Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] نسخه متنی

Hack 58 Make Host AP a Layer 2 Bridge

Make a simple Ethernet bridge with Host AP and
one other network interface.

So far, we have seen how to set up your
Host AP machine as a routed or NAT'd network
appliance. But what if you want to bridge directly to your Ethernet
network or another wireless card?

Bridging is very straightforward to implement. You need a copy of the
bridge utilities from http://bridge.sourceforge.net/, as well as a
kernel with 802.1d Ethernet bridging enabled. The basic procedure for
configuring a bridge is to remove any existing IP configuration on
the devices you want to bridge, then create a logical bridge device
with the interfaces you want to bridge together. Finally, you
configure an IP address and routes for the logical bridge device, so
you can still use the network from the bridge device itself (as well
as access any services provided by the bridge device from the rest of
the network).

Suppose we want to bridge a Prism card running Host AP
(wlan0) with the first Ethernet device
(eth0). Try this, preferably from the console:

pebble:~# ifconfig eth0 0.0.0.0
pebble:~# ifconfig wlan0 0.0.0.0
pebble:~# brctl addbr br0
pebble:~# brctl addif br0 eth0
pebble:~# brctl addif br0 wlan0
pebble:~# ifconfig br0 10.15.6.2
pebble:~# route add default gw 10.15.6.1

When you first create the bridge device, it takes a moment or two for
the bridge to "learn" the layout of
your network. It can take several seconds for traffic to begin to
pass through the bridge when first brought up, so
don't panic if you don't
immediately see traffic.

If you have one bridge only on your network, you can also safely turn
off Spanning Tree:

pebble:~# brctl stp br0 off

This prevents the bridging code from needlessly sending 802.1d
negotiation traffic to nonexistent bridges. You can see the
configuration of your bridge at any time by using brctl
show:

pebble:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.00026f018574       no              eth0
wlan0

If you are interested in which MACs have been found on the bridge
interfaces, use brctl showmacs
<interface>:

pebble:~# brctl showmacs br0
port no mac addr                is local?       ageing timer
2     00:02:6f:01:aa:ff       yes                0.00
1     00:03:93:6c:11:99       no               135.69
2     00:30:65:03:00:aa       no                 0.08
1     00:40:63:c0:aa:bb       no                 0.16
1     00:a0:24:ab:cd:ef       yes                0.00

Generally, bridges are "set and
forget" devices. Once configured, your bridge
maintains itself, barring a huge amount of traffic or untoward
miscreants fiddling with it. Be sure to read the documentation
available at http://bridge.sourceforge.net/, as well as
the documents listed at the end of this hack.

Caveats

Not all network devices allow bridging.
Specifically, some radio cards (notably the
Lucent/Orinoco/Avaya/Proxim Gold and Silver cards) prohibit Ethernet
bridging in the radio firmware. If you need to bridge, I highly
recommend upgrading these cards to a Prism card, such as the very
popular Senao/EnGenius models. These cards not only allow bridging,
but are more powerful and sensitive as well.

Also keep in mind that, as easy as a
simple bridge is to configure, it isn't the most
secure device on the planet. If you have any interest in controlling
the packets that flow across your bridge (and you should), then you
will want to implement some firewalling on your bridge. But
unfortunately, standard netfilter commands don't
work with bridges under Linux 2.4. Be sure to read [Hack #59] if you need more control over your
bridge.

See Also

The Linux Bridge STP HOWTO (http://www.linux.org/docs/ldp/howto/BRIDGE-STP-HOWTO/)

The Linux Bridge and Firewall mini HOWTO (http://www.tldp.org/HOWTO/mini/Bridge+Firewalll)