Wayne,
Unclear to me how bridge mode "told the Internet" - unless your
unfortunate Linux router is responding to each and every port on which
the outside world contacts it, rather than just ignoring anything other
than protocols you need. Did you check this with Shodan from another
site? Maybe I'm missing something here...?
My solution, for ever and ever, has been perhaps functionally
equivalent, though:
- leave the ISP modem in place - I assume (or take on faith) that it's
the type/model best suited to connect to their own infrastructure, and
means no issues with them "supporting" it
- on the ISP modem, enable DMZ (if modem LAN is 192.168.x.1, I make .2
the DMZ) so all traffic can flow out to its LAN unimpeded
- connect my own prosumer-grade gigabit router to the ISP modem LAN with
WAN = .2 and LAN + Wi-Fi as desired for the house
Now, during the *current* everlasting pandemic both my wife (university
professor) and I (IT guy in home office) prior to retirement needed
near-100% connectivity to the Interwebs, so have 2 ISPs (Bell Canada and
Rogers), each with the above setup and DMZ configuration and both
feeding from LAN into WAN ports of a prosumer-grade multi-WAN router
with failover mode configured. Since failover is not 100% guaranteed
automatically, I interposed small gigabit Ethernet switches between the
multi-WAN and its feeders, on an each-outlet-switched power bar, to
allow really simple forced failover. (The ISP routers are also on the
power bar, so could just switch off the offending one, but would rather
have them both on to allow monitoring status.) Both ISPs are gigabit
services, which means they deliver far less than that :-( but still
~750k for one and ~500k for the other; just as the speedometer on my
Honda Fit shows up to 220 km/h and the redline on the tach is ~6800 RPM.
Michael
On 2024-01-11 10:19 a.m., Wayne Shumaker wrote:
At 1/11/2024 08:10 AM, I wrote:
At 1/11/2024 02:47 AM, Paul wrote:
I always use the supplied modem/router in bridge mode & allow my own router to
handle everything, In my experience the company supplied equipment isn't great.
I would be very cautious with this approach...
At one time I tried to use bridge mode in order to use my own Linux router.
Unfortunately that bridge mode essentially told the internet I was wide open on
all ports, so my custom Linux router on the other side was swamped.
I would think twice about what bridge mode does for the supplied router.
PS, I am on cable now. My solution instead of bridge mode was: to buy my own
Motorola docsis cable modem and have my Linux router directly connected, and
not tell the world all my doors are wide open.
If one is forced to use company supplied router, I would suggest working with
it. Some often have a tech support port open and cannot be disabled. I'm in the
Schnozz nerdy camp.
WayneS
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|