On a high level, I understand that bridge mode disables the NAT functionality of a router. In that case, the modem merely does it's job of converting the fiber optic/DSL/etc signals to digital signals and passes it on the the router.
However, how does this work on a technical level? i.e. How is the data being passed on, and what is the link between these two devices?
Can someone who has access to the modem also access the LAN?
Best Answer
It's all digital already (or analog, depending on perspective).
A bridge connects two networks at the data link layer (L2) and forwards in between by L2 address. The underlying physical layers and media can be very different, as long as their L2 protocols are similar enough to convert in between.
For example, an ISP runs PPPoA (point-to-point protocol over ATM) on the ADSL local loop. Then the bridge converts PPPoA frames into PPPoE ones (PPP over Ethernet) and of course, uses ADSL on the one and Ethernet on the other side as physical media. On the Ethernet side, another device (Ethernet WAN router, software router, PC client) could log in to a PPPoE session to connect to the Internet.
For a fiber uplink, PPPoE could be used as well on the WAN side, but it might also run plain IP, so the bridge works as a rather simple media converter.
Well, that depends on what you mean by access to the modem and by access the LAN. In bridge mode, the Ethernet side is still part of WAN, so you don't want to connect it to your private network directly. Put a router in between as a firewall. If you connect a PC directly, make sure its local firewall is active at all times.
However, access the LAN is likely meant as in communicate with my private network devices - since those likely use private addressing, anyone sending packets from WAN cannot use compatible addressing, so they'd have a hard time communicating.
On the other hand, it's possible that your LAN device cause information to leak out over the bridge that may provide useful information to a nearby attacker. Usually, the bridging modem and the ISP filter out compromising traffic but you don't want to rely on that.
In any case, WAN is to be considered hostile and you don't connect that without a firewall.
However, if access to the modem includes complete control over the modem/router, then yes, they can access your LAN as well. That's why you'd want to protect that device - configure a good password, disable the web GUI on the WAN side, etc.