ISP router in bridge mode and ISP FW

[Deleted member 62525]

So, I want to ask you guys if you have experienced this when switching your ISP router to bridge mode.

I had it done recently, and as soon is ISP switched my router to bridge mode I noticed that Skynet started to be flooded with malicious IP's. In the bridge mode you get a different IP - 96.x.x.x. Every 5 seconds. Skynet would block them like crazy. Now, I would expect that ISP traffic to my home router regardless of whether is bridged or not goes though ISP FW and they would at the very least block these. As soon as we switched back all that malicious traffic is gone.

That leads me to believe that ISP (in my case Shaw Cable in Canada), does not want users to switch home router to bridge mode. Even though they advertise that they provide the protection. When browsing ISP web site they do offer and provide documentation how to enable the router in bridge mode but don't say this would open the gates to hell and you are on your own.

Please share your experience with other ISP as I wonder what other ISP provide.

 

[ApexRon]

I did the same thing with AT&T's vDSL gateway router last year. It was a bad idea and I moved to cable with a cable modem of my own.

Unless you have some reason to retain the ISP router, I recommend trying to find out if they can give you a cable modem instead or if you can install one yourself.

 

[Deleted member 62525]

Thanks. I do have RT-86U for my home network. This router is connected to ISP provided cable modem. Sorry, I was not clear in the original post.

 

[ApexRon]

I do have RT-86U for my home network. This router is connected to ISP provided cable modem.

Am I to understand that you are putting the RT-86U in "Media Bridge" mode? Why?

 

[ApexRon]

@Markster A cable modem generally just converts cable technology to an Ethernet electrical interface. The RT-86U network IP address is assigned by your ISP via DHCP originating from your ISP's router somewhere other than your premise.

Of course, a cable modem can also have additional functions. What is the type and model of your cable modem?

 

[vango44]

Also on Shaw with bridge mode activated on a modem/router combo box and an AC86U after that. I don't have Skynet at the moment but I have the AI protect turned on. The behavior you see is normal and expected. Prior to bridging, you're relying on the Shaw router firewall and trying to use a second router behind that will not work well with default settings. If you bridge the Shaw router, you are simply exposing your own router to the ISP and everything on it. Most people wouldn't want their ISP to mess too much with traffic further upstream since then you have to hope they won't block stuff that you want but they think is "sketchy".

 

[ColinTaylor]

I had it done recently, and as soon is ISP switched my router to bridge mode I noticed that Skynet started to be flooded with malicious IP's. In the bridge mode you get a different IP - 96.x.x.x. Every 5 seconds. Skynet would block them like crazy. Now, I would expect that ISP traffic to my home router regardless of whether is bridged or not goes though ISP FW and they would at the very least block these. As soon as we switched back all that malicious traffic is gone.

If I understand you correctly your ISP "modem" is actually a combo modem+router, which was previously in "router mode". If so then there is nothing surprising about what you're seeing.

You raise two points. The first is that the IP address has changed. That will be because you are now getting a public IP address (96.x.x.x) from your ISP's network whereas before you were getting a private IP address (e.g. 192.168.x.y or 10.x.y.z) from your ISP router.

The second point was that you are "flooded" with unsolicited traffic. This is also to be expected as your RT-AC86U is now connected directly to the big bad internet. Previously it was behind your ISP router and the firewall on that device was stopping the traffic from getting to your RT-AC86U.

 

[Datalink]

@ColinTaylor pretty well explains what to expect. Yup, when you switch the modem to Bridge mode the router becomes the front end in terms of exposure to the internet, so, you will see the probing that the modem itself will block when its in Gateway mode. So, setup Skynet and start blocking countries.

Also, check with Shaw regarding bridge mode operations. Have they decided to allow that finally and will it work as expected? Seems that they've always used passthrough mode in the past which has to be set up by tech support. Personal opinion, they've never trusted their customers to run the modems in Bridge mode.

 

[Deleted member 62525]

@ColinTaylor pretty well explains what to expect. Yup, when you switch the modem to Bridge mode the router becomes the front end in terms of exposure to the internet, so, you will see the probing that the modem itself will block when its in Gateway mode. So, setup Skynet and start blocking countries.

Also, check with Shaw regarding bridge mode operations. Have they decided to allow that finally and will it work as expected? Seems that they've always used passthrough mode in the past which has to be set up by tech support. Personal opinion, they've never trusted their customers to run the modems in Bridge mode.

Thanks to everyone for the feedback and your input. Appreciated.

 

[Deleted member 62525]

Thanks to everyone for the feedback and your input. Appreciated.

I have decided against putting ISP cable/modem in a bridge mode. I know that many people do have issues with 2 NAT networks. For me it’s not a problem or concern. But what I did is disabled both radios on the ISP modem and disabled UPNP as well as firewall.

 

[CaptainSTX]

It should not be necessary to disable the firewall on ISP modem/router. Disabling firewall leaves the device subject to attack. In a lab/test setup I have had up to four routers chained in a quad NAT setup with the firewall enabled on all four routers.

I run in a double NAT setup and ALWAYS leave the firewall enabled on both devices. I never enable DMZ and leave UPNP off on both routers.