From: Wayne Shumaker <om3ti@xxxxxxxx>
Date: Thu, 11 Jan 2024 11:28:01 -0700
At 1/11/2024 10:26 AM, Michael wrote:
>Unclear to me how bridge mode "told the Internet" - unless your unfortunate 
>Linux router is responding to each and every port on which the outside world 
>contacts it, rather than just ignoring anything other than protocols you need. 
>Did you check this with Shodan from another site? Maybe I'm missing something 

There are a number of sites that show what ports are open, search for port 
checker. In bridge mode my supplied ISP router just opened all the ports. Even 
though I had a firewall on the other side with setting to drop most packets, 
the open ports checker showed them as all open. Hence was bombarding my 
firewall. So the supplied ISP router was responding to internet traffic 
indicating ports open in order to pass them, rather than just being a direct 
pass through.

It could be that I had PPPoE at the time (early FIOS) and the ISP router had to 
establish the connection. Hence to mimic bridge mode it just indicated all the 
ports open.

>My solution, for ever and ever, has been perhaps functionally equivalent, 
>- leave the ISP modem in place - I assume (or take on faith) that it's the 
>type/model best suited to connect to their own infrastructure, and means no 
>issues with them "supporting" it
>- on the ISP modem, enable DMZ (if modem LAN is 192.168.x.1, I make .2 the 
>DMZ) so all traffic can flow out to its LAN unimpeded
>- connect my own prosumer-grade gigabit router to the ISP modem LAN with WAN = 
>.2 and LAN + Wi-Fi as desired for the house

I think I tried DMZ and same problem. It may depend on the ISP router.

Which ever method, I suggest checking for open ports. If they show all open, 
better have a hardened router. I was using shorewall on Linux.

