Solved How to share wifi over Ethernet?

It would be great if there was a way to share the internet connectivity of a wifi interface with an ethernet interface so that the computer connected to the ethernet interface is able to get internet from the wifi. Now, before you say this isn't possible because current wifi standards don't accept a mac address that hasn't been authenticated, I have been able to do this on windows as well as other people: https://serverfault.com/questions/929081/how-can-i-enable-packet-forwarding-on-windows/929089#929089 https://www.monnit.com/support/know...internet-connection-with-an-ethernet-gateway/ (gui way) to configure interfaces. Note, they are not bridging, that is a separate thing that can be done on Windows, but bridging is not being done in order to do this.

What I gathered that needs to be done is that the host (Freebsd box with wifi and ethernet) needs to be set up as gateway (gateway_enable or net.inet.ip.forwarding=1), the ethernet interface needs to be assigned ip, that assigned ip is set as default gateway on the computer connected to the Freebsd box, NAT needs to be set up on the freebsd box, and mac address needs to be masqueraded or changed, and mac address needs to be changed/masked to the wifi address so that router won't reject connection.
Interfaces:
Freebsd
-wlan (wifi, ip from dhcp, access to router and external)
-re0 (ethernet, static ip 192.168.3.1)

Other machine:
-wlan (crap, wifi can access router (now by default as listed below), but hoping to bypass it)
-re0 (ethernet, static ip 192.168.3.5)
default destination is set to 192.168.3.1 gateway
I have spent most of my time on this trying to work with ipfw and I learned that matching with ip ip4/etc... commands strip the mac header ipfw (8) (PACKET FLOW) although I don't if that is just during command execution or actually modifying the packet so I don't know if mac changes to wireless or some other interface mac. My non-working ipfw.rules is modified from this tutorial: https://www.neelc.org/posts/freebsd-ipfw-nat/:
Code:
#!/bin/sh

ipfw -q flush

ipfw nat 1 config if re0 if wlan0 #redirect_addr 192.168.3.1,192.168.3.5 192.168.1.41
ipfw add 100 nat 1 log ip4 from any to me in via re0
ipfw add 200 nat 1 log ip4 from 192.168.3.0/24 to any out via re0
ipfw add 300 nat 1 log ip4 from any to me in via wlan0
ipfw add 400 nat 1 log ip4 from 192.168.3.0/24 to any out via wlan0
ipfw add 500 allow log ip from any to any
I don't get a difference with redirect_addr.

Help regarding this would be appreciated.
 
It would be great if there was a way to share the internet connectivity of a wifi interface with an ethernet interface so that the computer connected to the ethernet interface is able to get internet from the wifi. Now, before you say this isn't possible because current wifi standards don't accept a mac address that hasn't been authenticated, I have been able to do this on windows as well as other people
WiFi is also ethernet my friend. What you're simply doing here is setting up routing and using NAT. That has nothing to do with running "ethernet" over WiFi. WiFi is ethernet. Heck, the word "ethernet" stems from the fact the protocol was originally developed as a wireless protocol. You know, across the Aether.

mac address needs to be masqueraded or changed, and mac address needs to be changed/masked to the wifi address so that router won't reject connection.
No, it has nothing to with the MAC address. That's layer 2 and only serves it's purpose on the local network. As soon as the IP packet is routed that MAC is changed to the router's MAC address. You don't quite understand how TCP/IP works.
 
(gui way) to configure interfaces. Note, they are not bridging, that is a separate thing that can be done on Windows, but bridging is not being done in order to do this.
Nonetheless, would you accept a bridge(4) solution? This is how macOS does interface sharing (wireless to wired and vice versa) in the GUI way of course, and exactly the same does work with FreeBSD as well. In case yes, I will elaborate, in case not, I prefer to save my time and ask you to find out how exactly Windows does it by yourself.

See: https://forums.freebsd.org/threads/...able-to-access-the-internet.80704/post-515195
 
The handbook used to have a section on setting up NAT that works quite similar to Windows "Internet Connection Sharing"

https://people.freebsd.org/~blackend/en_US.ISO8859-1/books/handbook/network-natd.html

I have been able to do this on windows as well as other people
So the wireless standard doesn't (or didn't) formerly allow for this. However some drivers do now allow for this (also to help with VM software to bridge across via the WiFi). Open-source drivers don't always have the necessary documentation to follow suite however.

So if it really doesn't work on your machine, perhaps try a couple of usb dongles (preferably using different drivers) to see if you can find one that does provide the systems necessary.

If still no luck, perhaps just set up a SOCKS5h or HTTP proxy?
 
No, it has nothing to with the MAC address. That's layer 2 and only serves it's purpose on the local network. As soon as the IP packet is routed that MAC is changed to the router's MAC address. You don't quite understand how TCP/IP works.
Well I'm sorry, I guess this kernel dev doesn't know anything: https://web.archive.org/web/2011092...ilarchive/linux-ath5k-devel/2010/3/21/6871733

Nonetheless, would you accept a bridge(4) solution? This is how macOS does interface sharing (wireless to wired and vice versa) in the GUI way of course, and exactly the same does work with FreeBSD as well. In case yes, I will elaborate, in case not, I prefer to save my time and ask you to find out how exactly Windows does it by yourself.

See: https://forums.freebsd.org/threads/...able-to-access-the-internet.80704/post-515195
Thank you for this, I'll take a bridge solution.
 
I tried following the handbook instructions linked by @kpedersen and I have success!!! Why was this ever removed or given a warning that it may not work with some adapters?

1. I kldload ipdivert
2. changed my ipfw.rules to so that the interface wan :
Code:
#!/bin/sh

ipfw -q flush

ipfw nat 1 config if wlan0 redirect_addr 192.168.3.5 192.168.1.253
ipfw add 100 nat 1 log ip4 from any to me in via wlan0
ipfw add 200 nat 1 log ip4 from 192.168.3.0/24 to any out via wlan0
ipfw add 500 allow log ip from any to any
3. added 192.168.1.253 as an alias to wlan0
Code:
ifconfig wlan0 alias 192.168.1.253 up

And it worked. I'll post more complete instructions for people who come across this problem in a bit.
 
So it seems ipdivert doesn't need to be loaded.

Before the following steps interfaces should look like this:
-wlan (wifi, ip from dhcp (so something like 192.168.1.43), has access to router and internet)
-re0 (ethernet)
Other machine:
-re0 (ethernet)
default destination is set to 192.168.1.1 gateway

After following the steps interfaces should look like this:
-wlan (wifi, ip from dhcp (so something like 192.168.1.43), alias 192.168.1.253 has access to router and internet)
-re0 (ethernet, static ip 192.168.3.1)
Other machine:
-re0 (ethernet, static ip 192.168.3.5)
gateway or (if reading like route show output) default destination is set to 192.168.3.1 gateway)

Before starting, if you use DHCP to get internet wirelessly on the FreeBSD host, I recommend changing (change wlan0 to your applicable wireless interface if needed) ifconfig_wlan0="WPA DHCP" to ifconfig_wlan0="WPA SYNCDHCP" in /etc/rc.conf

Each step has the persistent version of each action or the temporary action that will more or less reset at reboot:
1. Enable ip forwarding: sysrc gateway_enable="YES" or sysctl net.inet.ip.forwarding=1
2. Handbook says TCP segmentation offloading (TSO) is necessary to disable for in-kernet NAT: echo "net.inet.tcp.tso=0" >> /etc/sysctl.conf or sysctl net.inet.tcp.tso=0
3. This is just modifies rc.conf so that when restarting ipfw with service command it can easily read config. I couldn't find a sysctl oid for this so ignore if writing or modifying files is undesired: sysrc firewall_script="/etc/ipfw.rules".
4. Enable in-kernel nat sysrc firewall_nat_enable="YES" or kldload ipfw_nat
5. Create alias to "external" interface (interface that's just accessible to the lan that has internet): sysrc ifconfig_wlan0_alias0="inet 192.168.1.253 netmask 255.255.255.0" or ifconfig wlan0 alias 192.168.1.253 up
6. Assign ip to the ethernet interface. This will be the gateway on the machine connecting to this interface: sysrc ifconfig_re0="inet 192.168.3.1 netmask 255.255.255.0" or ifconfig re0 192.168.3.1
7. Modify /etc/ipfw.rules to be the following after the last colon. NOTE: the redirect_addr is localIP publicIP. localIP, the ip of the machine that's connected to this Freebsd machine (192.168.3.5) (instructions how later) publicIP, the ip of the external interface alias (192.168.1.253). This was modified from this guide, but it should still be able to explain what is being set. If rc.conf or files must not be modified or created just type each line except #!/bin/sh into shell:
Code:
#!/bin/sh

ipfw -q flush

ipfw nat 1 config if wlan0 redirect_addr 192.168.3.5 192.168.1.253
ipfw add 100 nat 1 log ip4 from any to me in via wlan0
ipfw add 200 nat 1 log ip4 from 192.168.3.0/24 to any out via wlan0
ipfw add 500 allow log ip from any to any

8. Enable ipfw: sysrc firewall_enable="YES" or service ipfw onerestart
9. (Optional) Enable logging (couldn't find a sysctl oid for this): sysrc firewall_logging="YES"
10. (Optional) Number of times a rule is logged per connection attempt. 5 can be any number user desires: echo "net.inet.ip.fw.verbose_limit=5" >> /etc/sysctl.conf or sysctl net.inet.ip.fw.verbose_limit=5
At this point one can either restart the networking (I'd recommend to reboot)
Code:
service netif restart
or continue on and do this at the end. It just helps to catch any errors with configuration now rather than later.
Following steps are on the other machine that will be connected via ethernet. It may have its own way of changing the following settings, but this is how it's done on a bsd system (with sysrc. If sysrc isn't available, just modify the appropriate files.).
11. sysrc ifconfig_re0="inet 192.168.3.5 netmask 255.255.255.0" or ifconfig re0 192.168.3.5
12. Deletes the route so the new one can be added. route change exists, but I've experienced issues with system not knowing it changed: route delete default
13. Adds default destination with ip of freebsd ethernet interface as gateway: sysrc defaultrouter="192.168.3.1" or route add default 192.168.3.1
14. Restart networking or reboot on this or both machines and and test.

I tested both these methods, but if anyone encounters any issues please let me know.
 
Last edited:
Well I'm sorry, I guess this kernel dev doesn't know anything: https://web.archive.org/web/2011092...ilarchive/linux-ath5k-devel/2010/3/21/6871733


Thank you for this, I'll take a bridge solution.
This assumes, that the wired interface device identifier is re0 and the IP address of the bridge is set via DHCP over the wireless adapter. In /etc/rc.conf you would setup wlan0 as usual, but omit the IP addresse assignment via SYNCDHCP. After this, add the following lines:
Code:
...
gateway_enable="YES"

ifconfig_wlan0="up"
cloned_interfaces="bridge0"
ifconfig_bridge0="SYNCDHCP addm re0 addm wlan0 stp re0 stp wlan0"
ifconfig_re0="up"
...

Perhaps the „up“ directives may be omitted.
 
Ahh... the scenario assumes that the wi-fi router is not yours, you connect over wi-fi, and then get another device (b) plugged into yours (a) over Ethernet. Remember to use crossover cable. for that, not the regular ethernet. Then the NAT stuff on your 'a' device to get the 'b' device to Internet even makes sense. I would know, I used that trick to install OpenBSD/KDE on a laptop over WiFi of my Windows laptop back in 2006.
 
I have found that I must set the MTU to 1500 for my network setup. (All bridge members must use same MTU)
Code:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm igb0 addm igb1 addm igb2 addm wlan0 SYNCDHCP"
wlans_ath0="wlan0"
ifconfig_wlan0="up mtu 1500"
create_args_wlan0="wlanmode hostap country US ssid apu2ap channel 100"
ifconfig_igb0="up"
ifconfig_igb1="up"
ifconfig_igb2="up"
hostapd_enable="YES"
 
Back
Top