Hi !
If firewall is enabled in systempreferences on my mac, and also in my modem, is it safe to uncheck it in my modem?
I´ve an LTE modem bridged to an apple airport extreme which provide my internet, please help, I´ve problem to access my security cams. Thanks in advance!!
Mac mini, macOS High Sierra (10.13)
The firewall is doing nothing in a bridged modem.. it is part of the router function and will have no effect if the Apple Extreme is your main router.. and there is no firewall in the airport except NAT.. which is wrongly referred to in some circles as a firewall. it kind of functions in a similar way and does provide protection.
Your security cams will need port forwarding.. which is not easy in the airport.. and the LTE modem must be properly and fully bridged. No double NAT..
Easy to check.. run a traceroute command via terminal to google DNS server. You should see just one private address.. and public thereafter.. two private addresses and you are in trouble.
traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 rt-ac3200-82f0 (192.168.2.254) 1.310 ms 1.053 ms 1.566 ms
2 pmelnxd-lns12.mel.eftel.com.au (203.123.68.177) 19.618 ms 27.539 ms 17.547 ms
3 po-1-353.core1.mel.eftel.com.au (203.123.68.193) 20.258 ms 18.160 ms 17.738 ms
4 203.123.69.134 (203.123.69.134) 19.759 ms 19.319 ms 19.090 ms
5 157.2.148.122.network.m2core.net.au (122.148.2.157) 31.007 ms 30.715 ms 30.306 ms
6 74.125.52.10 (74.125.52.10) 29.765 ms 30.498 ms 29.856 ms
7 108.170.247.65 (108.170.247.65) 30.611 ms
108.170.247.33 (108.170.247.33) 48.042 ms
108.170.247.65 (108.170.247.65) 30.584 ms
8 216.239.56.235 (216.239.56.235) 30.174 ms
216.239.56.239 (216.239.56.239) 30.420 ms
216.239.59.235 (216.239.59.235) 30.311 ms
9 google-public-dns-a.google.com (8.8.8.8) 30.813 ms 30.206 ms 30.220 ms
The firewall is doing nothing in a bridged modem.. it is part of the router function and will have no effect if the Apple Extreme is your main router.. and there is no firewall in the airport except NAT.. which is wrongly referred to in some circles as a firewall. it kind of functions in a similar way and does provide protection.
Your security cams will need port forwarding.. which is not easy in the airport.. and the LTE modem must be properly and fully bridged. No double NAT..
Easy to check.. run a traceroute command via terminal to google DNS server. You should see just one private address.. and public thereafter.. two private addresses and you are in trouble.
traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 rt-ac3200-82f0 (192.168.2.254) 1.310 ms 1.053 ms 1.566 ms
2 pmelnxd-lns12.mel.eftel.com.au (203.123.68.177) 19.618 ms 27.539 ms 17.547 ms
3 po-1-353.core1.mel.eftel.com.au (203.123.68.193) 20.258 ms 18.160 ms 17.738 ms
4 203.123.69.134 (203.123.69.134) 19.759 ms 19.319 ms 19.090 ms
5 157.2.148.122.network.m2core.net.au (122.148.2.157) 31.007 ms 30.715 ms 30.306 ms
6 74.125.52.10 (74.125.52.10) 29.765 ms 30.498 ms 29.856 ms
7 108.170.247.65 (108.170.247.65) 30.611 ms
108.170.247.33 (108.170.247.33) 48.042 ms
108.170.247.65 (108.170.247.65) 30.584 ms
8 216.239.56.235 (216.239.56.235) 30.174 ms
216.239.56.239 (216.239.56.239) 30.420 ms
216.239.59.235 (216.239.59.235) 30.311 ms
9 google-public-dns-a.google.com (8.8.8.8) 30.813 ms 30.206 ms 30.220 ms
Put your airport in bridge not router mode.. and make sure everything works.. if so there is a better setup IMHO .. using the airport as DHCP server with static IP on WAN.. but why not just start with using the airport without the double NAT and see how it goes.
The problem is your connection is not a modem.. it is modem router.. The LTE 3301 must be passing private IP and that means your connection cannot be passed to the cameras.. it is really hard to double NAT and get external access.
Seeing both private IP addresses would indicate that you still have two active routers in your current network configuration ... or that there is another router upstream of the modem. What is the make & model of your LTE-provided modem? Also which exact model is your AirPort Extreme base station?
When you run into trouble.. always simplify.
Remove all the apple routers.. put the LTE modem back in router mode.. that is how you had it.. not bridge.
Make sure internet works fine directly from the LTE modem router.. then factory reset the Airport Extreme and put it back.. it was in router mode on default IP.. and then the express.
It is a really poor layout but there is probably nothing you can do about it due to LTE setup being less than ideal.
You have to turn Firewall off..settings. Turning off Firewall allows the airport to be an extender option. This should prompt an additional network-option when setting up your airport.. to use as an extender network. After you establish it as extender behaving device, from your LTE ISP, you can alter settings to bridge-mode which may improve the signal... and also enhance functs like “handoff” between your devices. not sure by how much tho.
Bryan Ann Arbor
Ok, it´s the AirPort Extreme 802.11n (5:th generationen), the modem is Zyxel LTE 3301. I did restarted all my devices, and now everything works, but this happens from time to time!??
...it´s also extended, this setup, with 3 more airports wireless!
I´m not really sure what upstream router means, the extreme is the only one connected to the modem with ethernet!
thanks!
Hi!
Tried Your recommendations, but airport very unstable and really bad speed all over, I went back to bridged LTE modem.
Now when doing a network diagnostic, it says LAN can´t talk to router!?I have the same settings as of the beginning of this thread .why now LAN problems, diagnostic says I have to restart router, did that but same problem!?
I was thinking of trying port forward, but not really shore how to do that? ...Or is there a LTE modem that You know works better?
Thanks in advance/ Tomazo
Thanks for fast reply!
I have run the terminal traceroute command, and I think I have 2 private ones , 10.0.1.1 and 192.168.1.1, what can I do to this??
Ok, do You have a suggestion for a LTE modem router that can do this? thanks!
ok I´ll try this, thanks!
Ok, thanks!!!
Hi!
I don´t really understand,the airport extreme, put it back...in router mode? does this mean that I will have two wifi networks?
Firewalls
