Hack 64. Bridge Your Linux AP
Make a simple Ethernet bridge with Host AP and one other network interface .
"Build Your Own Access Point with Linux" [Hack #63] covers all the basics of building your own Linux-based access point. Since, by default, each network interface in Linux must be part of a different subnet, you'll have to enable IP routing, and possibly Network Address Translation (NAT), if you want to make full use of your new access point.
However, what if you want your wireless
5.3.1. Bridge Setup
Bridging is straightforward to implement, and support for bridging has been integrated into later 2.4.x and all 2.6 kernel releases. In order to set up and maintain bridges, you will need the Bridge Utilities software. Debian and Ubuntu users can install this with
apt-get install bridge-
The basic procedure for configuring a bridge is to remove any existing IP configuration on the devices you want to bridge, and then create a logical bridge device with the interfaces you want to bridge together. Finally, you configure an IP address and routes for the logical bridge device, so you can still use the network from the bridge device itself (as well as access any services provided by the bridge device from the rest of the network).
In our example, we want to bridge a Prism card running HostAP (wlan0) with the first Ethernet device (eth0) . Execute these commands from the local machine console:
ifconfig eth0 0.0.0.0 ifconfig wlan0 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 wlan0 ifconfig br0 192.168.3.2 netmask 255.255.255.0 route add default gw 192.168.3.1
When you first create the bridge device, it takes a moment or two for the bridge to "learn" the layout of your network. It can take several seconds for traffic to begin to pass through the bridge when first brought up, so don't panic if you don't immediately see traffic.
If you have only one bridge on your network, you can also safely
brctl stp br0 off
brctl show bridge name bridge id STP enabled interfaces br0 8000.00026f018574 no eth0 wlan0
If you are interested in which MACs have been found on the bridge interfaces, use brctl showmacs <interface> :
brctl showmacs br0 port no mac addr is local? ageing timer 2 00:02:6f:01:aa:ff yes 0.00 1 00:03:93:6c:11:99 no 135.69 2 00:30:65:03:00:aa no 0.08 1 00:40:63:c0:aa:bb no 0.16 1 00:a0:24:ab:cd:ef yes 0.00
Generally, bridges are
set and forget
devices. Once configured, your bridge maintains itself, barring a huge amount of traffic or untoward miscreants fiddling with it. Be sure to read the documentation available at http://bridge.
Not all network devices allow bridging. Specifically, some radio cards (notably, the Lucent/Orinoco/Avaya/Proxim Gold and Silver cards) prohibit Ethernet bridging in the radio firmware. If you need to bridge, we highly recommend upgrading these cards to a Prism II card or Atheros card. These cards not only allow bridging, but the drivers supporting them are also much more powerful.
Also keep in mind that, as easy as a simple bridge is to configure, it isn't the most secure device on the planet. If you have any interest in controlling the packets that flow across your bridge (and you should), you will want to implement some firewalling on your bridge. But
5.3.3. See Also