Raspberry as Pi Ethernet-WiFi-Bridge: Difference between revisions
(26 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
== Setup == | == Setup == | ||
=== Install additional software === | === Install additional software === | ||
apt get install hostapd bridge-utils dhcp-helper dnsutils traceroute | apt-get install hostapd bridge-utils dhcp-helper dnsutils traceroute | ||
What do they do? | What do they do? | ||
* hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No [[DHCP]], and therefore no [[DNS]]. | * hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No [[DHCP]], and therefore no [[DNS]]. | ||
* bridge-utils: These provide the bridging you need to "connect" the ethernet and [[WiFi]] interfaces. | * bridge-utils: These provide the bridging you need to "connect" the ethernet and [[WiFi]] interfaces. | ||
* dhcp-helper: [[DHCP]] uses a broadcast to the network (address) to reach the [[DHCP]]-server. Since broadcasts stay in the broadcast-domain with a [[TTL]] of 1, | * dhcp-helper: [[DHCP]] uses a broadcast to the network (address) to reach the [[DHCP]]-server. Since broadcasts stay in the broadcast-domain with a [[TTL]] of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with <tt>-b</tt>, obviously because there is the [[dhcp]]-server...). | ||
* dnsutils: Just to do a nslookup from time to time. You can test your [[DNS]]-setup as well as lookup with <tt>nslookup</tt><ref>or <tt>dig</tt></ref> | * dnsutils: Just to do a nslookup from time to time. You can test your [[DNS]]-setup as well as lookup with <tt>nslookup</tt><ref>or <tt>dig</tt></ref> | ||
* traceroute: Might come in handy if you have networking problems (and you WILL have :) ) | * traceroute: Might come in handy if you have networking problems (and you WILL have :) ) | ||
Line 17: | Line 17: | ||
net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
net.ipv6.conf.all.disable_ipv6 = 1 | net.ipv6.conf.all.disable_ipv6 = 1 | ||
Explanation: Disable [[IPv6]] (to [[KISS]] and enable forwarding for [[IPv4]]. | Explanation: Disable [[IPv6]] (to [[KISS]]) and enable forwarding for [[IPv4]]<ref>Which is quite unnecessary ;), since we bridge at layer 2...</ref>. | ||
---- | ---- | ||
vi /etc/default/hostapd | vi /etc/default/hostapd | ||
and set: | and set: | ||
DAEMON_CONF="/etc/hostapd/hostapd.conf" | DAEMON_CONF="/etc/hostapd/hostapd.conf" | ||
Explanation: The <tt>hostapd</tt> | Explanation: The <tt>hostapd</tt> reads the configfile, to find this configfile. I don't get what this is good for. I think I'm just net getting the whole concept. If anyone cares to enlighten me, please do. :) | ||
---- | ---- | ||
vi /etc/hostapd/hostapd.conf | vi /etc/hostapd/hostapd.conf | ||
Line 41: | Line 41: | ||
rsn_pairwise=CCMP | rsn_pairwise=CCMP | ||
ssid=HeartOfGold | ssid=HeartOfGold | ||
wpa_passphrase= | wpa_passphrase=42_42_42_42 | ||
Explanation: <tt>hostapd</tt> creates the [[WiFi]]-Access Point and creates a bridge-device <tt>br0</tt>, which he ties (only) <tt>wlan0</tt> to. | Explanation: <tt>hostapd</tt> creates the [[WiFi]]-Access Point and creates a bridge-device <tt>br0</tt>, which he ties (only) <tt>wlan0</tt> to<ref>Check with: <tt>brctl show</tt></ref>. | ||
---- | ---- | ||
vi /etc/dhcpcd.conf | vi /etc/dhcpcd.conf | ||
and set something like this: | and set something like this: | ||
nohook wpa_supplicant | nohook wpa_supplicant | ||
denyinterfaces wlan0 | |||
Explanation: I omit <tt>/etc/wpa_supplicant/wpa_supplicant.conf</tt> for <tt>wlan0</tt>. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is <tt>br0</tt>. Otherwise you get a routing mess. | |||
Explanation: I | Since <tt>br0</tt> and <tt>eth0</tt> are not omitted (denied), they get [[IPA]]s from the [[DHCP]]-Server. That's necessary for <tt>br0</tt>, and not for <tt>eth0</tt> (but when I omitted <tt>eth0</tt>, the bridge didn't come up. So I removed the [[IPA]] later (see below). | ||
---- | ---- | ||
vi /etc/network/interfaces | vi /etc/network/interfaces | ||
Line 57: | Line 57: | ||
and set: | and set: | ||
DHCPHELPER_OPTS="-b eth0" | DHCPHELPER_OPTS="-b eth0" | ||
Explanation: <tt>dhcp-helper</tt> will now forward all [[DHCP]]-related | Explanation: <tt>dhcp-helper</tt> will now forward all [[DHCP]]-related broadcasts to this interface (and none coming from there to the other interfaces). | ||
---- | |||
vi /etc/avahi/avahi-daemon.conf | |||
and set: | |||
[reflector] | |||
enable-reflector=yes | |||
Explanation: Enable mDNS relaying. | |||
---- | ---- | ||
As mentioned before, the <tt>br0</tt>-device is only tied to <tt>wlan0</tt>, so we must take care of this. You might want to do this with a script in <tt>/etc/network/if-up.d/</tt> like (WORK-IN-PROGRESS!): | As mentioned before, the <tt>br0</tt>-device is only tied to <tt>wlan0</tt>, so we must take care of this. You might want to do this with a script in <tt>/etc/network/if-up.d/</tt> like (WORK-IN-PROGRESS!): | ||
# only do it, if necessary | # only do it, if necessary | ||
/sbin/brctl show | /bin/grep eth0 && exit 0 | /sbin/brctl show | /bin/grep eth0 && exit 0 | ||
/bin/sleep 1 | /bin/sleep 1 | ||
# Remove IPA from eth0 | |||
ip addr flush dev eth0 | |||
=== Known issues === | === Known issues === | ||
* After br0 is set | * After br0 is set up and this appears in the log: | ||
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state | |||
Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state | |||
Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode | |||
* [[DNS]]-lookups fail (and therefore everything else, like pings to external hosts or <tt>apt-get</tt>) | |||
* the [[Pi]] can't be reached by [[ssh]] or any other service | |||
Thinking out loud: <tt>br0</tt> linkes <tt>eth0</tt> and <tt>wlan0</tt> on layer 2. Thus can't have an [[IPA]]. But <tt>br0</tt> can. I hope. :-) | |||
[SOLVED] - The reason was the [[IPA]] on eth0, which is no layer3 interface anymore. Removing the [[IPA]] did the trick. | |||
=== Notes === | === Notes === | ||
Since you use a [[DHCP]] server and you manually set [[IPA]]s, you might want to reserve those [[IPA]]s in your [[DHCP]]-server configuration. | Since you use a [[DHCP]] server and you manually set [[IPA]]s, you might want to reserve those [[IPA]]s in your [[DHCP]]-server configuration. | ||
This might become handy: | This might become handy: | ||
systemd-resolve --status | systemd-resolve --status | ||
Displays your [[DNS]]-setup | Displays your [[DNS]]-setup | ||
nslookup www.wurst-wasser.net | nslookup www.wurst-wasser.net | ||
Displays queried servers and queries (really!) | |||
brctl showstp br0 | |||
Shows forwarding state | |||
brctl showmacs br0 | |||
Shows all [[MAC]]s displays something like <tt>arp -a</tt> does, the [[MAC]]s of the machines using the bridge. | |||
== The Next Step == | |||
Since the [[Pi]] has some issues, the worst beeing its performance (or lack of), I decided to move the functionality to a Lenovo Thinkpad T60 (Model #2008): [[T60 as Pi Ethernet-WiFi-Bridge]]. | |||
The [[Pi]] often had a load of 3 when it shovelled 30.000 packets per minute through the bridge. | |||
---- | ---- | ||
* Related | |||
** [[Raspberry Pi Traffic Monitoring]] | |||
* More like this: | * More like this: | ||
** | ** https://unix.stackexchange.com/questions/56092/how-can-i-disable-tcp-ip-for-an-ethernet-adapter | ||
** http://www.microhowto.info/troubleshooting/troubleshooting_ethernet_bridging_on_linux.html | |||
** https://serverfault.com/questions/478453/cannot-ping-from-a-bridged-inteface | |||
** https://unix.stackexchange.com/questions/308086/host-unreachable-after-added-into-linux-bridge | |||
** https://learn.sparkfun.com/tutorials/setting-up-a-raspberry-pi-3-as-an-access-point/all | |||
** http://www.intellamech.com/RaspberryPi-projects/rpi3_simple_wifi_ap.html | |||
** https://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ | |||
** https://askubuntu.com/questions/462534/getting-wifi-ap-working-with-hostapd-and-isc-dhcp-server-xubuntu-14-04 | |||
** https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/ | |||
** https://www.linuxjournal.com/content/wi-fi-command-line | |||
** https://unix.stackexchange.com/questions/119209/hostapd-will-not-start-via-service-but-will-start-directly | |||
** https://raspberrypi.stackexchange.com/questions/33894/i-am-attempting-to-create-a-wifi-gateway | |||
** https://www.raspberrypi.org/forums/viewtopic.php?t=191306 | |||
** https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-repeater-optional-with-bridge/89804#89804 | |||
** https://raspberrypi.stackexchange.com/questions/88214/setting-up-a-raspberry-pi-as-an-access-point-the-easy-way | |||
** https://github.com/peebles/rpi3-wifi-station-ap-stretch | |||
** https://www.raspberrypi.org/forums/viewtopic.php?t=211305 | |||
** http://amadys.blogspot.com/2010/09/dhcp-helper-dhcp-relay-agent-for-linux.html | |||
** https://www.hostinger.com/tutorials/iptables-tutorial#gref | |||
** https://askubuntu.com/questions/907972/route-all-traffic-of-a-machine-through-another-within-a-subnet | |||
** https://wiki.debian.org/BridgeNetworkConnections#Manual_bridge_setup | |||
** https://unix.stackexchange.com/questions/449468/how-to-route-between-interfaces | |||
* Footnotes | * Footnotes | ||
<references/> | <references/> | ||
[[Category:RaspberryPi]] |
Latest revision as of 14:53, 18 September 2019
The Challenge
I wanted to set up my Raspberry Pi 3 as Webcam, intranet server, and Ethernet-WiFi-Bridge. In the long run I want to use some kind of QOA/shaping on the Pi to manage my really bad internet connection (yes, 6MBit/s in a country where 82 million people live on 356 thousand square-kilometers (about 230 people per square-km).
Setup
Install additional software
apt-get install hostapd bridge-utils dhcp-helper dnsutils traceroute
What do they do?
- hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No DHCP, and therefore no DNS.
- bridge-utils: These provide the bridging you need to "connect" the ethernet and WiFi interfaces.
- dhcp-helper: DHCP uses a broadcast to the network (address) to reach the DHCP-server. Since broadcasts stay in the broadcast-domain with a TTL of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with -b, obviously because there is the dhcp-server...).
- dnsutils: Just to do a nslookup from time to time. You can test your DNS-setup as well as lookup with nslookup[1]
- traceroute: Might come in handy if you have networking problems (and you WILL have :) )
Configuration
vi /etc/sysctl.conf
and set
net.ipv4.ip_forward=1 net.ipv6.conf.all.disable_ipv6 = 1
Explanation: Disable IPv6 (to KISS) and enable forwarding for IPv4[2].
vi /etc/default/hostapd
and set:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Explanation: The hostapd reads the configfile, to find this configfile. I don't get what this is good for. I think I'm just net getting the whole concept. If anyone cares to enlighten me, please do. :)
vi /etc/hostapd/hostapd.conf
and set something like this:
interface=wlan0 driver=nl80211 bridge=br0 hw_mode=g channel=7 ieee80211n=1 wmm_enabled=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=HeartOfGold wpa_passphrase=42_42_42_42
Explanation: hostapd creates the WiFi-Access Point and creates a bridge-device br0, which he ties (only) wlan0 to[3].
vi /etc/dhcpcd.conf
and set something like this:
nohook wpa_supplicant denyinterfaces wlan0
Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below).
vi /etc/network/interfaces
Don't touch this file. dhcpcd gets jealous...
vi /etc/default/dhcp-helper
and set:
DHCPHELPER_OPTS="-b eth0"
Explanation: dhcp-helper will now forward all DHCP-related broadcasts to this interface (and none coming from there to the other interfaces).
vi /etc/avahi/avahi-daemon.conf
and set:
[reflector] enable-reflector=yes
Explanation: Enable mDNS relaying.
As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!): # only do it, if necessary /sbin/brctl show | /bin/grep eth0 && exit 0 /bin/sleep 1 # Remove IPA from eth0 ip addr flush dev eth0
Known issues
- After br0 is set up and this appears in the log:
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode
- DNS-lookups fail (and therefore everything else, like pings to external hosts or apt-get)
- the Pi can't be reached by ssh or any other service
Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)
[SOLVED] - The reason was the IPA on eth0, which is no layer3 interface anymore. Removing the IPA did the trick.
Notes
Since you use a DHCP server and you manually set IPAs, you might want to reserve those IPAs in your DHCP-server configuration. This might become handy:
systemd-resolve --status
Displays your DNS-setup
nslookup www.wurst-wasser.net
Displays queried servers and queries (really!)
brctl showstp br0
Shows forwarding state
brctl showmacs br0
Shows all MACs displays something like arp -a does, the MACs of the machines using the bridge.
The Next Step
Since the Pi has some issues, the worst beeing its performance (or lack of), I decided to move the functionality to a Lenovo Thinkpad T60 (Model #2008): T60 as Pi Ethernet-WiFi-Bridge. The Pi often had a load of 3 when it shovelled 30.000 packets per minute through the bridge.
- Related
- More like this:
- https://unix.stackexchange.com/questions/56092/how-can-i-disable-tcp-ip-for-an-ethernet-adapter
- http://www.microhowto.info/troubleshooting/troubleshooting_ethernet_bridging_on_linux.html
- https://serverfault.com/questions/478453/cannot-ping-from-a-bridged-inteface
- https://unix.stackexchange.com/questions/308086/host-unreachable-after-added-into-linux-bridge
- https://learn.sparkfun.com/tutorials/setting-up-a-raspberry-pi-3-as-an-access-point/all
- http://www.intellamech.com/RaspberryPi-projects/rpi3_simple_wifi_ap.html
- https://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/
- https://askubuntu.com/questions/462534/getting-wifi-ap-working-with-hostapd-and-isc-dhcp-server-xubuntu-14-04
- https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/
- https://www.linuxjournal.com/content/wi-fi-command-line
- https://unix.stackexchange.com/questions/119209/hostapd-will-not-start-via-service-but-will-start-directly
- https://raspberrypi.stackexchange.com/questions/33894/i-am-attempting-to-create-a-wifi-gateway
- https://www.raspberrypi.org/forums/viewtopic.php?t=191306
- https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-repeater-optional-with-bridge/89804#89804
- https://raspberrypi.stackexchange.com/questions/88214/setting-up-a-raspberry-pi-as-an-access-point-the-easy-way
- https://github.com/peebles/rpi3-wifi-station-ap-stretch
- https://www.raspberrypi.org/forums/viewtopic.php?t=211305
- http://amadys.blogspot.com/2010/09/dhcp-helper-dhcp-relay-agent-for-linux.html
- https://www.hostinger.com/tutorials/iptables-tutorial#gref
- https://askubuntu.com/questions/907972/route-all-traffic-of-a-machine-through-another-within-a-subnet
- https://wiki.debian.org/BridgeNetworkConnections#Manual_bridge_setup
- https://unix.stackexchange.com/questions/449468/how-to-route-between-interfaces
- Footnotes