Network bridge mac os

In OS X 10.2, Apple has added the new «share your Internet connection» function, and I am sure that a lot of users are going to use it as a software AirPort basestation. But I thought, why couldn’t you go the other way? So that is just what I did, created a wireless network bridge.

Here’s how I did it.

Wire connect your wireless base station to your WAN. This works with any 802.11b Basestation I’ve tried, Apple or otherwise.

Wire connect any Ethernet computers to your base station for your first network node.

Wirelessly connect your AirPort based computer to the wireless base station. I call this computer the «Ethernet Basestation,» and it will form the point of your second Ethernet node.

On the «Ethernet Basestation»0 computer, do the following:

Open the Network pane in the System Preferences
On the «Show:» pop-up menu, select ‘Network Port Configurations’.
Change the precedence order by moving ‘AirPort’ above the ‘Ethernet’ port you are going to connect your sub-net.
Click ‘Apply Now’.
Switch to the Sharing preferences pane.
Click the ‘Internet’ tab.
Click ‘Start’.
A message will state «You are connected to the Internet over AirPort. This connection will be shared with computers connected to Built-in Ethernet.»

Connect your wired Ethernet device (or devices via a hub) to the «Ethernet Basestation». I say devices because I am thinking that they could be a printer, PS2, etc.

Set the Ethernet computers to use DHCP. Reboot if you are using Mac OS 9.

You’re done! Surf the net on you wired Ethernet computers!

I can now have my own wired network that is connected to the Internet without stringing any wires to connect to my landlord’s network or the WAN! Wired -> Wireless -> Wired again! This wiring method has a number of interesting possible uses, including:

Print to Ethernet laser printers wirelessly w/o having to have it by your basestation.

Protect your sub-net with the new 10.2 Firewall

Avoid drilling holes or stringing wires through vents to connect your Ethernet only devices

Share your Internet connection with your neighbours and allow them to have wired networks in their apartment, dorm or house!

Have your neighbour share your Internet connection with their neighbour using another hardware or software AirPort basestation and so on for a wireless neighbourhood!

Cross rough terrain that your High-speed ISP won’t cross using boom antennas

[Editor’s note: Some of these uses may violate the terms of your contract for internet services; you might wish to read your paperwork before attempting to do some of these things!]

Источник

Строим OpenVPN мост под Mac OSX

Однажды у меня появилась необходимость иметь доступ к локальной сети из удаленного места. Для выполнения данной задачи на iMac был поставлен OSX server в котором был настроен удаленный доступ VPN. Все работало вполне сносно кроме mDNS(Bonjour). Как оказалось данная реализация VPN не поддерживает мультикаст. А он был жизненно необходим из за наличия некоторых специальных приложений которые работают только в локальной сети.

После непродолжительного поиска нашлось несколько решений данной проблемы. Одно из них бесплатное предполагало установку программы «Network Beacon» и прописывания в ней руками путей к службам «Bonjour». Другое решение было платным и предполагало установку специального приложения «ShareTool» которое во первых может строить собственные SSH туннели и во вторых передавать по туннелю информацию о службах на стороне сервера.

Минусов у этого решения два. Первый это то что надо покупать лицензию на каждую машину. Ну и второй заключается в том что это решение все равно костыль. А мне хотелось все сделать как можно чище.

Решением оказалась постройка VPN моста на базе OpenVPN с виртуальным адаптером «tap».
Но как это сделать? В сети я нашел много разных инструкций по настройке подобной конфигурации но ни одного варианта постройки моста под OSX.

И тут я вспомнил как настраивал мост для расширения беспроводной сети и решил сделать все похожим образом.

Шаг первый — Настраиваем OpenVPN

Все последующие шаги будут требовать прав суперпользователя. По этому открываем терминал и сразу переходим в режим безграничных возможностей.

Для начала устанавливаем драйвер TunTap
Загрузить его можно по этой ссылке: tuntap_20111101.tar.gz
Распаковываем, запускаем инсталлятор. После окончания установки загружаем модули в ядро.

Далее устанавливаем и сам OpenVPN посредством MacPorts.

Для тех кто еще не знает — Easy-RSA больше не входит в состав пакета OpenVPN по этому качаем его отдельно по ссылке:
easy-rsa-release-2.x.zip

Для большего удобства копируем содержимое папки «openvpn2» в «/etc/openvpn».

Распаковываем в нее Easy-RSA 2.

Правим под себя vars и генерируем ключи. Правка «vars» заключается в исправлении информации о держателе сертификата и ключа а также изменении (при необходимости) длинны параметров Диффи — Хеллмана.

В заключении генерируем параметры Диффи — Хеллмана.

Правим образец из «/etc/openvpn/sample-config-files/» или создаем новый «server.conf».
Для примера мой вариант

Теперь переходим к следующему этапу создаем мост средствами самой MacOS.

Шаг второй — «Мостостроительство»

Запускаем Системные настройки и выбираем Сеть.

Жмем на шестеренку и выбираем «Управлять виртуальными интерфейсами».

Далее кликаем на плюс и выбираем «Новый мост…».

Здесь мы никогда не увидим наш интерфейс «tap» даже при запущенном сервере OpenVPN. Но как оказалось при всей «дружественности» MacOs дает возможность создать сетевой мост с одним интерфейсом. А это как раз то что нам необходимо. Выбираем адаптер которым мы подключены к сети и обзываем мост по своему усмотрению. Жмем «создать» и «готово».

Далее настраиваем подключение моста также как был настроен сетевой интерфейс и кликаем Применить.

Все, сеть настроена и окно можно закрывать. Оно больше не понадобится.
Теперь можно проверить в терминале наличие моста с одним членом. Запускаем команду «ifconfig» и убеждаемся в наличии моста bridge0 с одним членом в роли которого выступает интерфейс который мы выбрали при его создании.

Следующий этап представляет из себя создание скрипта который должен выполнить две функции. Во первых убедить ядро пропускать пакеты и во вторых добавить интерфейс «tap» в мост.

Шаг третий — Запуск

Создаем файл «/etc/openvpn/scripts/up.sh».

Сохраняем и делаем его исполняемым.

Путь к этому скрипту прописывается в конфигурации сервера и запускается после создания виртуального интерфейса.

Сервер запустился? Если да то убиваем его «Control+C». Если вылетел с ошибками то смотрим с какими и исправляем.

Теперь переходим к автозапуску сервера.

Создаем файл «/Library/LaunchDaemons/org.openvpn.bridge.plist» следующего содержания.

Сохраняем и запускаем сервер.

Все, с запуском сервера справились. Переходим к клиенту.

Шаг четвертый — Клиент

Я коротко опишу только вариант запуска клиента из под MacOS. Так как я подключаюсь к этому серверу с МакБука, и у меня не было необходимости ставить на него Xcode и MacPorts, я решил использовать решение типа «все включено» каким является «Tunnelblick».

Создаем папку конфигурации. Например на рабочем столе. Делать это проще на сервере. Далее будет понятно почему.
В папке создаем файл «config.ovpn» и прописываем конфигурацию.

Сохраняем и копируем в ту же папку ключи и сертификаты созданные в начале.

После копирования ключей и сертификатов необходимо поменять им владельца. Он должен совпадать с пользователем под которым мы строим конфигурацию. За одно покидаем рай суперпользователей.

Далее переименовываем папку с конфигурацией и ключами (имя папки будет названием конфигурации в «Tunnelblick») и добавляем расширение «.tblk»

После этого переносим конфигурацию на клиент с установленным «Tunnelblick» любым удобным способом. После чего открываем «Finder» находим расположение конфигурации и щелкаем по ней дважды. Она автоматически добавится к конфигурациям.
Запускаем «Tunnelblick», выбираем из списка свою конфигурацию и жмем кнопку «Соединится». И если все сделано правильно то через несколько секунд у нас уже есть полный доступ к удаленной локальной сети включая все мультикаст протоколы.

Источник

whitehatty

#TheOnlyLimitIsTheOneYouSetYourself

#MacOSX : Make your Mac a Wireless Network Bridge

Sometimes you need to extend wireless field; you can do it transforming your Mac as a Wireless Network Bridge.

Why your Mac? Maybe a new shining Mac Book Pro? Well, let’s say your city has been hit by a big earthquake, so you had to leave your house, but your wireless network still works. Mobile Network won’t work due to excessive overhead but you can still access internet to contact your friends and family. Sharing your internet connection give this chance also to many other people (this has been happened to me recently).

First you need a Switch or a Router or a Wireless Access Point and Ethernet cables.

Connect your mac to your wireless network
Connect Switch / Router / Wireless Access Point to Mac Ethernet port
Go to System Preferences -> Sharing
Check Internet Sharing
- Share your connection from: Wi-Fi
- To computers using: Ethernet and Bluetooth PAN
Let DHCP enabled

NOTE: this way you can connect to internet while you can maintain a secure distance from damaged buildings.

Like this:

About whitehatty

Comments 32

This isn’t a bridge.

No. This isn’t a bridge. This is a ROUTER.

A bridge connects an existing network to different media.

A router creates a new network.

No, this is a NAT gateway or router. A bridge operates at the MAC addr level and doesn’t span different networks.

please read linked wikipedia article…

haha wikipedia. using wikipedia as proof is like using the campaign advertisements of politicians to prove they are decent people

Actually Wikipedia has shown to be quite reliable. That said, you have Google or books if you want a better reference.

This is most definitely not a bridge. Regardless of the semantics or the Wikipedia article (which is terrible) or whatever, the fact remains that what OSX creates when you enable internet sharing is, in fact, a routed NAT network. Devices connecting to the Mac get an entirely different subnet than the one the Mac is connecting to. Therefore, this is absolutely NOT acting as a bridge, it is a NAT router (routers operate at the network layer, or Layer 3. Bridges operate at the link layer, or Layer 2)

You might want add some flexibility to the categorization you just provided. Routers (and switches) can operate at a higher level than what you said, so if you strictly consider your definition they are not (Cisco sell them, just sayin’).
Let me try to explain, once and for all.
Wireless bridge in a network means a link between two devices, where the link is wireless. Now, as you can see, there isn’t a specification on how this can be achieved. If using natting or whatever else, It still is a wireless bridge. I can remove the word “network” if you find it is confusing, that’s it.

whitehatty, they’re right, it’s not a bridge. When you bridge two networks together, it’s done at an ethernet protocol layer, not at a TCP/IP layer. These instructions clearly set the computer up as a router which routes traffic from one network to another. The differences are subtle, but one key difference is when two networks are bridged devices can talk directly one to another using physical MAC addresses. MAC addresses not on a network will be forwarded to the bridged connection, and vice versa.

… although, bridging can happen on any network protocol, I suppose. I don’t think what you describe is a bridge because bridges do not translate addresses.

Don’t stop on the word bridge and take the time to read the link to Wikipedia, please.
Btw, if you look for fancy stuff you might be surprised to find that exist level 7 switches and routing then 🙂
In all these cases the words bridge, switch and router assume a broader meaning than the one they have in the classic TCP/IP or ISO/OSI layering.
CS PhD student here.

Words have meaning, especially where technical subjects are concerned. Since the subject at hand deals specifically with ethernet and TCP/IP, using meanings ascribed to those words from outside the scope of those two subjects is not helpful.

Also goes to reinforce the idea that CS academics haven’t got the foggiest clue how stuff works out there in the real world.

Yes, words have meaning and it looks like you failed to keep up with them.

No seriously, don’t make it personal…

Everything right, indeed I am not claiming it is a level 2 bridge…As I said earlier here the word “bridge” has a broader meaning, is it that hard to get it? Damn…
Oh, bye the way, I will not reccomend the use of uPnP for security reasons. If you want forward/block packets from/to other subnets it is as easy as deploy a firewall rule, that is, you can create a whole virtual network on top of a physical network having completely different topology without any problem. [And I don’t know why you tell me this, since I just wrote that I have ample knowledge of the subject, lol]

Now, the good part…the links on github, those might be useful to someone, even though I think there is no point having a Mac working that way [I repeat, IMHO]…well, what I mean is that you can have better performance and save a lot of money with a Linux box…

Last, but not least…well, it was a temporary solution, an earthquake, got it?

So, I don’t wan’t to be rude, but if the post is just to show your knowledge of the subject, what is the point? Everybody can google-paste what he finds, and then?
Now, let’s talk about something that is more valuable; what’s the case scenario where you need a real level 2 bridge for a Mac [given that you can do the same with a router or a linux box]?

Case for needing a real Level 2 bridge with a Mac:
1: Wifi only internet source (ISP’s router)
2: Ethernet-only NAS
3: 2 computers – 1x Mac Mini, 1x Macbook
4: Both computers should be able to see and access the NAS for backups, etc.

The ideal setup “feels” like
– Mini connected to outside world by Wifi.
– NAS connected to the ethernet port on the Mini
– MacBook connects to the internet and the Mini AND the NAS over wifi.

As it stands, I cannot get the Mini to correctly “bridge” the NAS to the same subnet as the wifi network, only to NAT the ethernet port through to the Internet on the outside of the ISP’s router.

I left the above comment simply because I was looking for a solution to making a wired to wireless bridge out of my mac and this blog posting was one of the first hits on Google, but wasn’t particularly helpful.

Anyway I have to go try the above linked code and see if I can figure out how to get it to make a WPA2 Personal Access Point…

I would like to connect a DD-WRT (WRT-54GL) router to my Mac with an ethernet cable and share my WIFI from and external hi-gain USB WIFI adaptor which can reach the house from the workshop 150m away. The airport card cannot handle distance around the workshop. Anyone know how to do this?

Its very simple NOW my Mac is behaving like a wifi bridge. Thank you for this post. Its been very useful to me.

Old topic, still I’d like to configure this on my Mini as well. I simply want to share my WiFi Internet connection over Ethernet on OSX, nee, macOS 10.12 (aka Sierra). I have some basic knowledge on IP, still I’m either too stupid or Apple broke Internet Sharing in 10.12, possibly earlier.

Any chance of opening up this old thread? TIA

As of right now, my Mac is not supported by Mac OS Sierra, so I can’t test it. I will try however on El Capitan later today and I’ll post an update if needed.

1. Wow! Very kind! And a swift reply to boot.

2. I don’t think the version should matter that much though. This is basic networking, and I can’t imagine Apple would enable/disable anything so basic at TCP/IP stuff.

3. Please allow me to writeup my config, which I’ll post later on.

Internet > ISP > DSL modem > Ethernet cable > AirPort Express > WiFi > MacMini

That’s basically my current setup. Other Macs also connecting to the Internet over WiFi, but seems irrelevant. Anyway, That MacMini sits next to my TV in the living, and I simply want to share its Internet connection (from WiFi) over the Ethernet port, just so I can hook up my TV/DVD player/DVR so that’ll have Internet access as well. That’s either device, not all at once, no hub, couplers or anything.

1. MacMini/SysPrefs/WiFi connects to AirPort Express, successfully, getting its IP over DHCP.
2. MacMini/SysPrefs/Ethernet enabled. Set it to DHCP, but don’t know if that should be the case. DHCP with manual address didn’t work either, not does a static IP.
3. MacMini/SysPrefs/Internet Sharing. Set to ’Share your connection from: WiFi…to computers using: Ethernet. (I have Remote Management enabled, as well as ssh and Screen Sharing, but that shouldn’t matter, right?)
4. LAN cable, a straight one or CrossOver – doesn’t matter; neither works.
5. DVR set to DHCP, doesn’t work. (Neither does static IP)
6. Checked the port config on both. Can’t config the DVR, but the MacMini is set to automatically (instead of hardcoded 1000Mbps / Full Duplex bladibla)

Various blogs and articles to be found on the Internet. But as they say, it’s an oasis of info. But getting something useful is another matter.

Hi, I tested mac os El Capitan and it seems to work.
Specifically, my setup is:
modem/router > ethernet cable > macbook pro > ethernet cable > access point.
The devices that need to access the shared connection connects to the access point.
DHCP is enabled everywhere.

Thanks for getting back to me.

It doesn’t work at my end, config:
Internet > ISP > DSL modem > Ethernet cable > AirPort Express > WiFi > MacMini > Ethernet port on MacMini > (straight) LAN cable > DVR.

All set to DHCP.
On Mac, which has a valid IP and connects to the Internet:
1) /SysPrefs/Sharing/Internet Sharing/ Share your connection from: WiFi To computers using: Ethernet.
2) /SysPrefs/Network/Ethernet/DHCP and it gives me a 169 address.
The DVR is set to DHCP and doesn’t get an IP.

I’m missing something so obvious I’m completely overlooking it…

Try to connect an access point or router before the dvr and check if it works

Succes! I hooked up a laptop, DHCP is getting an 10.0.0. address What I don’t understand is:
1) The Internet Sharing on the MacMini is giving a 169 address to the ethernet port. I would’ve expected a subnet of the 10.0.0.0 address, but I have no knowledge on subletting, so there.
2) The client is getting a 192.254.* address: why isn’t that a 169.* address?
3) The more important question, for me, is: My Mac Pro is on the same WiFi as the MacMini. Why can’t I ping that 192.254 address from there? I can only reach it from he MacMini. Perhaps that’s just as good as well: this way I’m forced to ftp onto the DVR from the MacMini, making me copy content on a USB stick or SD Card. That will be so much faster than ftp-ing over WiFi (n).

Anyway, thank you very much for your time and help. Much appreciated!

You know its guys like all of you who mess it up for the average consumer like me. All of you are jumping on this guy because of semantics. All I wanted to do was take my Mac and send the internet connection to my router to be rebroadcast. I could care less what it is called. But now that all you have thumped your chests and shown your knowledge, you accomplished nothing. Typical.

I know right! All of them jumping to conclusions without even understanding the context, not even Wikipedia convinces them, they all have to brag they know better xD It is kinda funny to receive a notification once in a while of the usual culprit. I am actually surprised this blog still receives any traffic since I have not been writing in a while, but I am glad it worked for you!

sharing is NOT the same as bridging a connection.

Net Eng here. This isn’t a bridge.

This creates a DHCP server on the Macintosh which then NAT’s the traffic to the wifi interface.

Источник

Network bridge mac os

This is Not a Discussion

Pages

Wednesday, January 29, 2014

How to make a (real) network bridge with a Mac (mini) and OS X (Mavricks)

What we’re not doing

Configure Primary Interface