Boombino
February 21st, 2011, 01:39 PM
Hello!
I spent some time trying to bridge wireless interface, working in WPA-protected network and wired ethernet interface on my laptop. I think it would be useful to post here about my experience.
So, we want to bridge wlan0 and eth0. Let's denote bridge interface with ethtowifi. In my case wlan0 is Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection, working through iwlwifi driver. WPA is handled with wpa_supplicant.
To obtain a bridge, we can, as page https://help.ubuntu.com/community/NetworkConnectionBridge instructs us, use this:
ifconfig eth0 0.0.0.0
ifconfig wlan0 0.0.0.0
brctl addbr ethtowifi
brctl addif ethtowifi wlan0 eth0
ifconfig ethtowifi upand it won't work in my case.
Here are the reasons:
1. wlan0 interface won't authenticate to Acces Point (further denoted as AP), because EAPol messages get eaten by ethtowifi.
2. AP will reject ethernet frames with MAC addresses different from those which are stored in its tables. And Linux bridges frames transparently - i. e. it doesn't change MAC adresses in frames, bypassing bridge. So, if I connect a new computer to my laptop through eth0 and want it to communicate with AP - AP will reject.
The second problem is solved with ebtables as described here:
http://wiki.debian.org/BridgeNetworkConnections
The first problem is solved, in my case, by messing with wpa_supplicant. In order to make wpa_supplicant ethtowifi-aware, we have to invoke it with "-b ethtowifi" command line option. But that is not enough. This didn't work for me without
brctl setfd ethtowifi 0 Finally, here is essential part of my /etc/network/interfaces:
auto eth0
iface eth0 inet dhcp
auto wlan0
iface wlan0 inet dhcp
wpa-driver wext
wpa-conf /etc/wpa_supplicant.conf
auto ethtowifi
iface ethtowifi inet dhcp
pre-up ifconfig eth0 down
pre-up ifconfig wlan0 down
pre-up brctl addbr ethtowifi
pre-up brctl setfd ethtowifi 0
pre-up brctl addif ethtowifi wlan0 eth0
pre-up ifconfig eth0 0.0.0.0
pre-up ifconfig wlan0 0.0.0.0
pre-up ifconfig ethtowifi up
pre-up ebtables -t nat -A POSTROUTING -o wlan0 -j snat --to-src MAC_OF_MY_WIRELESS --snat-arp --snat-target ACCEPT
pre-up ebtables -t nat -A PREROUTING -p IPv4 -i wlan0 --ip-dst IP_OF_COMPUTER_BEHIND_eth0 -j dnat --to-dst MAC_OF_COMPUTER_BEHIND_eth0 --dnat-target ACCEPT
pre-up ebtables -t nat -A PREROUTING -p ARP -i wlan0 --arp-ip-dst IP_OF_COMPUTER_BEHIND_eth0 -j dnat --to-dst MAC_OF_COMPUTER_BEHIND_eth0 --dnat-target ACCEPT
pre-up killall wpa_supplicant
pre-up wpa_supplicant -Dwext -c/etc/wpa_supplicant.conf -iwlan0 -b ethtowifi -B
post-down ifconfig ethtowifi down
post-down brctl delif ethtowifi eth0
post-down brctl delif ethtowifi wlan0
post-down brctl delbr ethtowifiAnd it works. But I'm afraid it's ugly. I'd like to receive comments and suggestions on it.
I spent some time trying to bridge wireless interface, working in WPA-protected network and wired ethernet interface on my laptop. I think it would be useful to post here about my experience.
So, we want to bridge wlan0 and eth0. Let's denote bridge interface with ethtowifi. In my case wlan0 is Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection, working through iwlwifi driver. WPA is handled with wpa_supplicant.
To obtain a bridge, we can, as page https://help.ubuntu.com/community/NetworkConnectionBridge instructs us, use this:
ifconfig eth0 0.0.0.0
ifconfig wlan0 0.0.0.0
brctl addbr ethtowifi
brctl addif ethtowifi wlan0 eth0
ifconfig ethtowifi upand it won't work in my case.
Here are the reasons:
1. wlan0 interface won't authenticate to Acces Point (further denoted as AP), because EAPol messages get eaten by ethtowifi.
2. AP will reject ethernet frames with MAC addresses different from those which are stored in its tables. And Linux bridges frames transparently - i. e. it doesn't change MAC adresses in frames, bypassing bridge. So, if I connect a new computer to my laptop through eth0 and want it to communicate with AP - AP will reject.
The second problem is solved with ebtables as described here:
http://wiki.debian.org/BridgeNetworkConnections
The first problem is solved, in my case, by messing with wpa_supplicant. In order to make wpa_supplicant ethtowifi-aware, we have to invoke it with "-b ethtowifi" command line option. But that is not enough. This didn't work for me without
brctl setfd ethtowifi 0 Finally, here is essential part of my /etc/network/interfaces:
auto eth0
iface eth0 inet dhcp
auto wlan0
iface wlan0 inet dhcp
wpa-driver wext
wpa-conf /etc/wpa_supplicant.conf
auto ethtowifi
iface ethtowifi inet dhcp
pre-up ifconfig eth0 down
pre-up ifconfig wlan0 down
pre-up brctl addbr ethtowifi
pre-up brctl setfd ethtowifi 0
pre-up brctl addif ethtowifi wlan0 eth0
pre-up ifconfig eth0 0.0.0.0
pre-up ifconfig wlan0 0.0.0.0
pre-up ifconfig ethtowifi up
pre-up ebtables -t nat -A POSTROUTING -o wlan0 -j snat --to-src MAC_OF_MY_WIRELESS --snat-arp --snat-target ACCEPT
pre-up ebtables -t nat -A PREROUTING -p IPv4 -i wlan0 --ip-dst IP_OF_COMPUTER_BEHIND_eth0 -j dnat --to-dst MAC_OF_COMPUTER_BEHIND_eth0 --dnat-target ACCEPT
pre-up ebtables -t nat -A PREROUTING -p ARP -i wlan0 --arp-ip-dst IP_OF_COMPUTER_BEHIND_eth0 -j dnat --to-dst MAC_OF_COMPUTER_BEHIND_eth0 --dnat-target ACCEPT
pre-up killall wpa_supplicant
pre-up wpa_supplicant -Dwext -c/etc/wpa_supplicant.conf -iwlan0 -b ethtowifi -B
post-down ifconfig ethtowifi down
post-down brctl delif ethtowifi eth0
post-down brctl delif ethtowifi wlan0
post-down brctl delbr ethtowifiAnd it works. But I'm afraid it's ugly. I'd like to receive comments and suggestions on it.