however I'd bet that was more a function of the DSLAM than the
cheesy little "router" they provided.  I bet all my broadcasts and
traffic traversed up to the DSLAM where it was filtered... (or viewed,
if you're the paranoid sort).

Of course, another way to skin this cat is to put a switch behind that
router and then things will more generally stay on the ports bound for
where they belong, broadcasts and multicast excepted.

----

On a side-note related to bridging and Linux, I was sad to find that the
Linux bridging code is pretty static about what it thinks is "right" way
to design your network -- at least on 2.4.18 on a PPC machine.  

It always tries to send ARP requests out eth0, and doesn't play nicely
at ALL with wireless cards.  (Wanted to use eth1 as the default route,
which is the wireless card and eth0, the wired port as basically an
access point, acting as a network bridge.)

I tried various tricks to alias eth0 and eth1 backward and every time
the other problem that popped up was that the Debian scripts would see
eth0 and eth1 "disappear" and then br0 would come up and have no ESSID
information and iwconfig claimed that the combined eth0 and eth1 as part
of br0 didn't have any wireless extensions.  Ahhh well.

However I did find that the 2.4 kernel's implementation of proxy-arp
seems to work very well, and that made for an "almost bridge" without
the ability to check for Layer 2 loops (Spanning Tree), that seems to
work pretty well.  

I now have an iMac acting as a proxy arp machine for other machines
hanging off of its ethernet port, while it's connected across the house
via wireless 802.11b in standard "client" mode... which is kinda cool! 
:-)

Well... things to do in Denver when you're bored and relatively broke
and don't want to buy another 802.11b access point.  :-)

Nate

On Tue, 2002-08-20 at 09:27, Franklin Bowen wrote:
> I think your friend can not hub in his other computers because they will 
> exist/be visible on the ISP's network.  He could put a router NOT in 
> bridging mode between the current router and his network, as George has done.
> 
> At 09:03 AM 8/20/2002 -0600, you wrote:
> >In bridge mode, the router has no IP address. It's just a media converter to
> >ethernet.
> >
> >For example, I run my Cisco 675 in bridge mode. The router has no IP. My
> >linux router has two NICs. The 675 connects to one, and the network to the
> >other. To the world, the Cisco 675 doesn't exist.
> >
> >George Sexton
> >MH Software, Inc.
> >Home of Connect Daily Web Calendar Software
> >http://www.mhsoftware.com/connectdaily.htm
> >
> >
> >-----Original Message-----
> >From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> >Behalf Of Kenneth D. Weinert
> >Sent: 20 August, 2002 8:27 AM
> >To: lug at lug.boulder.co.us
> >Subject: [lug] router in bridge mode
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Forwarding a question that's a bit beyond my ken - any thoughts are
> >appreciated:
> >
> >  techie question - if an ISP says they're going to set your SDSL router up
> >in
> >"bridge" mode with 1 or 2 IP addresses, what does that mean? Is it still a
> >router that can share the connection with as many computers as you hub in?
> >
> >Personally I still don't have a home network set up because I'm trying to
> >get
> >it sorted - too much hands-on hardware :)
> >
> >Thanks in advance for any assistance.
> >
> >- --
> >/~\ The ASCII        Ken Weinert   mc at morat.net
> >\ / Ribbon Campaign  303-452-6603 (V) 303-705-4258 (F)
> >  X  Against HTML     GnuPG: 9274F1CE  GnuPG available at
> >http://www.gnupg.org/
> >/ \ Email!           1D87 3720 BB77 4489 A928  79D6 F8EC DD76 9274 F1CE
> >"TV is chewing gum for the eyes" --Frank Lloyd Wright
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.0.6 (GNU/Linux)
> >Comment: For info see http://www.gnupg.org
> >
> >iEYEARECAAYFAj1iUZ4ACgkQ+OzddpJ08c7GWwCgszozA39d2b9J+sDQ7lFpL8sK
> >WrkAni254oe6JOW2S2F4h7lTsXZVVGVZ
> >=d7yO
> >-----END PGP SIGNATURE-----
> >
> >_______________________________________________
> >Web Page:  http://lug.boulder.co.us
> >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >Join us on IRC: lug.boulder.co.us portf67 channel
> >
> >_______________________________________________
> >Web Page:  http://lug.boulder.co.us
> >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 
> --
> Franklin Bowen (Franklin at Bowen.net)
> http://Franklin.Bowen.net
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list