Raspberry as Pi Ethernet-WiFi-Bridge

From Wurst-Wasser.net
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The Challenge

I wanted to set up my Raspberry Pi 3 as Webcam, intranet server, and Ethernet-WiFi-Bridge. In the long run I want to use some kind of QOA/shaping on the Pi to manage my really bad internet connection (yes, 6MBit/s in a country where 82 million people live on 356 thousand square-kilometers (about 230 people per square-km).

Setup

Install additional software

apt-get install hostapd bridge-utils dhcp-helper dnsutils traceroute

What do they do?

  • hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No DHCP, and therefore no DNS.
  • bridge-utils: These provide the bridging you need to "connect" the ethernet and WiFi interfaces.
  • dhcp-helper: DHCP uses a broadcast to the network (address) to reach the DHCP-server. Since broadcasts stay in the broadcast-domain with a TTL of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with -b, obviously because there is the dhcp-server...).
  • dnsutils: Just to do a nslookup from time to time. You can test your DNS-setup as well as lookup with nslookup[1]
  • traceroute: Might come in handy if you have networking problems (and you WILL have :) )

Configuration

vi /etc/sysctl.conf

and set 

net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6 = 1

Explanation: Disable IPv6 (to KISS) and enable forwarding for IPv4[2]. 

vi /etc/default/hostapd

and set: 

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Explanation: The hostapd reads the configfile, to find this configfile. I don't get what this is good for. I think I'm just net getting the whole concept. If anyone cares to enlighten me, please do. :) 

vi /etc/hostapd/hostapd.conf

and set something like this: 

interface=wlan0
driver=nl80211
bridge=br0
hw_mode=g
channel=7
ieee80211n=1
wmm_enabled=1
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=HeartOfGold
wpa_passphrase=42_42_42_42

Explanation: hostapd creates the WiFi-Access Point and creates a bridge-device br0, which he ties (only) wlan0 to[3]. 

vi /etc/dhcpcd.conf

and set something like this: 

nohook wpa_supplicant
denyinterfaces wlan0

Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below). 

vi /etc/network/interfaces

Don't touch this file. dhcpcd gets jealous... 

vi /etc/default/dhcp-helper

and set: 

DHCPHELPER_OPTS="-b eth0"

Explanation: dhcp-helper will now forward all DHCP-related broadcasts to this interface (and none coming from there to the other interfaces). 

vi /etc/avahi/avahi-daemon.conf

and set: 

[reflector]
enable-reflector=yes

Explanation: Enable mDNS relaying. 

As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!):
# only do it, if necessary
/sbin/brctl show | /bin/grep eth0 && exit 0
/bin/sleep 1
 
# Remove IPA from eth0
ip addr flush dev eth0

Known issues

  • After br0 is set up and this appears in the log:
Feb  5 11:59:10 pi3 kernel: [   46.256296] br0: port 2(eth0) entered blocking state
Feb  5 11:59:10 pi3 kernel: [   46.256321] br0: port 2(eth0) entered disabled state
Feb  5 11:59:10 pi3 kernel: [   46.257064] device eth0 entered promiscuous mode
  • DNS-lookups fail (and therefore everything else, like pings to external hosts or apt-get)
  • the Pi can't be reached by ssh or any other service

Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)

[SOLVED] - The reason was the IPA on eth0, which is no layer3 interface anymore. Removing the IPA did the trick.

Notes

Since you use a DHCP server and you manually set IPAs, you might want to reserve those IPAs in your DHCP-server configuration. This might become handy: 

systemd-resolve --status

Displays your DNS-setup 

nslookup www.wurst-wasser.net

Displays queried servers and queries (really!) 

brctl showstp br0

Shows forwarding state 

brctl showmacs br0

Shows all MACs displays something like arp -a does, the MACs of the machines using the bridge.


The Next Step

Since the Pi has some issues, the worst beeing its performance (or lack of), I decided to move the functionality to a Lenovo Thinkpad T60 (Model #2008): T60 as Pi Ethernet-WiFi-Bridge. The Pi often had a load of 3 when it shovelled 30.000 packets per minute through the bridge.

  1. or dig
  2. Which is quite unnecessary ;), since we bridge at layer 2...
  3. Check with: brctl show
Retrieved from "https://www.wurst-wasser.net//wiki/index.php?title=Raspberry_as_Pi_Ethernet-WiFi-Bridge&oldid=6344"