Make a simple Ethernet bridge with Host AP and one other network interface.
So far, we have seen how to set up your Host AP machine as a routed or NAT’d network appliance. But what if you want to bridge directly to your Ethernet network or another wireless card?
Bridging is very straightforward to implement. You need a copy of the bridge utilities from http://bridge.sourceforge.net/, as well as a kernel with 802.1d Ethernet bridging enabled. The basic procedure for configuring a bridge is to remove any existing IP configuration on the devices you want to bridge, then create a logical bridge device with the interfaces you want to bridge together. Finally, you configure an IP address and routes for the logical bridge device, so you can still use the network from the bridge device itself (as well as access any services provided by the bridge device from the rest of the network).
Suppose we want to bridge a Prism card running Host AP (wlan0) with the first Ethernet device (eth0). Try this, preferably from the console:
pebble:~#ifconfig eth0 0.0.0.0pebble:~#ifconfig wlan0 0.0.0.0pebble:~#brctl addbr br0pebble:~#brctl addif br0 eth0pebble:~#brctl addif br0 wlan0pebble:~#ifconfig br0 10.15.6.2pebble:~#route add default gw 10.15.6.1
When you first create the bridge device, it takes a moment or two for the bridge to “learn” the layout of your network. It can take several seconds for traffic to begin to pass through the bridge when first brought up, so don’t panic if you don’t immediately see traffic.
If you have one bridge only on your network, you can also safely turn off Spanning Tree:
pebble:~# brctl stp br0 offThis prevents the bridging code from needlessly sending 802.1d
negotiation traffic to nonexistent bridges. You can see the
configuration of your bridge at any time by using brctl show
:
pebble:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.00026f018574 no eth0
wlan0If you are interested in which MACs have been found on the bridge
interfaces, use brctl
showmacs
<interface>:
pebble:~# brctl showmacs br0
port no mac addr is local? ageing timer
2 00:02:6f:01:aa:ff yes 0.00
1 00:03:93:6c:11:99 no 135.69
2 00:30:65:03:00:aa no 0.08
1 00:40:63:c0:aa:bb no 0.16
1 00:a0:24:ab:cd:ef yes 0.00Generally, bridges are “set and forget” devices. Once configured, your bridge maintains itself, barring a huge amount of traffic or untoward miscreants fiddling with it. Be sure to read the documentation available at http://bridge.sourceforge.net/, as well as the documents listed at the end of this hack.
Not all network devices allow bridging. Specifically, some radio cards (notably the Lucent/Orinoco/Avaya/Proxim Gold and Silver cards) prohibit Ethernet bridging in the radio firmware. If you need to bridge, I highly recommend upgrading these cards to a Prism card, such as the very popular Senao/EnGenius models. These cards not only allow bridging, but are more powerful and sensitive as well.
Also keep in mind that, as easy as a simple bridge is to configure, it isn’t the most secure device on the planet. If you have any interest in controlling the packets that flow across your bridge (and you should), then you will want to implement some firewalling on your bridge. But unfortunately, standard netfilter commands don’t work with bridges under Linux 2.4. Be sure to read [Hack #59] if you need more control over your bridge.
The Linux Bridge STP HOWTO (http://www.linux.org/docs/ldp/howto/BRIDGE-STP-HOWTO/)
The Linux Bridge and Firewall mini HOWTO (http://www.tldp.org/HOWTO/mini/Bridge+Firewall.html)
Get Wireless Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
