Bridging
A big disadvantage
to running NAT on your wireless hosts is that they become less
accessible to your wired hosts. While the wireless users can make
connections to any machine on the wire, connecting back through a NAT
is difficult (the AirPort provides some basic support for this by
allowing for static port mappings, but this is far from convenient).
For example, if you are running a Windows client on the wireless, the
Network Neighborhood will show other wireless clients only and not
any machines on the wire, since NAT effectively hides broadcast
traffic (which the Windows SMB protocol relies on). If you already
have a DHCP server on your wired network, and are running private
addresses, the NAT and DHCP functions of the AirPort are redundant,
and can simply get in the way.
Rather than duplicate effort and make life difficult, you can
disable NAT
and DHCP and enable bridging to the wire. Turn off DHCP under
DHCP Functions (as we saw previously), and check
the Act as transparent bridge (no NAT) under the
Bridging Functions tab. When the AirPort is
operating in this mode, all traffic destined for your wireless
clients that happens on the wire gets broadcast over wireless, and
vice versa. This includes broadcast traffic (such as DHCP requests
and SMB announcement traffic). Apart from wireless authentication,
this makes your AirPort seem completely invisible to the rest of your
network.
Once bridging is enabled, you may find it difficult to get the unit
back into NAT mode. If it seems unresponsive to the Java Configurator
(or Mac AirPort Admin utility) while in bridging mode, there are a
couple of ways to bring it back.
If you have a Mac, you can do a manual
reset.
Push the tiny button on the bottom of the AirPort with a paper clip
for about two seconds. The green center light on top will change to
amber. Connect the Ethernet port on your AirPort to your Mac and run
the admin utility. The software should let you
restore the AirPort to the default settings. You have five minutes to
do this before the amber light turns green and reverts to bridged
mode.
If you're running Linux, you can easily bring the
AirPort back online using Lucent's
cliproxy utility, without needing a hard reset.
Run the following commands from a Linux machine (either on the wire,
or associated over the wireless):
$ cliproxy
[ORiNOCO]> show accesspoints
Searching...
Hostname Eth Address IP Address Description
------------- -------------- ---------------- --------------------
NoCat 0030.42fa.cade 192.168.0.5 Base Station V3.64
[ORiNOCO]> configure remote 192.168.0.5 public
Config loaded from 192.168.0.5
NoCat> configure terminal
NoCat(config)> no service bridging
NoCat(config)> service napt
NoCat(config)> service dhcp-server
NoCat(config)> done
NoCat> write remote 192.168.0.5 public
NoCat> exit
Of course, substitute your password for public
and IP address where applicable. At this point, the
AirPort should reboot with NAT and DHCP enabled and bridging turned
off.
If you're running Windows and need to reset an
AirPort in bridged mode, I suggest you make friends with a Mac or
Linux user. You might be able to get things back to normal by doing a
hard reset (holding down the reset button with a paper clip for 30
seconds while powering the unit up), but I've never
been able to make that work. The previous two methods—using a
Mac hard reset or the Linux cliproxy
utility—have worked well for me in the past. I keep a copy of
cliproxy handy for just this reason.
Sections
