Raspberry as Pi Ethernet-WiFi-Bridge
I wanted to set up my Raspberry Pi 3 as Webcam, intranet server, and Ethernet-WiFi-Bridge. In the long run I want to use some kind of QOA/shaping on the Pi to manage my really bad internet connection (yes, 6MBit/s in a country where 82 million people live on 356 thousand square-kilometers (about 230 people per square-km).
Install additional software
apt get install hostapd bridge-utils dhcp-helper dnsutils traceroute
What do they do?
- hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No DHCP, and therefore no DNS.
- bridge-utils: These provide the bridging you need to "connect" the ethernet and WiFi interfaces.
- dhcp-helper: DHCP uses a broadcast to the network (address) to reach the DHCP-server. Since broadcasts stay in the broadcast-domain with a TTL of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with -b, obviously because there is the dhcp-server...).
- dnsutils: Just to do a nslookup from time to time. You can test your DNS-setup as well as lookup with nslookup
- traceroute: Might come in handy if you have networking problems (and you WILL have :) )
net.ipv4.ip_forward=1 net.ipv6.conf.all.disable_ipv6 = 1
Explanation: The hostapd looks in the configfile, where his configfile is. I don't get what this is good for.
and set something like this:
interface=wlan0 driver=nl80211 bridge=br0 hw_mode=g channel=7 ieee80211n=1 wmm_enabled=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=HeartOfGold wpa_passphrase=42_42_42_42
and set something like this:
nohook wpa_supplicant denyinterfaces wlan0
Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below).
Don't touch this file. dhcpcd gets jealous...
Explanation: dhcp-helper will now forward all DHCP-related boradcasts to this interface (and none coming from there to the other interfaces).
Explanation: Enable mDNS relaying.
As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!): # only do it, if necessary /sbin/brctl show | /bin/grep eth0 && exit 0 /bin/sleep 1 # Remove IPA from eth0 ip addr flush dev eth0
- After br0 is set up and this appears in the log:
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode
Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)
Displays your DNS-setup
Displays queried servers and queries (really!)
brctl showstp br0
Shows forwarding state
brctl showmacs br0
- More like this:
- or dig
- Which is quite unnecessary ;), since we bridge at layer 2...
- Check with: brctl show