Setting Up Linux Network Bridge

The network is the forum.

Moderators: Steel, notfred

Setting Up Linux Network Bridge

Postposted on Mon Apr 09, 2007 4:09 pm

The goal here is to setup a bridge from a wired network to a wireless network.

Here's the network hardware list:
Onboard Wired NIC in my main PC running WinXP
Linksys Wireless in my Linux Server using RT2500
D-Link Wired in my Linux Server using 8139
D-Link DGS-2205 10/100/1000 Switch to connect the two computers
Netgear Wireless Router (Forget the model right now) that's connected to the internet

I know that I can easily create a bridge in Win XP, however, the wireless NIC will impede airflow to my video card. I've followed this <A HREF="http://gentoo-wiki.com/HOWTO_Building_a_Wireless_Access_Point#Simple_NAT-forwarding_setup">guide</A> to get the bridge up and running. The problem I'm having though is my main PC can't see the internet, but the Linux Server can. I've read through the guide a couple times and I must be missing something. Does iptables need to be running to make this happen? If it does, could someone tell me exactly what I need to do? The Linux Server isn't acting as an access point. It's just acting as a client for the router.

Here's a little diagram:
Code: Select all
   Switch
   |     |
Linux  WinXP
-
-
-
Router---Internet
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Re: Setting Up Linux Network Bridge

Postposted on Mon Apr 09, 2007 4:21 pm

titan wrote:The goal here is to setup a bridge from a wired network to a wireless network.

Here's the network hardware list:
Onboard Wired NIC in my main PC running WinXP
Linksys Wireless in my Linux Server using RT2500
D-Link Wired in my Linux Server using 8139
D-Link DGS-2205 10/100/1000 Switch to connect the two computers
Netgear Wireless Router (Forget the model right now) that's connected to the internet

I know that I can easily create a bridge in Win XP, however, the wireless NIC will impede airflow to my video card. I've followed this <A HREF="http://gentoo-wiki.com/HOWTO_Building_a_Wireless_Access_Point#Simple_NAT-forwarding_setup">guide</A> to get the bridge up and running. The problem I'm having though is my main PC can't see the internet, but the Linux Server can. I've read through the guide a couple times and I must be missing something. Does iptables need to be running to make this happen? If it does, could someone tell me exactly what I need to do? The Linux Server isn't acting as an access point. It's just acting as a client for the router.

Here's a little diagram:
Code: Select all
   Switch
   |     |
Linux  WinXP
-
-
-
Router---Internet


IP tables does not need to be running. In fact, I recommmend you disable it until you get the bridge working. Do you have the brutils package installed?
The world is indeed full of peril. But there is much that is fair. And though in all lands love is mingled with grief, it grows the greater. J. R. R. Tolkien
tesmar
Graphmaster Gerbil
 
Posts: 1075
Joined: Thu Oct 13, 2005 10:18 pm

Postposted on Mon Apr 09, 2007 4:25 pm

Yes, I do have bridge-utils installed. I think I should also mention that I'm running Gentoo. I haven't even started iptables, but I just installed it a bit ago. Haven't fiddled with it or anything.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Mon Apr 09, 2007 4:29 pm

And here's my /etc/conf.d/net:
Code: Select all
bridge_br0=( "eth0" "ra0" )

config_eth0=( "null" )
config_ra0=( "null" )

config_br0=( "dhcp" )
routes_br0=( "default via 192.168.1.1" )

depend_br0() {
   need net.eth0 net.ra0
}

modules_ra0=( "iwconfig" )
essid_ra0="peter"
channel_ra0="1"


Now 192.168.1.1 is my Netgear Router. The Linux Server currently has an IP of 192.168.1.4. From WinXP I can access the server, but not the internet. The server can access the internet.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Mon Apr 09, 2007 6:48 pm

I remember when I was setting up a similar network that you had to check that bridging support had been enabled in the kernel when you built it. I chickened out and just set up the wireless side of the linux box as a access point on one network (10.0.0.0/24) the wired side on 192.168.0.0/24 and use iptables as a router between the two. Works flawlessly if you want I can post my iptables file if you want to go that way.
iMac 27" | 13" Macbook Pro all running Mavericks
monts
Gerbil Jedi
 
Posts: 1515
Joined: Sat May 07, 2005 7:58 pm
Location: Western Australia (Gods Own Country for those uncertain)

Postposted on Mon Apr 09, 2007 7:23 pm

monts wrote:I remember when I was setting up a similar network that you had to check that bridging support had been enabled in the kernel when you built it. I chickened out and just set up the wireless side of the linux box as a access point on one network (10.0.0.0/24) the wired side on 192.168.0.0/24 and use iptables as a router between the two. Works flawlessly if you want I can post my iptables file if you want to go that way.


YEah, was gonna say the same thing. MAke sure that bridge support is compiled into your kernel as a module.
The world is indeed full of peril. But there is much that is fair. And though in all lands love is mingled with grief, it grows the greater. J. R. R. Tolkien
tesmar
Graphmaster Gerbil
 
Posts: 1075
Joined: Thu Oct 13, 2005 10:18 pm

Postposted on Mon Apr 09, 2007 11:30 pm

Bridging support is enabled in my kernel, but not as a module. Maybe I'll try the iptables method. Could you post the config?
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Tue Apr 10, 2007 10:09 am

Still need a little help. I had a friend SSH into the server, and I don't think he could figure it out either.

Some more specifics:
WinXP 192.168.1.2
Linux 192.168.1.3, but when bridge was enabled it was 192.168.1.4
Router 192.168.1.1
eth0 Wired
ra0 Wireless
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Tue Apr 10, 2007 12:05 pm

How about going about this a different way, why not pull the router and put the Linux machine into service as the router doing NAT and DHCP? Whilst what you are doing should work, I think there are a ton more howtos and guides on doing the latter.
notfred
Grand Gerbil Poohbah
 
Posts: 3748
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Postposted on Tue Apr 10, 2007 3:31 pm

Because of where my stuff is set up. The cable modem is on the other side of the apartment. Along with the router. Right now I have the equipment stretched across the apartment.

If someone could help me with the iptables config I'd like to try that. I haven't been able to find what I'm looking for yet.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Wed Apr 11, 2007 7:03 am

As you are running gentoo I'll post a copy of /var/lib/iptables/rules-save file where the iptables init.d script saves the settings when it shuts down.

/var/lib/iptables/rules-save wrote:# Generated by iptables-save v1.3.5 on Tue Feb 20 14:38:02 2007
*raw
:PREROUTING ACCEPT [419830:294030880]
:OUTPUT ACCEPT [5501:1433964]
COMMIT
# Completed on Tue Feb 20 14:38:02 2007
# Generated by iptables-save v1.3.5 on Tue Feb 20 14:38:02 2007
*nat
:PREROUTING ACCEPT [1335:141107]
:POSTROUTING ACCEPT [78:23366]
:OUTPUT ACCEPT [91:24129]
[1114:69017] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Feb 20 14:38:02 2007
# Generated by iptables-save v1.3.5 on Tue Feb 20 14:38:02 2007
*mangle
:PREROUTING ACCEPT [419830:294030880]
:INPUT ACCEPT [5938:1353732]
:FORWARD ACCEPT [413892:292677148]
:OUTPUT ACCEPT [5501:1433964]
:POSTROUTING ACCEPT [419393:294111112]
COMMIT
# Completed on Tue Feb 20 14:38:02 2007
# Generated by iptables-save v1.3.5 on Tue Feb 20 14:38:02 2007
*filter
:INPUT ACCEPT [307:19242]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5288:1413086]
[1735:614152] -A INPUT -i lo -j ACCEPT
[2926:655629] -A INPUT -i ath0 -j ACCEPT
[670:44784] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -i ! ath0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-p
ort-unreachable
[0:0] -A INPUT -i ! ath0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-p
ort-unreachable
[0:0] -A INPUT -i ! ath0 -p tcp -m tcp --dport 0:1023 -j DROP
[0:0] -A INPUT -i ! ath0 -p udp -m udp --dport 0:1023 -j DROP
[0:0] -A FORWARD -d 10.0.0.0/255.255.255.0 -i ath0 -j DROP
[222087:208979229] -A FORWARD -s 10.0.0.0/255.255.255.0 -i ath0 -j ACCEPT
[191805:83697919] -A FORWARD -d 10.0.0.0/255.255.255.0 -i eth0 -j ACCEPT
COMMIT
# Completed on Tue Feb 20 14:38:02 2007

Just to give you some background about the system.

Two interfaces
eth0 = LAN interface (192.168.1..11/24 gateway 192.168.1.1)
ath0 = wifi interface (10.0.0.1/24 )

also has dhcpd running on ath0, and hostapd running WPA-PSK encyption.

Also included dhcp setup

/etc/dhcp/dhcpd.conf wrote:# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "home.local";
option domain-name-servers 203.21.20.20,203.10.1.9;
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

subnet 192.168.1.0 netmask 255.255.255.0 {
}

# This is a very basic subnet declaration.

subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.10 10.0.0.254;
option routers 10.0.0.1;
}
iMac 27" | 13" Macbook Pro all running Mavericks
monts
Gerbil Jedi
 
Posts: 1515
Joined: Sat May 07, 2005 7:58 pm
Location: Western Australia (Gods Own Country for those uncertain)

Postposted on Wed Apr 11, 2007 7:31 am

Thanks for posting that monts. I have some questions. It looks like you have things set to only accept some things. As this machine will only be forwarding internal traffic, how do I let it accept everything? How is the forwarding set? It is apparent to me right off the bat where you've defined the forwarding route. It also looks like you have DROP set too. How does that affect it? Also, I do not want to run wireless as a host. It's just a client for the router. Is this set to be the host on the wireless side?
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Wed Apr 11, 2007 8:08 am

Its mainly designed to drop things from the lan side of the network (except port 22) rather than drop on the wifi side. Pretty much everything on the wifi side is accepted and passed on.
iMac 27" | 13" Macbook Pro all running Mavericks
monts
Gerbil Jedi
 
Posts: 1515
Joined: Sat May 07, 2005 7:58 pm
Location: Western Australia (Gods Own Country for those uncertain)

Postposted on Wed Apr 11, 2007 12:17 pm

That looks like you are NATing rather than bridging, which is kind of related to what I was suggesting, but likely to cause problems e.g. with file sharing across the two. Bridging is layer 2, NAT is layer 3.
notfred
Grand Gerbil Poohbah
 
Posts: 3748
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Postposted on Wed Apr 11, 2007 6:12 pm

In my case the file sharing was only one way, eg getting the data from the LAN (or internet for that matter) onto the Wifi side of things. It works for me and allows full access to the internet including streaming media etc.
iMac 27" | 13" Macbook Pro all running Mavericks
monts
Gerbil Jedi
 
Posts: 1515
Joined: Sat May 07, 2005 7:58 pm
Location: Western Australia (Gods Own Country for those uncertain)

Postposted on Thu Apr 12, 2007 9:24 am

I just had a thought. I think I need to set promiscuity for ra0 in order to get the bridge to work. I remember having to do that in Win XP. Anybody know how to make that a part of the script?
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Postposted on Fri Apr 13, 2007 11:19 am

Alright, I figured that out -- you set it in the script using iface_ra0="promisc". -- but it still didn't work. My friend spoke with a friend of his and found out that I must use iptables. On top of that, I would need to setup my Server as the router too. Bridging doesn't work between wired and wireless yet under Linux. So, I broke down and bought a 50' Cat5e Ethernet cable. It only ran me ten bucks after shipping.

Thank you for your help guys.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Re: Setting Up Linux Network Bridge

Postposted on Thu Jul 10, 2008 7:03 am

So it's been a little more than a year now. Any updates?
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Re: Setting Up Linux Network Bridge

Postposted on Thu Jul 10, 2008 6:58 pm

Easiest solution would be to buy a USB WLAN adapter for <$20.
#182 TT: 13/DNVT, Precedence: Flash Override. Switch: Node Center. MSE forever.
Contingency
Gerbil Jedi
 
Posts: 1533
Joined: Sat Jun 19, 2004 4:03 pm
Location: al.us

Re: Setting Up Linux Network Bridge

Postposted on Thu Jul 10, 2008 7:13 pm

Contingency wrote:Easiest solution would be to buy a USB WLAN adapter for <$20.

I'm going to be nice and assume that you meant I should buy a USB wireless adapter for the XP machine.

That doesn't actually answer my question, though. My question is whether there has been any updates for bridging a wireless and wired network together in Linux.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Re: Setting Up Linux Network Bridge

Postposted on Thu Jul 10, 2008 10:26 pm

titan wrote:My question is whether there has been any updates for bridging a wireless and wired network together in Linux.

Any driver that can act as an access point should be able to bridge wireless and wired networks and that has been supported for a long time in the decently capable wireless drivers (a category which the Ralink drivers didn't belong to until recently). If I understand you correctly, you are trying to go in the other direction: you want the wireless card to be an associated client of your wireless netgear router and be bridging ethernet traffic from the other side without the netgear router set up as anything other than a regular wireless access point (plus router)? You say you've actually gotten this working (at Layer 2) on WinXP?

Generally when you want to bridge wireless to wireless, you set both devices into a bridging mode (or bridging/repeating with client mode). In order for it to work the way you're saying, every time a new MAC address comes across the bridge, the wireless client would need to associate with the AP again under the new MAC address. Really, this is a limitation of the way infrastructure mode works in 802.11 and is what WDS addresses for proper bridging.

Edit: Apparently some Linux router firmwares like DD-WRT (and supposedly this is how Windows does this too) actually support a "client bridging" mode by not transparently bridging, but by rewriting the MAC address to be the MAC of the router's wireless radio (to get around the multiple MAC reassociation problem). You could actually do better than this in Linux if you had a small number of known wired clients on the other side of the bridge by creating a few associated virtual wireless client interfaces each with the appropriate MAC address and using ebtables to bridge each MAC to the right virtual interface. Of course, the right way to do this is to have both sides knowing that they are bridging and use WDS.
bitvector
Grand Gerbil Poohbah
 
Posts: 3234
Joined: Wed Jun 22, 2005 4:39 pm
Location: Mountain View, CA

Re: Setting Up Linux Network Bridge

Postposted on Fri Jul 11, 2008 6:46 am

bitvector wrote:
titan wrote:My question is whether there has been any updates for bridging a wireless and wired network together in Linux.

Any driver that can act as an access point should be able to bridge wireless and wired networks and that has been supported for a long time in the decently capable wireless drivers (a category which the Ralink drivers didn't belong to until recently). If I understand you correctly, you are trying to go in the other direction: you want the wireless card to be an associated client of your wireless netgear router and be bridging ethernet traffic from the other side without the netgear router set up as anything other than a regular wireless access point (plus router)? You say you've actually gotten this working (at Layer 2) on WinXP?

Generally when you want to bridge wireless to wireless, you set both devices into a bridging mode (or bridging/repeating with client mode). In order for it to work the way you're saying, every time a new MAC address comes across the bridge, the wireless client would need to associate with the AP again under the new MAC address. Really, this is a limitation of the way infrastructure mode works in 802.11 and is what WDS addresses for proper bridging.

Edit: Apparently some Linux router firmwares like DD-WRT (and supposedly this is how Windows does this too) actually support a "client bridging" mode by not transparently bridging, but by rewriting the MAC address to be the MAC of the router's wireless radio (to get around the multiple MAC reassociation problem). You could actually do better than this in Linux if you had a small number of known wired clients on the other side of the bridge by creating a few associated virtual wireless client interfaces each with the appropriate MAC address and using ebtables to bridge each MAC to the right virtual interface. Of course, the right way to do this is to have both sides knowing that they are bridging and use WDS.

Yeah, it worked in XP. Just select both network connections, right click, select bridge these connections and it's done. XP was the client. It was not the access point. That's what I was trying to achieve in Linux.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains

Re: Setting Up Linux Network Bridge

Postposted on Fri Jul 11, 2008 11:27 am

Okay, but someone should have told you a year ago that true transparent bridging from a wireless client to an access point isn't really possible due to the nature of 802.11 infrastructure mode, not due to some limitation of Linux. This limitation is one reason why WDS was created.

The way Windows and DD-WRT do it is not transparent or real bridging because the MAC address gets rewritten to get around the per-MAC association problem. If you want to do it that way, you need to use ebtables to do ARP NAT (which is available in a module outside the kernel from the DD-WRT people). The rules from DD-WRT look like:
Code: Select all
ebtables -t nat -A PREROUTING --in-interface ra0 -j arpnat --arpnat-target ACCEPT
ebtables -t nat -A POSTROUTING --out-interface ra0 -j arpnat --arpnat-target ACCEPT
ebtables -t broute -A BROUTING --protocol 0x888e --in-interface <> -j DROP
bitvector
Grand Gerbil Poohbah
 
Posts: 3234
Joined: Wed Jun 22, 2005 4:39 pm
Location: Mountain View, CA

Re: Setting Up Linux Network Bridge

Postposted on Fri Jul 11, 2008 10:00 pm

That explains everything! When I get everything set up again I'll try out your solution. I'm sharing the Internet connection that my neighbors have downstairs until I get my own connection and it would be nice to get my wired network connected too.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 7:00 pm
Location: Great Smoky Mountains


Return to Networking

Who is online

Users browsing this forum: Bing [Bot], liquidsquid and 3 guests