Author Topic: Bridge vs NAT Router  (Read 8411 times)

paroots

  • Guest
Bridge vs NAT Router
« on: July 20, 2008, 04:38:36 AM »
I want to configure an HT-496 in the simplest possible way for my father-in-law who is computer illiterate. I intend to have him connect the WAN port of ATA to his DSL modem and LAN port of ATA to his Windows Vista laptop. I will set ATA to use dynamic IP addressing. My question is whether I should configure ATA to Bridge or NAT Router mode.  I do understand some of the issues about Bridge vs NAT Router. I believe that in NAT Router mode, a new subnet will be created and presumably the PC and ATA will each have their own IP address within this subnet. I\'m not sure how things will work in Bridge mode. Can someone explain the differences.Another consideration is that I want to be able to reconfigure the ATA remotely. Also, I use UltraVNC to remotely access his computer. I believe in NAT Router mode I would need to have some kind of port forwarding configured. For this reason, would Bridge work better? Thanks.

fgl30

  • Guest
Well, I´m not an expert,
« Reply #1 on: July 20, 2008, 06:13:15 AM »

Well, I´m not an expert, but as far as I know, Bridge mode is for a \'passive\' mode device use, when you already have a router in subnet... that´s not your case, so you need to use NAT router function of ATA to control and share Internet to ATA and your´s dad laptop. Your config depends on what kind of ISP your dad uses... xDSL you´ll configure PPPoE and ATA router will connect to internet for your dad.... static IP maybe needs to clone MAC... is not a really hard job.....

About accessing remotly, well, sure will need forward ports, but I can´t theach you here...

Sorry for my bad english

 


daved

  • Guest
You\'re correct, paroots; use
« Reply #2 on: July 21, 2008, 11:52:01 AM »

You\'re correct, paroots; use bridge mode.

 

I assume your f-i-l\'s DSL modem has a built-in
router (and possibly firewall). The way to tell this
quickly is simply to check his PC\'s current IP
address; if it is <192.168.n.n> (for example,
192.168.1.100), the modem has a built-in router.

 

If there *is* a router, it already provides some sort
of firewall, a layer of NAT and also DHCP (it provides
each connected PC with an IP address). You don\'t want
to add another NAT layer, so ATA bridge mode is correct.

 

While in bridge mode, the ATA simply passes IP traffic
between the PC and the modem/router. The router will
issue the PC an IP address, using DHCP. But if you
want to remotely access the ATA, this adds one item.

Assign a static IP address to the ATA in the same scope
as the router DHCP issues to the PC. For example, if the
scope is <192.168.1.n>, use 192.168.1.201. Then, when
you remotely control the PC\'s desktop, you can use a Web
browser on the PC to access the ATA using its assigned
IP address--just as if you were there.   Luck, Dave

 

To test this, simply access the ATA from the PC when
you have finished the installation.   Luck, Dave

 


paroots

  • Guest
Thanks to fgl30 and daved.
« Reply #3 on: July 22, 2008, 03:05:51 AM »

Thanks to fgl30 and daved. Your comments were very helpful. I think my future direction will depend on whether the DSL modem does include a NAT router or not. If it does, the Bridge mode will be the simplest and if not, I will be forced to use NAT router mode of ATA. This is a dSL modem to be supplied by AT&T. It\'s now enroute to my f-i-l\'s location. Perhaps I can get the answer by calling AT&T tech support.

 

 


paroots

  • Guest
I spoke with AT&T and they
« Reply #4 on: July 22, 2008, 12:03:07 PM »

I spoke with AT&T and they told me that they shipped the Motorola 2210 DSL modem. From what I have learned online it appears that the router integrated into the modem is very limited. For example, I see no reference to port forwarding so I don\'t think I could access the PC remotely using UltraVNC. I can set the modem to share public IP address with LAN devices. I think this setting in combination with the ATA being in its default NAT Router mode would work since the ATA does have NAT and Port Forwarding capability. Comments or suggestions appreciated.


daved

  • Guest
You need to do some of your
« Reply #5 on: July 22, 2008, 04:36:29 PM »

You need to do some of your own research, paroots.

Do a Google search for the Motorola 2210. You\'ll find:
    http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02_UserManual.pdf

You\'ll also discover this a a Netopia router, similar to this:
    http://www.netopia.com/support/hardware/2240.html

 

You can probably access remotely by either turning on the
DMZ setting (called \'IP passthru\' by Netopia) or by using
port forwarding (called \'pinholes\' by Netopia).

 

It\'s true you could use the DMZ feature to present the ATA with
access to the public Internet. That would mean the ATA is the
only device that protects you from attack. I wouldn\'t depend on
its internal NAT to be an effective \'firewall\'.

 

I believe the modem has port forwarding; if it does, use it. If
not, I would buy a decent consumer firewall and not use
either the modem or the ATA as your firewall.   Dave


paroots

  • Guest
Thanks daved. Actually, I
« Reply #6 on: July 23, 2008, 07:44:46 AM »

Thanks daved. Actually, I have done a lot of googling. I have come accross both of the links you provided, but it seemed to me that neither one were helpful. The first one says nothing about the modem features I\'m looking for and the second one doesn\'t apply to the model in question. This link has been, by far, the most helpful: www.dslreports.com/faq/amfaq/2.6.1_Motorola_2210 This one is also helpful, but I don\'t understand much of what it says: www.shopsbc.com/catalog/productdetails.asp

 Based upon my research to date, I need to present the ATA with the public IP address then use the default NAT router of the ATA with port forwarding to support use of UltraVNC. I am still uncertain how best to do this. There seem to be two possibiliies as follows:

  1.   Leave modem in the default \'PPP on the Modem\' mode and set Share Public IP with LAN devices to Yes
  2.   Set modem to Bridge or perhaps PPP on the Computer mode which will require the ATA to connect to AT&T network using PPPoE. I would prefer not to do this because I would rather leave the modem in a state such that if ATA were taken out the PC and modem  could still connect to internet without ATA.

I\'m now hoping to learn enough to see how best to configure the modem. Comments or suggestions are much appreciated.

 

 


paroots

  • Guest
I just found this article.
« Reply #7 on: July 23, 2008, 09:54:03 AM »

I just found this article. It seems quite relevant: support.iprimus.com.au/index.php. It suggests I\'ll have the least problems putting the modem/router into the Bridge mode. I think checking the Share the Public IP address with LAN devices may be equivalent to what the article calls \'Half Bridge\'. As mentioned, I\'m leaning towards this in part because the modem is in a mode that will provide an intenet connection even if ATA is removed.

Upon further research it appears that there are some significant variations of the Motorola 2210 GUI. Here are two variations:

Motorola 2210-002-1002
   http://www.dslreports.com/faq/amfaq/2.6.1_Motorola_2210#15789
Motorola 2210-02-1006
   http://www.dslreports.com/faq/bellsouth/3.121_Motorola_Info#15821
 

I believe AT&T is shipping the 1006 variation.

 

 

 


paroots

  • Guest
Sorry Dave, but my focus
« Reply #8 on: July 24, 2008, 03:22:36 AM »

Sorry Dave, but my focus right now is trying to determine if the 2210 offers port forwarding or not. I got a bit off track looking at online data for the 2210-02-1002 when my f-i-l was actually shipped the 2210-02-1006. They apparently are quite different and have a completely different GUI. Not sure how the functionality differs.  Unfortunately, I have not found as much info for this modem. If it does offer port forwarding then I can leave the modem in its default NAT Router mode (with ATA in Bridge mode) and setup port forwarding so that messages from my UltraVNC viewer will be routed to the IP address of the PC. I do have some reason to be hopeful. If you open this webpage: http://www.dslreports.com/faq/bellsouth/3.121_Motorola_Info#15821 and look at the screenshot with the Firewall tab selected you can see another tab for  NAT/Gaming. It\'s been my limited experience that port forwarding may be found here.

 

If, however, the modem does not include a port fowarding feature, I will attempt to present the ATA with the public IP address and set it to NAT Router mode. I do know that the ATA offers port forwarding so UltraVNC should work fine. As you say, I will have limited protection from the NAT feature of ATA. Of course, my f-i-l\'s PC will have its own software firewall. The emphasis here must be on simplicity, ease of setup, and remote maintenance. I might also mention that we use Acronis True Image to restore his computer if it should for any reason become corrupted. He simply boots to an emergency CD (running Linux) and restores the image. The computer returns to what we call the \'lean and mean\' state.

 

I\'m also focusing on the steps that I must use to configure his ATA remotely. It becomes a \'chicken & egg\' situation. The ATA comes defaulted to NAT Router mode. So if the modem is in NAT Router mode and then he inserts the ATA in-line, we get what the article calls Double NAT. Obviously UltraVNC would cease to work at this point. What to do? The ATA does have a limited voice command functionality but switching between Router and Bridge mode is not an option. This is becoming quite challenging.


paroots

  • Guest
I submitted a post at:
« Reply #9 on: July 24, 2008, 08:18:17 AM »

I submitted a post at: http://www.dslreports.com/forum/r20840665-Modem-Motorola-2210021006-Features. The reply from Airwolf7 provided me with the correct simulator for the motorola 2210-02-1006 modem and even a series of screen shots showing the steps for setting up port forwarding. With this help I was able to enable remote access on the modem then remotely log onto the modem and setup port forwarding. With that accomplished I am now able to access their PC remotely. It\'s amazing the help you can get from the internet. Thanks for all the responses.

 

The remaining challenge will be setting up the ATA in Bridge mode since it\'s factory default is NAT Router mode. The only possible solution I can think of is to have my f-i-l insert the ATA in-line and then have him browse to 192.168.2.1 (ie, the default LAN gateway) to configure the ATA in Bridge mode. Once the ATA is rebooted, my f-i-l should go back online. I will then be able to connect to his computer via UltraVNC to complete the configuration of the ATA (eg, setting up VoIP provider parameters).

 


Rudy.Vanhalewyn

  • Guest
I got some excellent advice
« Reply #10 on: July 27, 2008, 10:43:50 PM »

I got some excellent advice from the Grandstream helpdesk. You can perfectly remotely access the device in NAT mode, simply by changing the web port (2nd item in basis settings) from 80 to 8080. To access you give in the device URL followed by :8080.

Rudy Vanhalewyn
Belgium


paroots

  • Guest
Thanks Rudy. I have noticed
« Reply #11 on: July 28, 2008, 02:53:20 AM »

Thanks Rudy. I have noticed that the value of 80 can be changed. Can you explain why that would be worthwhile? I know that 8080 is the default for https. When you switch to 8080, do you then access only via https. Is that the motivation for switching?

 

It seems to me that the more important value is the port used for the public IP address. Why not change that to something less common, but still forward it to port  80 on the ATA?

 


Rudy.Vanhalewyn

  • Guest
I must say I do not know
« Reply #12 on: July 28, 2008, 03:10:21 AM »

I must say I do not know much about ports myself. it is the hint I got from Grandstream itself. And it works. I have perfect remote access to the configuration pages now.

Rudy Vanhalewyn
Belgium


paroots

  • Guest
Thanks Rudy. When you say
« Reply #13 on: July 28, 2008, 06:22:12 AM »

Thanks Rudy. When you say Help desk are you referring to their tech support email address or something else?


Rudy.Vanhalewyn

  • Guest
Indeed, their tech support
« Reply #14 on: July 28, 2008, 11:28:35 PM »

Indeed, their tech support email address.

Rudy Vanhalewyn
Belgium