Firewall for timecapsule

Discussion in 'Mac Accessories' started by aicul, Jun 2, 2013.

  1. aicul macrumors 6502a

    Joined:
    Jun 20, 2007
    Location:
    no cars, only boats
    #1
    Hi,

    I know Timecapsule has a firewall, but it is not active in bridge mode.

    Anyone know how I can activate the firewall in bridge mode.

    I need this because the web provider has a specific firmware router that does not have a firewall, and I have connected my timecapsule to the router to be able to manage the wifi in apple style.


    But for this I must setup bridge mode, which seems to disable the timecapsule firewall.

    Any ideas ?
     
  2. gr8tfly macrumors 603

    gr8tfly

    Joined:
    Oct 29, 2006
    Location:
    ~119W 34N
    #2
    Are your LAN devices all getting a local IPs through the modem? Or, if you only have a single device, same question? Also, what service do you have (DSL, cable, etc.)?

    If not, then the modem is already functioning as a bridge, and you should be fine setting the Time Capsule as your router (it will get a WAN IP from the provider).

    I haven't heard of a modem functioning as something in between - unless your provider is allowing multiple devices directly through the modem. Even then, since those would all be "outside" WAN IPs, you should be able to just let the TC use one and function as a gateway to it (the outside WAN IP). You'll get local LAN IPs (10.x.x.x, 172.16.x.x, 192.168.x.x) through the TC.
     
  3. aicul thread starter macrumors 6502a

    Joined:
    Jun 20, 2007
    Location:
    no cars, only boats
    #3
    Hello,

    First let me indicate that I am more an educated novice than a pro in this matter.

    The router I have is special as I have an optical fiber into my house. The router is a netgear 300.

    The Timcapsule is set as a bridge, hence no firewall.

    I cannot change the router with one with a firewall as this router has special firmware for the optical fiber.

    Hope this clarifies the setup
     
  4. gr8tfly macrumors 603

    gr8tfly

    Joined:
    Oct 29, 2006
    Location:
    ~119W 34N
    #4
    To help clarify what your actual configuration is: If your computer (or whatever device you have connected through the TC) has an address in the ranges I noted, then the modem is functioning as a router. Otherwise, it is actually functioning as a bridge and you can setup the TC as your router.

    What happens if you try to configure the TC as a router? Does it get an address in the range(s) I noted as local?

    In Airport Utility, click Edit, then the Internet tab. This is where the WAN is configured (also, make sure you are connecting the modem to the WAN ethernet port on the TC - the one with a circle-like icon, and, I believe the left most jack). You can see how the TC is being configured by the modem (assuming it's DHCP).

    Aside from the TC, you can enable the firewall on your Mac (and actually have a bit of control over its configuration).
     
  5. ChrisA, Jun 2, 2013
    Last edited: Jun 2, 2013

    ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #5
    The Netgear 300 does have a basic firewall. It is enabled by default.

    A bridge and a firewall are by definition not possible at the save time. A "bridge" by definition connects two segments of the same IP network. A fire wall by definition connects two networks and uses rules to selectively route packets.

    If you need a firewall then use two subnets and a firewall.
     
  6. FreakinEurekan macrumors 68040

    FreakinEurekan

    Joined:
    Sep 8, 2011
    Location:
    Eureka Springs, Arkansas
    #6
    This is your answer. A firewall is going to by definition involve a router (yeah it could be a proxy or something else, but practically speaking it's going to be a router). That means you need to enable routing in your AirPort, or use some other device that routes. Since your fiber modem is also a router, you'll be double-NATed - which isn't the end of the world, though some apps (peer-to-peer stuff like gaming, VPN) may dislike it.
     

Share This Page