T.s.1990
Level 1 (4 points)
Wireless

Q: Setting up time capsule in Bridge mode, security?

Hi,

 

may someone could help me out. I'm a little bit worried about the security of my network.

I bought a Time Capsule, in first place to make back-up's. At home there is already an exciting network. We have a router of the provider wich only can run in router mode (NAT) and has a firewall, wich is a good thing. There is no option to change these settings of the main router.

 

Because the router of the provider can't be changed, I setup the Time Capsule in "Bridge mode" and created a new network. When i'm connected to the TC-network, every device is getting a own IP-adress, the internet is running fine and fast, it seems even better than when i'm connected to the main router. So i turned off the wireless of the main router (wich is running in router mode).

 

Now i'm always connected to the "Bridged" Time Capsule. It works fint but i heard there's no firewall in bridge mode. So now i'm a little bit worried the TC-network isn't secure. What are the best options:

- Are these "Bridge" settings ok, when there is a main router in the existing network? (So is the firewall of the main router working to my TC-network?)

- Or is it better to use the wireless of the main router, and to turn-off the wireless mode of my TC?

 

It may a dumb question but i don't really understand much of Bridge- and router-modes .

 

Kind regards and thanks advance

Airport Time Capsule 802.11ac, OS X Yosemite (10.10.4), Time Capsule, Airpot

Posted on Aug 13, 2015 12:47 AM

by LaPastenague,Solvedanswer
LaPastenague LaPastenague
Level 9 (52,335 points)
Wireless
A:

Bridge is no problem at all.. the existing NAT router is still fully functional as firewall for the network.

 

The only concern I would have is the wireless is properly password protected..

 

So in the wireless tab of the airport utility.. did you set a suitable password and WPA2 personal security. Use nothing less.

 

wireless tab au6.png

 

I always recommend short names. No spaces pure alphanumerics.. that is up to you however.

 

Password should be 8-20 characters mixed case and numbers..

 

It is also good if there are people you don't trust to change the base station password if you didn't set it to the one password when you setup .. mostly apple setup wizard now simply sets the password for both wireless and base station the same. Which is fine.

 

If you have done that your security is fine.

Posted on Aug 13, 2015 2:51 AM

Close
T.s.1990

Q: Setting up time capsule in Bridge mode, security?

  • All replies
  • Helpful answers

  • by LaPastenague,Solvedanswer

    LaPastenague LaPastenague Aug 13, 2015 2:51 AM in response to T.s.1990
    Level 9 (52,335 points)
    Wireless
    Aug 13, 2015 2:51 AM in response to T.s.1990

    Bridge is no problem at all.. the existing NAT router is still fully functional as firewall for the network.

     

    The only concern I would have is the wireless is properly password protected..

     

    So in the wireless tab of the airport utility.. did you set a suitable password and WPA2 personal security. Use nothing less.

     

    wireless tab au6.png

     

    I always recommend short names. No spaces pure alphanumerics.. that is up to you however.

     

    Password should be 8-20 characters mixed case and numbers..

     

    It is also good if there are people you don't trust to change the base station password if you didn't set it to the one password when you setup .. mostly apple setup wizard now simply sets the password for both wireless and base station the same. Which is fine.

     

    If you have done that your security is fine.

  • by T.s.1990,

    T.s.1990 T.s.1990 Aug 13, 2015 4:29 AM in response to LaPastenague
    Level 1 (4 points)
    Wireless
    Aug 13, 2015 4:29 AM in response to LaPastenague

    Hi,

     

    Thank you for the reply. I set up a WPA2 code for the TC-network, like you said. I'm glad to hear that the firewall still is working and the settings are fine.

     

    Thanks

  • by T.s.1990,

    T.s.1990 T.s.1990 Aug 31, 2015 2:34 AM in response to LaPastenague
    Level 1 (4 points)
    Wireless
    Aug 31, 2015 2:34 AM in response to LaPastenague

    Hi,

     

    maybe one last question. The Network Name has spaces. I've never notices that this could be wrong, because the names Apple recommend at the first install for example, has spaces. Why is it better to use no spaces for the ssid (and base station name)?

     

    Thanks

  • by LaPastenague,Helpful

    LaPastenague LaPastenague Sep 3, 2015 3:59 AM in response to T.s.1990
    Level 9 (52,335 points)
    Wireless
    Sep 3, 2015 3:59 AM in response to T.s.1990

    It is due to the fact that the name is translated to network compliance.

     

    In other words.. let's say you named the TC..

     

    Fred Blog's Airport Time Capsule

     

    That is not a valid network name.

     

    The airport firmware will actually translate that name to

     

    fred-blogs-airport-time-capsule

     

    Now another factor pops into play.. that name is 31 characters by my count.. more or less.. that exceeds the recommend name length.

     

    See pondini here. http://pondini.org/TM/C9.html

    He says 25 characters.

     

    You will find it very hard to find apple make clear statements about name length..

     

    Most of them have to do with the OS.. but networking has much greater restrictions.

     

    OS X: Cross-platform filename best practices and conventions - Apple Support

     

    I am not sure if you are aware but since Mavericks.. Apple now defaults to windows networking.. hard to believe but true.

     

    SMB has restrictions more severe than Apple commonly reveals.

    How to connect with File Sharing on your Mac - Apple Support

     

    Plus to add the fun.. Apple broke the SMB rules in Mavericks.

     

    This issue went on and on.. smb fix mavericks 10.9.5 breaks SMB connectivity to my Windows 8.1 PC

     

    http://www.zdnet.com/article/mavericks-smb2-problem-and-fixes/

     

     

    So I have encouraged people to use the smallest lowest common denominator subset of standard rules..

     

    Short.. no spaces.. pure alphanumerics.

     

    I am not saying it won't work with spaces.. or special characters..  I am saying it can lead to issues.

     

    Long names are certainly to be avoided.. as Pondini states.. keep them under 25.. which I rounded down to 20. And full marks for less than 10.

     

    It is also kind of nice when the name and network name.. are identical..

     

    ie I name the TC.. tcgen4

    and guess what name that is translated to.. tcgen4

    Makes life easier to know that the name and network name actually match.

     

    wireless name tc24ghz is translated to tc24ghz for wireless.. aint that a lot easier???

  • by T.s.1990,

    T.s.1990 T.s.1990 Sep 3, 2015 3:59 AM in response to LaPastenague
    Level 1 (4 points)
    Wireless
    Sep 3, 2015 3:59 AM in response to LaPastenague

    allright, indeed that should be a lot easier  ... Thanks for the quick response. Now it's also a lot easier for me to understand.

     

    Kind regards.