Raspberry as Pi Ethernet-WiFi-Bridge
I wanted to set up my Raspberry Pi 3 as Webcam, intranet server, and Ethernet-WiFi-Bridge. In the long run I want to use some kind of QOA/shaping on the Pi to manage my really bad internet connection (yes, 6MBit/s in a country where 82 million people live on 356 thousand square-kilometers (about 230 people per square-km).
Install additional software
apt-get install hostapd bridge-utils dhcp-helper dnsutils traceroute
What do they do?
- hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No DHCP, and therefore no DNS.
- bridge-utils: These provide the bridging you need to "connect" the ethernet and WiFi interfaces.
- dhcp-helper: DHCP uses a broadcast to the network (address) to reach the DHCP-server. Since broadcasts stay in the broadcast-domain with a TTL of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with -b, obviously because there is the dhcp-server...).
- dnsutils: Just to do a nslookup from time to time. You can test your DNS-setup as well as lookup with nslookup
- traceroute: Might come in handy if you have networking problems (and you WILL have :) )
net.ipv4.ip_forward=1 net.ipv6.conf.all.disable_ipv6 = 1
Explanation: The hostapd reads the configfile, to find this configfile. I don't get what this is good for. I think I'm just net getting the whole concept. If anyone cares to enlighten me, please do. :)
and set something like this:
interface=wlan0 driver=nl80211 bridge=br0 hw_mode=g channel=7 ieee80211n=1 wmm_enabled=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=HeartOfGold wpa_passphrase=42_42_42_42
and set something like this:
nohook wpa_supplicant denyinterfaces wlan0
Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below).
Don't touch this file. dhcpcd gets jealous...
Explanation: dhcp-helper will now forward all DHCP-related broadcasts to this interface (and none coming from there to the other interfaces).
Explanation: Enable mDNS relaying.
As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!): # only do it, if necessary /sbin/brctl show | /bin/grep eth0 && exit 0 /bin/sleep 1 # Remove IPA from eth0 ip addr flush dev eth0
- After br0 is set up and this appears in the log:
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode
- DNS-lookups fail (and therefore everything else, like pings to external hosts or apt-get)
- the Pi can't be reached by ssh or any other service
Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)
Displays your DNS-setup
Displays queried servers and queries (really!)
brctl showstp br0
Shows forwarding state
brctl showmacs br0
The Next Step
Since the Pi has some issues, the worst beeing its performance (or lack of), I decided to move the functionality to a Lenovo Thinkpad T60 (Model #2008): T60 as Pi Ethernet-WiFi-Bridge. The Pi often had a load of 3 when it shovelled 30.000 packets per minute through the bridge.
- More like this:
- or dig
- Which is quite unnecessary ;), since we bridge at layer 2...
- Check with: brctl show