Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: 802.11/802.3 bridge (wireless <-> wired)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Fuel
n00b
n00b


Joined: 17 Nov 2005
Posts: 12

PostPosted: Sun Feb 05, 2006 4:38 pm    Post subject: HOWTO: 802.11/802.3 bridge (wireless <-> wired) Reply with quote

Introduction
Most wireless interfaces cannot be bridged right away.
This is because they won't send packets with other source addresses than their own.
Therefore they will be able to send packets through the bridge, but not recieve.

A simple scenario:

Code:

A - - - - - - - - - - - - - - [ BRIDGE ]------------------------- B
eth0                         eth1    eth0                      eth0
192.168.10.5/24                                            192.168.10.10/24


- - - = wireless connection
----- = wired connection

B tries to send data to A:
the packet is forwarded through the bridge without modification.
Source mac adress will be B's mac, packet won't be sent through eth1.

A tries to send data to B:
Packet will be sent without problems. (This requires a working promiscous mode)
Promiscous mode= interface will listen for all packets.

Solution:
Change the source adress of every packet going out on eth1 (the wlan card) to it's own adress.

What you need:

First make sure you have enabled the following support in the kernel:
- 802.1d Ethernet bridging
- Network Packet filtering (replaces ipchains) --> Bridge: Netfilter Configuration --> Ethernet bridge tables support (ebtables).
Make sure you enable at least (why not all) nat table support and snat target support.
Compile, install.. restart yada yada (:

Now emerge:
Code:

bridge-utils
ebtables


------------------------------------------------------------------------------
Before I go any further.
I assume that eth0 is wired nic and eth1 wireless nic.
I also assume that you have tested eth1 and your client computer so you at least can ping each other.
How i tested:
Bridge: iwconfig eth1 essid "test" mode ad-hoc && ifconfig eth1 192.168.10.10
Client: iwconfig eth1 essid "test" mode ad-hoc && ifconfig eth1 192.168.10.5
(both client and bridge has eth1 as wireless, I didn't have to set channel cus they both used the same default channel. Beware though, channel must be same)
And then just try to ping each other.
------------------------------------------------------------------------------

Ok.

Adding & enabling the bridge:
Code:

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up


There now, you have a bridge. All we need to do now is to make sure that every packet that goes out on eth1 (the wireless card) gets it source mac adress changed, this is where we use ebtables.

Code:

ebtables -t nat -A POSTROUTING -o eth1 -j snat --to-src <macadress of eth1>


Wow! Wasn't that simple? (: Linux pwnz!
And yes, your bridge may have it's own ip! just use ifconfig on br0 instead of eth0 or whatever you used before.


Now maybe we want to do this everytime we boot, so we don't have to type it in every time.

my /etc/conf.d/net
Code:

config_eth0=("null")

iwpriv_eth1="set_port3 1"
mode_eth1="ad-hoc"
essid_eth1="home"
channel_eth1=10
config_eth1=("null")

bridge_br0="eth0 eth1"
config_br0=("dhcp")


Adding the symlinks & to default init level.
Code:

ln -sf /etc/init.d/net.lo /etc/init.d/net.eth0
ln -sf /etc/init.d/net.lo /etc/init.d/net.eth1
ln -sf /etc/init.d/net.lo /etc/init.d/net.br0
rc-update add net.eth0 default
rc-update add net.eth1 default
rc-update add net.br0 default


Now, we want to make sure the tables get loaded every time at boot also.
Since my ebtables installation did not come with a init.d startup script, I wrote my own.
This script will load any tables in /etc/ebtables at start. And clear all tables on stop.

/etc/init.d/ebtables
Code:

#!/sbin/runscript

depend() {
        need net
}

start() {
        ebegin "Setting ebtable rules"
       
   # reset all tables
        ebtables -t filter -F
        ebtables -t nat -F
   ebtables -t broute -F

        # delete all user chains
        ebtables -t filter -X
        ebtables -t nat -X
   ebtables -t broute -X

        #Accept all packets by default
        ebtables -t filter -P INPUT   ACCEPT
        ebtables -t filter -P FORWARD ACCEPT
        ebtables -t filter -P OUTPUT  ACCEPT
        ebtables -t nat -P PREROUTING ACCEPT
        ebtables -t nat -P OUTPUT ACCEPT   
        ebtables -t nat -P POSTROUTING ACCEPT

   sh /etc/ebtables

        eend $?
}

stop() {
        ebegin "Clearing ebtable rules"
       
   # reset all tables
        ebtables -t filter -F
        ebtables -t nat -F
   ebtables -t broute -F

        # delete all user chains
        ebtables -t filter -X
        ebtables -t nat -X
   ebtables -t broute -X

        #Accept all packets by default
        ebtables -t filter -P INPUT   ACCEPT
        ebtables -t filter -P FORWARD ACCEPT
        ebtables -t filter -P OUTPUT  ACCEPT
        ebtables -t nat -P PREROUTING ACCEPT
        ebtables -t nat -P OUTPUT ACCEPT   
        ebtables -t nat -P POSTROUTING ACCEPT

   eend 0
}


And a sample /etc/ebtables file.

Code:

#!/bin/bash

export WLAN=eth1
export WLAN_MAC=$(ifconfig ${WLAN} | grep HWaddr | cut -d ' ' -f 11)

ebtables -t nat -A POSTROUTING -o ${WLAN} -j snat --to-src ${WLAN_MAC}


make sure you chmod both these files with at least 100.

Notes
Be a little bit patient with this, I had to wait one minute before my bridge was working.
tcpdump is a great utility for troubleshooting.

That's all!
Happy surfing!
Back to top
View user's profile Send private message
asarazan
n00b
n00b


Joined: 09 Apr 2005
Posts: 54

PostPosted: Mon Mar 13, 2006 4:28 am    Post subject: Reply with quote

I haven't been able to get this to work thus far. looking at dmesg, there weren't any errors.

I am at my parents' house in the basement, trying to get my desktop onto the home network via my Gentoo laptop, which has a wireless card.

Wireless: Ath0
Ethernet: Eth0

I do:
Code:

/etc/init.d/net.ath0 start
ifconfig eth0 up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
ifconfig br0 up
ebtables -t nat -A POSTROUTING -o ath0 -j snat --to-src [mac of ath0]


The computer on the other end of eth0 is running windows, should it be able to automatically acquire an IP, or what am I supposed to do? I've fiddled around with various static and dhcp setups, and nothing seems to work. My laptop also becomes unable to ping anything once I bring up the bridge, btw.
_________________
The Seraphim
Back to top
View user's profile Send private message
phaney
n00b
n00b


Joined: 15 Mar 2006
Posts: 1

PostPosted: Tue Mar 21, 2006 2:59 pm    Post subject: Won't work. Reply with quote

I've followed the instructions but I can't make it work. Ebtables doesn't seam to do anything for me. I'm using an atheros wireless card. Is there something I might have done wrong?

Don't really know what part of my other config to include, but I've had a bridge working well between two wired ethernet cards. Btw, a bridge that only includes the atheros card and no other acts without problems, but thats hardly even called a bridge now is it?

/phaney
Back to top
View user's profile Send private message
Fuel
n00b
n00b


Joined: 17 Nov 2005
Posts: 12

PostPosted: Thu Mar 30, 2006 7:39 pm    Post subject: Reply with quote

asarazan wrote:
I haven't been able to get this to work thus far. looking at dmesg, there weren't any errors.

I am at my parents' house in the basement, trying to get my desktop onto the home network via my Gentoo laptop, which has a wireless card.

Wireless: Ath0
Ethernet: Eth0

I do:
Code:

/etc/init.d/net.ath0 start
ifconfig eth0 up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
ifconfig br0 up
ebtables -t nat -A POSTROUTING -o ath0 -j snat --to-src [mac of ath0]


The computer on the other end of eth0 is running windows, should it be able to automatically acquire an IP, or what am I supposed to do? I've fiddled around with various static and dhcp setups, and nothing seems to work. My laptop also becomes unable to ping anything once I bring up the bridge, btw.


I have not been clear on some points.
Neither eth0 or eth1 may have an ip after the bridge is up. (check with ifconfig, you can clear by typing ifconfig eth0 0 && ifconfig eth1 0)

The computer on the other side of your eth0 will be able to aquire an ip automatically if you have a dhcp server connected somewhere in the network.
Your laptop is probably not working because br0 needs an ip.

phaney:
Try using tcpdump to investigate more.
Back to top
View user's profile Send private message
R!tman
Veteran
Veteran


Joined: 18 Dec 2003
Posts: 1303
Location: Zurich, Switzerland

PostPosted: Wed Apr 05, 2006 8:52 am    Post subject: Reply with quote

Same problem as phaney. Did you solve it, phaney?

EDIT: Nevermind, I solved it with this script.
Back to top
View user's profile Send private message
fyoory
n00b
n00b


Joined: 13 Feb 2004
Posts: 3

PostPosted: Sat Apr 22, 2006 5:44 pm    Post subject: Reply with quote

I wish I could get this to work. My setup varies slightly.

Code:

[inet]=====>[amnit cable modem router]=====WIFI (ACX wlan0)==>[gentoo br0]==Ethernet_to_3com_superstack_eth0===>Gentoo laptop


Thing is the wired side can go out, fine, no iptables or nothing but I cannot reach a forwarded port from INET to the laptop, or my VoIP telco box. Pinging from the ambit web interface to gentoo or the telco does not respond nor can you connect to those forwarded ports cept from inside the lan.

I think ebtables just dont like my acx wifi card.

P.S. Due to hurricane katrina, this is NOT my ideal setup for network in the home/office. We moved away from Louisiana to Texas and are renting a room. Ethernetting to the cable modem directly is really not an option because we cant alter the house. :(
Back to top
View user's profile Send private message
Nixus
n00b
n00b


Joined: 11 Feb 2007
Posts: 1

PostPosted: Sun Feb 11, 2007 3:27 pm    Post subject: Not working :/ Reply with quote

Hi

I have followed this post but unfortunately it doesn't want to work properly for me :( . I have two windows boxes connected to my Gentoo box the one via a wired interface eth2 and the other via a wireless interface ath0. These two interfaces are bound in a bridge br0. Both the windows boxes can ping the Gentoo box without any problems but they cant ping each other.

The output from tcpdump follows:

Box on wired interface (10.10.10.100) attempting to ping box on wireless interface (10.10.10.104):
Code:

tcpdump -i br0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 96 bytes
05:09:53.797512 arp who-has 10.10.10.104 tell 10.10.10.100
05:09:53.805437 arp reply 10.10.10.104 is-at 00:0b:cd:5c:60:4f (oui Unknown)
05:09:53.805567 IP 10.10.10.100 > 10.10.10.104: ICMP echo request, id 512, seq 23552, length 40
05:09:59.237534 IP 10.10.10.100 > 10.10.10.104: ICMP echo request, id 512, seq 23808, length 40
05:10:04.737501 IP 10.10.10.100 > 10.10.10.104: ICMP echo request, id 512, seq 24064, length 40



Box on wireless interface (10.10.10.104) attempting to ping box on wired interface (10.10.10.100):
Code:

tcpdump -i br0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 96 bytes
05:10:12.652031 IP 10.10.10.104 > 10.10.10.100: ICMP echo request, id 768, seq 5120, length 40
05:10:17.707289 IP 10.10.10.104 > 10.10.10.100: ICMP echo request, id 768, seq 5376, length 40
05:10:22.714059 IP 10.10.10.104 > 10.10.10.100: ICMP echo request, id 768, seq 5632, length 40


The bridge looks like this:
Code:

brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000f3d03ecc4       yes               eth2
                                                                         ath0


ifconfig shows:
Code:

ifconfig
ath0      Link encap:Ethernet  HWaddr 00:0F:3D:03:EC:C4
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:182 errors:0 dropped:0 overruns:0 frame:0
          TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:20956 (20.4 Kb)  TX bytes:79262 (77.4 Kb)

br0       Link encap:Ethernet  HWaddr 00:0F:3D:03:EC:C4
          inet addr:10.10.10.106  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:488 errors:0 dropped:0 overruns:0 frame:0
          TX packets:394 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:127097 (124.1 Kb)  TX bytes:193845 (189.3 Kb)

eth0      Link encap:Ethernet  HWaddr 00:04:75:7E:21:D6
          inet addr:192.168.0.87  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:711 errors:0 dropped:0 overruns:0 frame:0
          TX packets:690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:494385 (482.7 Kb)  TX bytes:150412 (146.8 Kb)
          Interrupt:10 Base address:0x2f80

eth2      Link encap:Ethernet  HWaddr 00:15:E9:B0:31:5A
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:314 errors:0 dropped:0 overruns:0 frame:0
          TX packets:500 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:115111 (112.4 Kb)  TX bytes:150253 (146.7 Kb)
          Interrupt:3 Base address:0xbc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

wifi0     Link encap:UNSPEC  HWaddr 00-0F-3D-03-EC-C4-38-70-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:937 errors:0 dropped:0 overruns:0 frame:15347
          TX packets:708 errors:9 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:68308 (66.7 Kb)  TX bytes:127387 (124.4 Kb)
          Interrupt:5 Memory:e9040000-e9050000


my /etc/ebtables looks like this:
Code:

cat /etc/ebtables
#!/bin/bash

export WLAN=ath0
export WLAN_MAC=$(ifconfig ${WLAN} | grep HWaddr | cut -d ' ' -f 11)

ebtables -t nat -A POSTROUTING -o ${WLAN} -j snat --to-src ${WLAN_MAC}


Does anyone have any idea why it would not be working? I would really appreciate the help this problem is starting to bug me a little.

Thanks in advance for any help.

Cheers
Nick
Back to top
View user's profile Send private message
random-feed
n00b
n00b


Joined: 12 May 2005
Posts: 20

PostPosted: Thu May 24, 2007 6:59 pm    Post subject: Reply with quote

Hmm, strange. I have a problem that is the exact oposite of what you are trying to solve.

Please see https://forums.gentoo.org/viewtopic-t-561261.html

I'd appreciate any suggestions or info.
_________________
If in doubt, mumble.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum