Bridging wlan0 to eth0Route eth0 to wlan0 (using 'route' command)?How can I 'link' one ethernet Network with a Wireless Network? (Linux)how to forward wlan0 to eth0?Linux command line best practices and tips?Bridge ppp0 and eth0iptables forwarding between two interfaceBridging eth0 to wlan0How to capture arp table when using network bridging?Route eth0 to wlan0 (using 'route' command)?Accessing eth0 device via device on wlan0eth0-wlan0 brouter bridging IPv6, not forwarding/bridging IPv4, with DHCPv4 client *and* serverQEMU Network bridging for having a public IP
What is this old US Air Force plane?
Segmentation fault when popping x86 stack
Were any of the books mentioned in this scene from the movie Hackers real?
Why does the headset man not get on the tractor?
Can multiple outlets be directly attached to a single breaker?
Why weren't the bells paid heed to in S8E5?
Polynomial division: Is this trick obvious?
is it correct to say "When it started to rain, I was in the open air."
Would life always name the light from their sun "white"
How to describe a building set which is like LEGO without using the "LEGO" word?
Are there any sonatas with only two sections?
Is there any way to adjust the damage type of the Eldritch Blast cantrip so that it does fire damage?
Is Valonqar prophecy unfulfilled?
Why did the soldiers of the North disobey Jon?
What was the ring Varys took off?
Why does lemon juice reduce the "fish" odor of sea food — specifically fish?
Should generated documentation be stored in a Git repository?
Formal Definition of Dot Product
How to cope with regret and shame about not fully utilizing opportunities during PhD?
How might a landlocked lake become a complete ecosystem?
Is this possible when it comes to the relations of P, NP, NP-Hard and NP-Complete?
Is 12 minutes connection in Bristol Temple Meads long enough?
Do not cross the line!
Acronyms in HDD specification
Bridging wlan0 to eth0
Route eth0 to wlan0 (using 'route' command)?How can I 'link' one ethernet Network with a Wireless Network? (Linux)how to forward wlan0 to eth0?Linux command line best practices and tips?Bridge ppp0 and eth0iptables forwarding between two interfaceBridging eth0 to wlan0How to capture arp table when using network bridging?Route eth0 to wlan0 (using 'route' command)?Accessing eth0 device via device on wlan0eth0-wlan0 brouter bridging IPv6, not forwarding/bridging IPv4, with DHCPv4 client *and* serverQEMU Network bridging for having a public IP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
On Arch Linux, I would like to have eth0 (connected to bridged router) share the connection received from wlan0, I've read tutorials but I'm not command savvy as other users are and don't completely understand.
linux networking router bridge wlan
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
add a comment |
On Arch Linux, I would like to have eth0 (connected to bridged router) share the connection received from wlan0, I've read tutorials but I'm not command savvy as other users are and don't completely understand.
linux networking router bridge wlan
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
7
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
1
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
12
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
4
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06
add a comment |
On Arch Linux, I would like to have eth0 (connected to bridged router) share the connection received from wlan0, I've read tutorials but I'm not command savvy as other users are and don't completely understand.
linux networking router bridge wlan
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
On Arch Linux, I would like to have eth0 (connected to bridged router) share the connection received from wlan0, I've read tutorials but I'm not command savvy as other users are and don't completely understand.
linux networking router bridge wlan
linux networking router bridge wlan
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
edited Apr 21 '17 at 2:52
Duncan X Simpson
265420
265420
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
asked Jun 18 '10 at 3:44
dbdii407dbdii407
223127
223127
7
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
1
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
12
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
4
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06
add a comment |
7
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
1
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
12
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
4
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06
7
7
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
1
1
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
12
12
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
4
4
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06
add a comment |
6 Answers
6
active
oldest
votes
UPDATE
It is not possible to bridge between wireless (client a.k.a. station mode) and wired interfaces according to this thread on linux-ath5k-devel.
Setup NAT
One should set up NAT instead:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Assigning an IP
Then you have to assign IP addresses to yourself:
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Install dhcp daemon
Install a dhcp server and add the following text to its config file (in /etc/dhcpd.conf or something similar)
subnet 10.0.0.0 netmask 255.255.255.0
range 10.0.0.100 10.0.0.120;
option routers 10.0.0.1;
option domain-name-servers the-ip-address-you-have-in-etc-resolv.conf;
Start dhcpd
Then start it /etc/init.d/dhcpd start
And that's it!
Only read below if you are interested in the non-working bridging setup
brctl addbr mybridge
brctl addif mybridge eth0
brctl addif mybridge wlan0
First you create a bridge interface I choose an arbitrary name mybridge then add intefaces to it.
You should request a new ip address (This is needed only if you want to get a valid IP for the bridging device itself):
dhclient -d mybridge
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
|
show 11 more comments
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can show bridges using:
# brctl show
answered Nov 13 '13 at 10:48
amizedamized
35123
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
@hakre The4addrmode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.
– David Schwartz
Apr 21 '17 at 8:42
1
4addrdoes require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)
– nhed
Apr 17 '18 at 16:15
add a comment |
Depends on how mean the AP is to you:
1) It might only want to see packets coming from you, with your known link layer address (and hence not of bridged packets)
2) It might actually be even smarter, and know which IP address should belong to which link layer address (cause it knows DHCP and inspects it)
If 1+2 are both true, you need indeed something like IP NAT, DHCP, ..
But if only 1) is the case, you can fake the link-layer address, and reverse map it onto the right one in the other direction as described here:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
# can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can check with:
# brctl show
It might not work if iw itself reports an error, like "command failed: Operation not supported (-95)" (seen on Raspbian). Not all drivers implement the feature, apparently.
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved withiptablesorroute, but I'm not savvy enough with those tools to know how to fix the issue.
– RoraΖ
Jun 22 '17 at 12:52
add a comment |
4addr as described in other answers is certainly the best way when supported by the adapter/driver, but not all of them does. NAT might work for some things, but getting proper communication both ways on the lan will become problematic (ex. connecting a printer or accessing other IoT devices on the other side of the NAT). Anything relying on broadcast/multicast (ex. auto-discovery, bonjour) will fail through the NAT.
The alternative is using an ARP Proxy (parprouted) as described in https://wiki.debian.org/BridgeNetworkConnectionsProxyArp. I've set this up on a Raspberry Pi for a printer and it works like a charm (I have added a 10 second sleep in the post-up commands to let it get an IP address first, it might have to do with the slowness of my old RPi...)
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
add a comment |
Bridge wlan and 4addr:
Bridging wlan0 is a pain. You normally cannot add it to a bridge interface (brctl returns "Operation not permitted"), and using VirtualBox "bridged" filter results in a big mess of ARP and DHCP conflicts. The cause of this is that 802.11 frames contain only three addresses by default: the MAC addresses of both wireless devices (laptop and AP) and of the final recipient (as in Ethernet). It is always assumed that there is only one possible originator.
802.11 can carry the fourth, originator's MAC address, and this is used in WDS mode by repeaters. This feature can be enabled on Linux too, using iw, and enabling this mode will allow wlan0 to be used in bridge interfaces, as well as with VirtualBox bridged networking:
iw dev wlan0 set 4addr on
However, with 4addr enabled, you're likely to get completely ignored by the AP: association succeeds but all data frames disappear into the ether. This could be for security reasons (because it's damn hard to spoof the source MAC address. Yeah.) In my router (running OpenRG), it's necessary to enable "WDS" mode for the wireless AP interface, add a WDS device restricted to my laptop's MAC address, and add it to the LAN bridge. 4addr packets now work.
There's another problem with this, though – the router now rejects three-address packets from the laptop, which can be rather inconvenient (having to toggle 4addr every time the WLAN network is changed). The workaround is to add, on the laptop, a second wireless interface linked to the same device, but with a different MAC address. First undo the earlier configuration:
iw dev wlan0 set 4addr off
Then, add a second interface – the name was chosen arbitrarily – with a different MAC address:
iw dev wlan0 interface add wds.wlan0 type managed 4addr on
ip link set dev wds.wlan0 addr <addr>
ip link set dev wds.wlan0 up
Here must match the WDS device address configured in the router; other than that, it can be any valid MAC address. The original MAC of wlan0 then remains for "normal" usage.
It's possible to use both wlan0 and wds.wlan0 at the same time – although I've only tested associating to the same AP twice, not to different APs. I'm guessing they would need to at least be on the same channel.
Some people have asked why use this when VirtualBox can bridge WiFi "just fine". The answer is that VirtualBox does not send the virtual machines' MAC addresses; rather, it performs NAT at the MAC layer too. – 2014-08-22
Direct wlan bridge
Under certain circumstances, you could also use wlan_kabel. It uses packet sockets to directly bridge wlan*-devices with ethernet devices. However, you can only bridge one single MAC at a time with wlan_kabel. It doesn't have the drawback of being barred by access points, because only the original MAC of the wlan device is used. In your case this would mean, that wlan0 could only be used by one VM and not even by the host. You can get wlan_kabel here. This is similar to the macvlans solution.
Bridging with ipvlan
IP Vlan does not have the limitation of a bridge it could be used to bridge a network details on how to use it can be found here
Masquerade alternative
Linux routing can be used instead with iptables-masquerade and ip_forward to achieve a bridge but as mentioned this require to enable ip_forward and will make linux act like a router this need to be setup carefully because it could introduce some security concern.
# bridge setup
brctl addbr br0
ifconfig br0 10.10.20.1/24 up
# enable ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# netfilter network address translation
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.20.0/24 -j MASQUERADE
The interface br0 will then have access to the wlan0 network
Important and related
Also, and very important, you should not use obsolete, deprecated commands like ifconfig, brctl, and so on. The iproute2 suite contains commands for all of this, including setting up virtual interfaces (something for which we once had to use openvpn) and creating bridges. If you do not know how to set up a bridge with ip, here we go
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set eth0 master br0
ip addr add 10.173.10.1/24 dev br0
ip link set br0 up
With this set of commands, we create a virtual interface called tap0, then a bridge called br0, then enslave eth0 and tap0 to the bridge, to which we assign an IP address of 10.173.10.1, then bring it all up. The three separate instances of bringing the interfaces up (for tap0, eth0, and br0) are required.
The trick to make this work is to use proxy.arp, which allows your pc (not your VM/Linux container/network namespace) to answer ARP queries in their stead.
In other words, by using IPv4 forwarding between your hardware interface and your virtual interface, you think you can connect your VM/LXC/NNS to your LAN as if it were a physical interface, but this is not true: you are forgetting the absolutely fundamental ARP traffic, which is what truly allows LAN to operate. So, the problem is: if I correctly forward IPv4 traffic, how can I also forward ARP traffic, so that my VM/LXC/NNS work? The trick is to use proxy-arp.
The full answer to that is in Bohdi Zazen's Blog, with the revealing title: Bridge wireless cards. He uses an obsolete package, uml-utilities, to create a virtual interface by means of the command tunctl: this is the only command for which he uses uml-utilities, so that you can safely neglect downloading the package, and use the command I wrote above to create a tap or tun interface, whichever you like, just modify the command accordingly. then create a veth pair for your LXC, and now create a bridge between tap0 and veth0. This bridge, called br0, is what you must proxy-arp for, instead of the simple tap0 interface described by Bohdi Zazen.
Sources: askubuntu.com, nullroute.eu.org, firejail.wordpress.com, superuser.com
answered May 3 at 12:31
intikaintika
1013
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f152363%2fbridging-wlan0-to-eth0%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
UPDATE
It is not possible to bridge between wireless (client a.k.a. station mode) and wired interfaces according to this thread on linux-ath5k-devel.
Setup NAT
One should set up NAT instead:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Assigning an IP
Then you have to assign IP addresses to yourself:
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Install dhcp daemon
Install a dhcp server and add the following text to its config file (in /etc/dhcpd.conf or something similar)
subnet 10.0.0.0 netmask 255.255.255.0
range 10.0.0.100 10.0.0.120;
option routers 10.0.0.1;
option domain-name-servers the-ip-address-you-have-in-etc-resolv.conf;
Start dhcpd
Then start it /etc/init.d/dhcpd start
And that's it!
Only read below if you are interested in the non-working bridging setup
brctl addbr mybridge
brctl addif mybridge eth0
brctl addif mybridge wlan0
First you create a bridge interface I choose an arbitrary name mybridge then add intefaces to it.
You should request a new ip address (This is needed only if you want to get a valid IP for the bridging device itself):
dhclient -d mybridge
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
|
show 11 more comments
UPDATE
It is not possible to bridge between wireless (client a.k.a. station mode) and wired interfaces according to this thread on linux-ath5k-devel.
Setup NAT
One should set up NAT instead:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Assigning an IP
Then you have to assign IP addresses to yourself:
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Install dhcp daemon
Install a dhcp server and add the following text to its config file (in /etc/dhcpd.conf or something similar)
subnet 10.0.0.0 netmask 255.255.255.0
range 10.0.0.100 10.0.0.120;
option routers 10.0.0.1;
option domain-name-servers the-ip-address-you-have-in-etc-resolv.conf;
Start dhcpd
Then start it /etc/init.d/dhcpd start
And that's it!
Only read below if you are interested in the non-working bridging setup
brctl addbr mybridge
brctl addif mybridge eth0
brctl addif mybridge wlan0
First you create a bridge interface I choose an arbitrary name mybridge then add intefaces to it.
You should request a new ip address (This is needed only if you want to get a valid IP for the bridging device itself):
dhclient -d mybridge
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
|
show 11 more comments
UPDATE
It is not possible to bridge between wireless (client a.k.a. station mode) and wired interfaces according to this thread on linux-ath5k-devel.
Setup NAT
One should set up NAT instead:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Assigning an IP
Then you have to assign IP addresses to yourself:
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Install dhcp daemon
Install a dhcp server and add the following text to its config file (in /etc/dhcpd.conf or something similar)
subnet 10.0.0.0 netmask 255.255.255.0
range 10.0.0.100 10.0.0.120;
option routers 10.0.0.1;
option domain-name-servers the-ip-address-you-have-in-etc-resolv.conf;
Start dhcpd
Then start it /etc/init.d/dhcpd start
And that's it!
Only read below if you are interested in the non-working bridging setup
brctl addbr mybridge
brctl addif mybridge eth0
brctl addif mybridge wlan0
First you create a bridge interface I choose an arbitrary name mybridge then add intefaces to it.
You should request a new ip address (This is needed only if you want to get a valid IP for the bridging device itself):
dhclient -d mybridge
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
UPDATE
It is not possible to bridge between wireless (client a.k.a. station mode) and wired interfaces according to this thread on linux-ath5k-devel.
Setup NAT
One should set up NAT instead:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Assigning an IP
Then you have to assign IP addresses to yourself:
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Install dhcp daemon
Install a dhcp server and add the following text to its config file (in /etc/dhcpd.conf or something similar)
subnet 10.0.0.0 netmask 255.255.255.0
range 10.0.0.100 10.0.0.120;
option routers 10.0.0.1;
option domain-name-servers the-ip-address-you-have-in-etc-resolv.conf;
Start dhcpd
Then start it /etc/init.d/dhcpd start
And that's it!
Only read below if you are interested in the non-working bridging setup
brctl addbr mybridge
brctl addif mybridge eth0
brctl addif mybridge wlan0
First you create a bridge interface I choose an arbitrary name mybridge then add intefaces to it.
You should request a new ip address (This is needed only if you want to get a valid IP for the bridging device itself):
dhclient -d mybridge
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
edited Aug 14 '16 at 10:39
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
answered Jun 18 '10 at 9:44
cstamascstamas
5,9041739
5,9041739
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
|
show 11 more comments
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
3
3
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
You don't actually need an IP address for the bridge interface for the bridging to work.
– Massimo
Jun 18 '10 at 10:25
7
7
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
can't add wlan0 to bridge mybridge: Operation not supported
– dbdii407
Jun 18 '10 at 13:21
1
1
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
@Massimo: yes that is true. The valid IP is needed to acccess the net from the "bridging device".
– cstamas
Jun 18 '10 at 17:27
9
9
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
NAT is something completely different from bridging. Bridging is layer two, NAT is layer three, and IPv4-specific. I don't understand why this is an accepted answer.
– WhyNotHugo
Oct 3 '14 at 8:38
2
2
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
@Hugo IP NAT is layer 3, but MAC NAT is layer 2. For WiFi bridging, you can use 4addr, WDS, MAC NAT or you can do something at layer 3 (such as IP NAT) instead.
– David Schwartz
Apr 21 '17 at 8:44
|
show 11 more comments
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can show bridges using:
# brctl show
answered Nov 13 '13 at 10:48
amizedamized
35123
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
@hakre The4addrmode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.
– David Schwartz
Apr 21 '17 at 8:42
1
4addrdoes require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)
– nhed
Apr 17 '18 at 16:15
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can show bridges using:
# brctl show
answered Nov 13 '13 at 10:48
amizedamized
35123
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
@hakre The4addrmode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.
– David Schwartz
Apr 21 '17 at 8:42
1
4addrdoes require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)
– nhed
Apr 17 '18 at 16:15
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can show bridges using:
# brctl show
answered Nov 13 '13 at 10:48
amizedamized
35123
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can show bridges using:
# brctl show
answered Nov 13 '13 at 10:48
amizedamized
35123
answered Nov 13 '13 at 10:48
amizedamized
35123
answered Nov 13 '13 at 10:48
amizedamized
35123
answered Nov 13 '13 at 10:48
amizedamized
35123
35123
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
@hakre The4addrmode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.
– David Schwartz
Apr 21 '17 at 8:42
1
4addrdoes require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)
– nhed
Apr 17 '18 at 16:15
add a comment |
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
@hakre The4addrmode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.
– David Schwartz
Apr 21 '17 at 8:42
1
4addrdoes require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)
– nhed
Apr 17 '18 at 16:15
2
2
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
What is this setting for and why do you specifically suggest to use it in this scenario?
– hakre
Jun 19 '16 at 17:07
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
This is a solution for "Operation not permited" error when trying to add wlan0 interface to the bridge interface. After that you have to specify the bridge interface in /etc/network/interfaces in order to be bringed up after startup.
– Str82DHeaD
Oct 19 '16 at 12:45
1
1
@hakre The
4addr mode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.– David Schwartz
Apr 21 '17 at 8:42
@hakre The
4addr mode make WiFi behave enough like wired Ethernet that bridging will work. Without it, bridging will not work without NAT.– David Schwartz
Apr 21 '17 at 8:42
1
1
4addr does require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)– nhed
Apr 17 '18 at 16:15
4addr does require that both sides of a wireless link support it (presuming you are trying to implement a wifi extender)– nhed
Apr 17 '18 at 16:15
add a comment |
Depends on how mean the AP is to you:
1) It might only want to see packets coming from you, with your known link layer address (and hence not of bridged packets)
2) It might actually be even smarter, and know which IP address should belong to which link layer address (cause it knows DHCP and inspects it)
If 1+2 are both true, you need indeed something like IP NAT, DHCP, ..
But if only 1) is the case, you can fake the link-layer address, and reverse map it onto the right one in the other direction as described here:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
add a comment |
Depends on how mean the AP is to you:
1) It might only want to see packets coming from you, with your known link layer address (and hence not of bridged packets)
2) It might actually be even smarter, and know which IP address should belong to which link layer address (cause it knows DHCP and inspects it)
If 1+2 are both true, you need indeed something like IP NAT, DHCP, ..
But if only 1) is the case, you can fake the link-layer address, and reverse map it onto the right one in the other direction as described here:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
add a comment |
Depends on how mean the AP is to you:
1) It might only want to see packets coming from you, with your known link layer address (and hence not of bridged packets)
2) It might actually be even smarter, and know which IP address should belong to which link layer address (cause it knows DHCP and inspects it)
If 1+2 are both true, you need indeed something like IP NAT, DHCP, ..
But if only 1) is the case, you can fake the link-layer address, and reverse map it onto the right one in the other direction as described here:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
Depends on how mean the AP is to you:
1) It might only want to see packets coming from you, with your known link layer address (and hence not of bridged packets)
2) It might actually be even smarter, and know which IP address should belong to which link layer address (cause it knows DHCP and inspects it)
If 1+2 are both true, you need indeed something like IP NAT, DHCP, ..
But if only 1) is the case, you can fake the link-layer address, and reverse map it onto the right one in the other direction as described here:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
answered Apr 15 '15 at 12:53
ArnoutArnout
16114
16114
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
add a comment |
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
This is really messy. And it requires extra setup every time you add a new computer.
– Michael Hampton♦
Apr 15 '15 at 14:49
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
# can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can check with:
# brctl show
It might not work if iw itself reports an error, like "command failed: Operation not supported (-95)" (seen on Raspbian). Not all drivers implement the feature, apparently.
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved withiptablesorroute, but I'm not savvy enough with those tools to know how to fix the issue.
– RoraΖ
Jun 22 '17 at 12:52
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
# can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can check with:
# brctl show
It might not work if iw itself reports an error, like "command failed: Operation not supported (-95)" (seen on Raspbian). Not all drivers implement the feature, apparently.
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved withiptablesorroute, but I'm not savvy enough with those tools to know how to fix the issue.
– RoraΖ
Jun 22 '17 at 12:52
add a comment |
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
# can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can check with:
# brctl show
It might not work if iw itself reports an error, like "command failed: Operation not supported (-95)" (seen on Raspbian). Not all drivers implement the feature, apparently.
To bridge wifi interface you may use iw tool to enable 4addr likewise:
# iw dev <wifiInterface> set 4addr on
ie:
# brctl addif <bridgename> <wifiInterface>
# can't add <wifiInterface> to bridge <bridgename>: Operation not supported
# iw dev <wifiInterface> set 4addr on
# brctl addif <bridgename> <wifiInterface>
Now it should work. You can check with:
# brctl show
It might not work if iw itself reports an error, like "command failed: Operation not supported (-95)" (seen on Raspbian). Not all drivers implement the feature, apparently.
edited Dec 18 '16 at 12:47
community wiki
2 revs, 2 users 97%
xpixelz
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved withiptablesorroute, but I'm not savvy enough with those tools to know how to fix the issue.
– RoraΖ
Jun 22 '17 at 12:52
add a comment |
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved withiptablesorroute, but I'm not savvy enough with those tools to know how to fix the issue.
– RoraΖ
Jun 22 '17 at 12:52
1
1
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved with
iptables or route, but I'm not savvy enough with those tools to know how to fix the issue.– RoraΖ
Jun 22 '17 at 12:52
While this does allow you to a wifi interface to a bridge it will also break the connectivity to that wifi interface. I think this could be resolved with
iptables or route, but I'm not savvy enough with those tools to know how to fix the issue.– RoraΖ
Jun 22 '17 at 12:52
add a comment |
4addr as described in other answers is certainly the best way when supported by the adapter/driver, but not all of them does. NAT might work for some things, but getting proper communication both ways on the lan will become problematic (ex. connecting a printer or accessing other IoT devices on the other side of the NAT). Anything relying on broadcast/multicast (ex. auto-discovery, bonjour) will fail through the NAT.
The alternative is using an ARP Proxy (parprouted) as described in https://wiki.debian.org/BridgeNetworkConnectionsProxyArp. I've set this up on a Raspberry Pi for a printer and it works like a charm (I have added a 10 second sleep in the post-up commands to let it get an IP address first, it might have to do with the slowness of my old RPi...)
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
add a comment |
4addr as described in other answers is certainly the best way when supported by the adapter/driver, but not all of them does. NAT might work for some things, but getting proper communication both ways on the lan will become problematic (ex. connecting a printer or accessing other IoT devices on the other side of the NAT). Anything relying on broadcast/multicast (ex. auto-discovery, bonjour) will fail through the NAT.
The alternative is using an ARP Proxy (parprouted) as described in https://wiki.debian.org/BridgeNetworkConnectionsProxyArp. I've set this up on a Raspberry Pi for a printer and it works like a charm (I have added a 10 second sleep in the post-up commands to let it get an IP address first, it might have to do with the slowness of my old RPi...)
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
add a comment |
4addr as described in other answers is certainly the best way when supported by the adapter/driver, but not all of them does. NAT might work for some things, but getting proper communication both ways on the lan will become problematic (ex. connecting a printer or accessing other IoT devices on the other side of the NAT). Anything relying on broadcast/multicast (ex. auto-discovery, bonjour) will fail through the NAT.
The alternative is using an ARP Proxy (parprouted) as described in https://wiki.debian.org/BridgeNetworkConnectionsProxyArp. I've set this up on a Raspberry Pi for a printer and it works like a charm (I have added a 10 second sleep in the post-up commands to let it get an IP address first, it might have to do with the slowness of my old RPi...)
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
4addr as described in other answers is certainly the best way when supported by the adapter/driver, but not all of them does. NAT might work for some things, but getting proper communication both ways on the lan will become problematic (ex. connecting a printer or accessing other IoT devices on the other side of the NAT). Anything relying on broadcast/multicast (ex. auto-discovery, bonjour) will fail through the NAT.
The alternative is using an ARP Proxy (parprouted) as described in https://wiki.debian.org/BridgeNetworkConnectionsProxyArp. I've set this up on a Raspberry Pi for a printer and it works like a charm (I have added a 10 second sleep in the post-up commands to let it get an IP address first, it might have to do with the slowness of my old RPi...)
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
answered Jul 20 '17 at 12:16
Thomas Guyot-SionnestThomas Guyot-Sionnest
32114
32114
add a comment |
add a comment |
Bridge wlan and 4addr:
Bridging wlan0 is a pain. You normally cannot add it to a bridge interface (brctl returns "Operation not permitted"), and using VirtualBox "bridged" filter results in a big mess of ARP and DHCP conflicts. The cause of this is that 802.11 frames contain only three addresses by default: the MAC addresses of both wireless devices (laptop and AP) and of the final recipient (as in Ethernet). It is always assumed that there is only one possible originator.
802.11 can carry the fourth, originator's MAC address, and this is used in WDS mode by repeaters. This feature can be enabled on Linux too, using iw, and enabling this mode will allow wlan0 to be used in bridge interfaces, as well as with VirtualBox bridged networking:
iw dev wlan0 set 4addr on
However, with 4addr enabled, you're likely to get completely ignored by the AP: association succeeds but all data frames disappear into the ether. This could be for security reasons (because it's damn hard to spoof the source MAC address. Yeah.) In my router (running OpenRG), it's necessary to enable "WDS" mode for the wireless AP interface, add a WDS device restricted to my laptop's MAC address, and add it to the LAN bridge. 4addr packets now work.
There's another problem with this, though – the router now rejects three-address packets from the laptop, which can be rather inconvenient (having to toggle 4addr every time the WLAN network is changed). The workaround is to add, on the laptop, a second wireless interface linked to the same device, but with a different MAC address. First undo the earlier configuration:
iw dev wlan0 set 4addr off
Then, add a second interface – the name was chosen arbitrarily – with a different MAC address:
iw dev wlan0 interface add wds.wlan0 type managed 4addr on
ip link set dev wds.wlan0 addr <addr>
ip link set dev wds.wlan0 up
Here must match the WDS device address configured in the router; other than that, it can be any valid MAC address. The original MAC of wlan0 then remains for "normal" usage.
It's possible to use both wlan0 and wds.wlan0 at the same time – although I've only tested associating to the same AP twice, not to different APs. I'm guessing they would need to at least be on the same channel.
Some people have asked why use this when VirtualBox can bridge WiFi "just fine". The answer is that VirtualBox does not send the virtual machines' MAC addresses; rather, it performs NAT at the MAC layer too. – 2014-08-22
Direct wlan bridge
Under certain circumstances, you could also use wlan_kabel. It uses packet sockets to directly bridge wlan*-devices with ethernet devices. However, you can only bridge one single MAC at a time with wlan_kabel. It doesn't have the drawback of being barred by access points, because only the original MAC of the wlan device is used. In your case this would mean, that wlan0 could only be used by one VM and not even by the host. You can get wlan_kabel here. This is similar to the macvlans solution.
Bridging with ipvlan
IP Vlan does not have the limitation of a bridge it could be used to bridge a network details on how to use it can be found here
Masquerade alternative
Linux routing can be used instead with iptables-masquerade and ip_forward to achieve a bridge but as mentioned this require to enable ip_forward and will make linux act like a router this need to be setup carefully because it could introduce some security concern.
# bridge setup
brctl addbr br0
ifconfig br0 10.10.20.1/24 up
# enable ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# netfilter network address translation
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.20.0/24 -j MASQUERADE
The interface br0 will then have access to the wlan0 network
Important and related
Also, and very important, you should not use obsolete, deprecated commands like ifconfig, brctl, and so on. The iproute2 suite contains commands for all of this, including setting up virtual interfaces (something for which we once had to use openvpn) and creating bridges. If you do not know how to set up a bridge with ip, here we go
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set eth0 master br0
ip addr add 10.173.10.1/24 dev br0
ip link set br0 up
With this set of commands, we create a virtual interface called tap0, then a bridge called br0, then enslave eth0 and tap0 to the bridge, to which we assign an IP address of 10.173.10.1, then bring it all up. The three separate instances of bringing the interfaces up (for tap0, eth0, and br0) are required.
The trick to make this work is to use proxy.arp, which allows your pc (not your VM/Linux container/network namespace) to answer ARP queries in their stead.
In other words, by using IPv4 forwarding between your hardware interface and your virtual interface, you think you can connect your VM/LXC/NNS to your LAN as if it were a physical interface, but this is not true: you are forgetting the absolutely fundamental ARP traffic, which is what truly allows LAN to operate. So, the problem is: if I correctly forward IPv4 traffic, how can I also forward ARP traffic, so that my VM/LXC/NNS work? The trick is to use proxy-arp.
The full answer to that is in Bohdi Zazen's Blog, with the revealing title: Bridge wireless cards. He uses an obsolete package, uml-utilities, to create a virtual interface by means of the command tunctl: this is the only command for which he uses uml-utilities, so that you can safely neglect downloading the package, and use the command I wrote above to create a tap or tun interface, whichever you like, just modify the command accordingly. then create a veth pair for your LXC, and now create a bridge between tap0 and veth0. This bridge, called br0, is what you must proxy-arp for, instead of the simple tap0 interface described by Bohdi Zazen.
Sources: askubuntu.com, nullroute.eu.org, firejail.wordpress.com, superuser.com
answered May 3 at 12:31
intikaintika
1013
add a comment |
Bridge wlan and 4addr:
Bridging wlan0 is a pain. You normally cannot add it to a bridge interface (brctl returns "Operation not permitted"), and using VirtualBox "bridged" filter results in a big mess of ARP and DHCP conflicts. The cause of this is that 802.11 frames contain only three addresses by default: the MAC addresses of both wireless devices (laptop and AP) and of the final recipient (as in Ethernet). It is always assumed that there is only one possible originator.
802.11 can carry the fourth, originator's MAC address, and this is used in WDS mode by repeaters. This feature can be enabled on Linux too, using iw, and enabling this mode will allow wlan0 to be used in bridge interfaces, as well as with VirtualBox bridged networking:
iw dev wlan0 set 4addr on
However, with 4addr enabled, you're likely to get completely ignored by the AP: association succeeds but all data frames disappear into the ether. This could be for security reasons (because it's damn hard to spoof the source MAC address. Yeah.) In my router (running OpenRG), it's necessary to enable "WDS" mode for the wireless AP interface, add a WDS device restricted to my laptop's MAC address, and add it to the LAN bridge. 4addr packets now work.
There's another problem with this, though – the router now rejects three-address packets from the laptop, which can be rather inconvenient (having to toggle 4addr every time the WLAN network is changed). The workaround is to add, on the laptop, a second wireless interface linked to the same device, but with a different MAC address. First undo the earlier configuration:
iw dev wlan0 set 4addr off
Then, add a second interface – the name was chosen arbitrarily – with a different MAC address:
iw dev wlan0 interface add wds.wlan0 type managed 4addr on
ip link set dev wds.wlan0 addr <addr>
ip link set dev wds.wlan0 up
Here must match the WDS device address configured in the router; other than that, it can be any valid MAC address. The original MAC of wlan0 then remains for "normal" usage.
It's possible to use both wlan0 and wds.wlan0 at the same time – although I've only tested associating to the same AP twice, not to different APs. I'm guessing they would need to at least be on the same channel.
Some people have asked why use this when VirtualBox can bridge WiFi "just fine". The answer is that VirtualBox does not send the virtual machines' MAC addresses; rather, it performs NAT at the MAC layer too. – 2014-08-22
Direct wlan bridge
Under certain circumstances, you could also use wlan_kabel. It uses packet sockets to directly bridge wlan*-devices with ethernet devices. However, you can only bridge one single MAC at a time with wlan_kabel. It doesn't have the drawback of being barred by access points, because only the original MAC of the wlan device is used. In your case this would mean, that wlan0 could only be used by one VM and not even by the host. You can get wlan_kabel here. This is similar to the macvlans solution.
Bridging with ipvlan
IP Vlan does not have the limitation of a bridge it could be used to bridge a network details on how to use it can be found here
Masquerade alternative
Linux routing can be used instead with iptables-masquerade and ip_forward to achieve a bridge but as mentioned this require to enable ip_forward and will make linux act like a router this need to be setup carefully because it could introduce some security concern.
# bridge setup
brctl addbr br0
ifconfig br0 10.10.20.1/24 up
# enable ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# netfilter network address translation
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.20.0/24 -j MASQUERADE
The interface br0 will then have access to the wlan0 network
Important and related
Also, and very important, you should not use obsolete, deprecated commands like ifconfig, brctl, and so on. The iproute2 suite contains commands for all of this, including setting up virtual interfaces (something for which we once had to use openvpn) and creating bridges. If you do not know how to set up a bridge with ip, here we go
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set eth0 master br0
ip addr add 10.173.10.1/24 dev br0
ip link set br0 up
With this set of commands, we create a virtual interface called tap0, then a bridge called br0, then enslave eth0 and tap0 to the bridge, to which we assign an IP address of 10.173.10.1, then bring it all up. The three separate instances of bringing the interfaces up (for tap0, eth0, and br0) are required.
The trick to make this work is to use proxy.arp, which allows your pc (not your VM/Linux container/network namespace) to answer ARP queries in their stead.
In other words, by using IPv4 forwarding between your hardware interface and your virtual interface, you think you can connect your VM/LXC/NNS to your LAN as if it were a physical interface, but this is not true: you are forgetting the absolutely fundamental ARP traffic, which is what truly allows LAN to operate. So, the problem is: if I correctly forward IPv4 traffic, how can I also forward ARP traffic, so that my VM/LXC/NNS work? The trick is to use proxy-arp.
The full answer to that is in Bohdi Zazen's Blog, with the revealing title: Bridge wireless cards. He uses an obsolete package, uml-utilities, to create a virtual interface by means of the command tunctl: this is the only command for which he uses uml-utilities, so that you can safely neglect downloading the package, and use the command I wrote above to create a tap or tun interface, whichever you like, just modify the command accordingly. then create a veth pair for your LXC, and now create a bridge between tap0 and veth0. This bridge, called br0, is what you must proxy-arp for, instead of the simple tap0 interface described by Bohdi Zazen.
Sources: askubuntu.com, nullroute.eu.org, firejail.wordpress.com, superuser.com
answered May 3 at 12:31
intikaintika
1013
add a comment |
Bridge wlan and 4addr:
Bridging wlan0 is a pain. You normally cannot add it to a bridge interface (brctl returns "Operation not permitted"), and using VirtualBox "bridged" filter results in a big mess of ARP and DHCP conflicts. The cause of this is that 802.11 frames contain only three addresses by default: the MAC addresses of both wireless devices (laptop and AP) and of the final recipient (as in Ethernet). It is always assumed that there is only one possible originator.
802.11 can carry the fourth, originator's MAC address, and this is used in WDS mode by repeaters. This feature can be enabled on Linux too, using iw, and enabling this mode will allow wlan0 to be used in bridge interfaces, as well as with VirtualBox bridged networking:
iw dev wlan0 set 4addr on
However, with 4addr enabled, you're likely to get completely ignored by the AP: association succeeds but all data frames disappear into the ether. This could be for security reasons (because it's damn hard to spoof the source MAC address. Yeah.) In my router (running OpenRG), it's necessary to enable "WDS" mode for the wireless AP interface, add a WDS device restricted to my laptop's MAC address, and add it to the LAN bridge. 4addr packets now work.
There's another problem with this, though – the router now rejects three-address packets from the laptop, which can be rather inconvenient (having to toggle 4addr every time the WLAN network is changed). The workaround is to add, on the laptop, a second wireless interface linked to the same device, but with a different MAC address. First undo the earlier configuration:
iw dev wlan0 set 4addr off
Then, add a second interface – the name was chosen arbitrarily – with a different MAC address:
iw dev wlan0 interface add wds.wlan0 type managed 4addr on
ip link set dev wds.wlan0 addr <addr>
ip link set dev wds.wlan0 up
Here must match the WDS device address configured in the router; other than that, it can be any valid MAC address. The original MAC of wlan0 then remains for "normal" usage.
It's possible to use both wlan0 and wds.wlan0 at the same time – although I've only tested associating to the same AP twice, not to different APs. I'm guessing they would need to at least be on the same channel.
Some people have asked why use this when VirtualBox can bridge WiFi "just fine". The answer is that VirtualBox does not send the virtual machines' MAC addresses; rather, it performs NAT at the MAC layer too. – 2014-08-22
Direct wlan bridge
Under certain circumstances, you could also use wlan_kabel. It uses packet sockets to directly bridge wlan*-devices with ethernet devices. However, you can only bridge one single MAC at a time with wlan_kabel. It doesn't have the drawback of being barred by access points, because only the original MAC of the wlan device is used. In your case this would mean, that wlan0 could only be used by one VM and not even by the host. You can get wlan_kabel here. This is similar to the macvlans solution.
Bridging with ipvlan
IP Vlan does not have the limitation of a bridge it could be used to bridge a network details on how to use it can be found here
Masquerade alternative
Linux routing can be used instead with iptables-masquerade and ip_forward to achieve a bridge but as mentioned this require to enable ip_forward and will make linux act like a router this need to be setup carefully because it could introduce some security concern.
# bridge setup
brctl addbr br0
ifconfig br0 10.10.20.1/24 up
# enable ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# netfilter network address translation
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.20.0/24 -j MASQUERADE
The interface br0 will then have access to the wlan0 network
Important and related
Also, and very important, you should not use obsolete, deprecated commands like ifconfig, brctl, and so on. The iproute2 suite contains commands for all of this, including setting up virtual interfaces (something for which we once had to use openvpn) and creating bridges. If you do not know how to set up a bridge with ip, here we go
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set eth0 master br0
ip addr add 10.173.10.1/24 dev br0
ip link set br0 up
With this set of commands, we create a virtual interface called tap0, then a bridge called br0, then enslave eth0 and tap0 to the bridge, to which we assign an IP address of 10.173.10.1, then bring it all up. The three separate instances of bringing the interfaces up (for tap0, eth0, and br0) are required.
The trick to make this work is to use proxy.arp, which allows your pc (not your VM/Linux container/network namespace) to answer ARP queries in their stead.
In other words, by using IPv4 forwarding between your hardware interface and your virtual interface, you think you can connect your VM/LXC/NNS to your LAN as if it were a physical interface, but this is not true: you are forgetting the absolutely fundamental ARP traffic, which is what truly allows LAN to operate. So, the problem is: if I correctly forward IPv4 traffic, how can I also forward ARP traffic, so that my VM/LXC/NNS work? The trick is to use proxy-arp.
The full answer to that is in Bohdi Zazen's Blog, with the revealing title: Bridge wireless cards. He uses an obsolete package, uml-utilities, to create a virtual interface by means of the command tunctl: this is the only command for which he uses uml-utilities, so that you can safely neglect downloading the package, and use the command I wrote above to create a tap or tun interface, whichever you like, just modify the command accordingly. then create a veth pair for your LXC, and now create a bridge between tap0 and veth0. This bridge, called br0, is what you must proxy-arp for, instead of the simple tap0 interface described by Bohdi Zazen.
Sources: askubuntu.com, nullroute.eu.org, firejail.wordpress.com, superuser.com
answered May 3 at 12:31
intikaintika
1013
Bridge wlan and 4addr:
Bridging wlan0 is a pain. You normally cannot add it to a bridge interface (brctl returns "Operation not permitted"), and using VirtualBox "bridged" filter results in a big mess of ARP and DHCP conflicts. The cause of this is that 802.11 frames contain only three addresses by default: the MAC addresses of both wireless devices (laptop and AP) and of the final recipient (as in Ethernet). It is always assumed that there is only one possible originator.
802.11 can carry the fourth, originator's MAC address, and this is used in WDS mode by repeaters. This feature can be enabled on Linux too, using iw, and enabling this mode will allow wlan0 to be used in bridge interfaces, as well as with VirtualBox bridged networking:
iw dev wlan0 set 4addr on
However, with 4addr enabled, you're likely to get completely ignored by the AP: association succeeds but all data frames disappear into the ether. This could be for security reasons (because it's damn hard to spoof the source MAC address. Yeah.) In my router (running OpenRG), it's necessary to enable "WDS" mode for the wireless AP interface, add a WDS device restricted to my laptop's MAC address, and add it to the LAN bridge. 4addr packets now work.
There's another problem with this, though – the router now rejects three-address packets from the laptop, which can be rather inconvenient (having to toggle 4addr every time the WLAN network is changed). The workaround is to add, on the laptop, a second wireless interface linked to the same device, but with a different MAC address. First undo the earlier configuration:
iw dev wlan0 set 4addr off
Then, add a second interface – the name was chosen arbitrarily – with a different MAC address:
iw dev wlan0 interface add wds.wlan0 type managed 4addr on
ip link set dev wds.wlan0 addr <addr>
ip link set dev wds.wlan0 up
Here must match the WDS device address configured in the router; other than that, it can be any valid MAC address. The original MAC of wlan0 then remains for "normal" usage.
It's possible to use both wlan0 and wds.wlan0 at the same time – although I've only tested associating to the same AP twice, not to different APs. I'm guessing they would need to at least be on the same channel.
Some people have asked why use this when VirtualBox can bridge WiFi "just fine". The answer is that VirtualBox does not send the virtual machines' MAC addresses; rather, it performs NAT at the MAC layer too. – 2014-08-22
Direct wlan bridge
Under certain circumstances, you could also use wlan_kabel. It uses packet sockets to directly bridge wlan*-devices with ethernet devices. However, you can only bridge one single MAC at a time with wlan_kabel. It doesn't have the drawback of being barred by access points, because only the original MAC of the wlan device is used. In your case this would mean, that wlan0 could only be used by one VM and not even by the host. You can get wlan_kabel here. This is similar to the macvlans solution.
Bridging with ipvlan
IP Vlan does not have the limitation of a bridge it could be used to bridge a network details on how to use it can be found here
Masquerade alternative
Linux routing can be used instead with iptables-masquerade and ip_forward to achieve a bridge but as mentioned this require to enable ip_forward and will make linux act like a router this need to be setup carefully because it could introduce some security concern.
# bridge setup
brctl addbr br0
ifconfig br0 10.10.20.1/24 up
# enable ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# netfilter network address translation
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.20.0/24 -j MASQUERADE
The interface br0 will then have access to the wlan0 network
Important and related
Also, and very important, you should not use obsolete, deprecated commands like ifconfig, brctl, and so on. The iproute2 suite contains commands for all of this, including setting up virtual interfaces (something for which we once had to use openvpn) and creating bridges. If you do not know how to set up a bridge with ip, here we go
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set eth0 master br0
ip addr add 10.173.10.1/24 dev br0
ip link set br0 up
With this set of commands, we create a virtual interface called tap0, then a bridge called br0, then enslave eth0 and tap0 to the bridge, to which we assign an IP address of 10.173.10.1, then bring it all up. The three separate instances of bringing the interfaces up (for tap0, eth0, and br0) are required.
The trick to make this work is to use proxy.arp, which allows your pc (not your VM/Linux container/network namespace) to answer ARP queries in their stead.
In other words, by using IPv4 forwarding between your hardware interface and your virtual interface, you think you can connect your VM/LXC/NNS to your LAN as if it were a physical interface, but this is not true: you are forgetting the absolutely fundamental ARP traffic, which is what truly allows LAN to operate. So, the problem is: if I correctly forward IPv4 traffic, how can I also forward ARP traffic, so that my VM/LXC/NNS work? The trick is to use proxy-arp.
The full answer to that is in Bohdi Zazen's Blog, with the revealing title: Bridge wireless cards. He uses an obsolete package, uml-utilities, to create a virtual interface by means of the command tunctl: this is the only command for which he uses uml-utilities, so that you can safely neglect downloading the package, and use the command I wrote above to create a tap or tun interface, whichever you like, just modify the command accordingly. then create a veth pair for your LXC, and now create a bridge between tap0 and veth0. This bridge, called br0, is what you must proxy-arp for, instead of the simple tap0 interface described by Bohdi Zazen.
Sources: askubuntu.com, nullroute.eu.org, firejail.wordpress.com, superuser.com
answered May 3 at 12:31
intikaintika
1013
edited May 3 at 12:37
answered May 3 at 12:31
intikaintika
1013
answered May 3 at 12:31
intikaintika
1013
answered May 3 at 12:31
intikaintika
1013
1013
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f152363%2fbridging-wlan0-to-eth0%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
7
please do not put '[solved]' in the question or title, accepting an answer is the correct way to show that a problem was solved. It changes the way the question is displayed on the main listing as well as putting the green check mark on the answer you have marked as correct.
– Zypher
Sep 25 '10 at 0:14
1
I'd appreciate it if nobody messed with this page. If you have any problems, contact me. Thank you.
– dbdii407
Sep 25 '10 at 0:26
12
serverfault.com/faq Specifically the heading "Other people can edit my stuff"
– Zypher
Sep 25 '10 at 0:45
@Zypher The URL you link to no longer exists. Has the relevant paragraph moved elsewhere?
– kasperd
Apr 15 '15 at 13:04
4
@kasperd serverfault.com/help/editing
– Zypher
Apr 15 '15 at 13:06