Wired-to-Wireless bridging

I'm trying to set up a machine as a bridge between a wired and a wireless network segment, but not having much success. I'm not trying to create an access point though.

The situation is that I have my ADSL router with integrated access point downstairs and all the rest of my computers upstairs in my spare bedroom. Until now I've been using power-line networking to connect the router to the LAN in the spare room, but having just gotten a faster ADSL service, I've discovered the power-line networking is crap and is now the slowest link in the chain.

So, I'm trying to build a machine that will simply associate with the access point downstairs and bridge all traffic across to the wired interface.

I can associate the wireless card (ath0) fine on its own, with:

Code:
ifconfig_ath0="ssid b0rken mode 11g channel 6 WPA DHCP

but when I make it a member of a bridge, as follows, it refuses to associate any longer:

Code:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm rl0 addm ath0 DHCP"
ifconfig_rl0="up"
ifconfig_ath0=up ssid b0rken mode 11g channel 6 WPA

(I have a suitable wpa_supplicant.conf set up already)

Has anyone else tried what I'm attempting, and can advise why it's not working?

Thanks.
 
Does the bridge come up? Can you see you're associated with ifconfig?
 
The bridge interface is created and comes up, the wireless interface is actually associating, but no LAN traffic seems to want to cross the bridge and hit the router downstairs. The bridge machine itself also can't talk to the router downstairs.

Here are the relevant interface statuses after boot:

Code:
ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:14:6c:89:33:9c
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g (DS/2Mbps)
        status: associated
        ssid b0rken channel 6 (2437 Mhz 11g) bssid 00:22:3f:48:2a:9e
        authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit
        txpower 31.5 bmiss 7 scanvalid 60 bgscan bgscanintvl 300
        bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS burst
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:30:1b:3f:f4:22
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 9a:de:35:4f:66:9a
        inet 192.168.0.196 netmask 0xffffff00 broadcast 192.168.0.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 370370
        member: rl0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 55
 
Just a thought - I don't know much about bridging, but isn't this similar to a packet forwarding application where packets coming in on your wired interface are forwarded to your wifi? If so, do you have the appropriate sysconfig variables set to allow forwarding and firewall rules to forward them?
 
I don't have any experience with ath(4), but I can tell you that bridging wired and wireless cards is problematic. The reason is that wifi card vendors tend to prevent packets with invalid source MAC addresses from being generated by their cards so as to prevent MAC spoofing. When you put a wireless card into a bridge, all bridged traffic that exits the wireless card will have a source MAC address which is not what is coded into the card's firmware, so it's seen as invalid and dropped.

I think you should try setup a layer 3 bridge instead, AKA an ARP Proxy. Or just resort to plain old layer 3 routing.
 
Ruler2112 said:
Just a thought - I don't know much about bridging, but isn't this similar to a packet forwarding application where packets coming in on your wired interface are forwarded to your wifi? If so, do you have the appropriate sysconfig variables set to allow forwarding and firewall rules to forward them?

Forwarding and firewall rules work on layer 3. Bridging is done on layer 2.
http://en.wikipedia.org/wiki/OSI_model
 
The man page for if_bridge mentions:

If sysctl(8) node net.link.bridge.inherit_mac has non-zero value, newly created bridge will inherit MAC address from its first member instead of choosing random link-level address.

It sounds like this would resolve the suggested problem that aragon suggest, but the setting seems to have been removed. I get a 'not found' at boot when I have that set in my sysctl.conf.

I suppose I could try manually setting the bridge0 MAC to the same as the wireless NIC, if I'm allowed to.
 
No, that won't help. Or at least, it will only help for packets originated by the bridge itself. Forwarded packets from other hosts will still be dropped if your wireless card blocks MAC spoofing.
 
  • Thanks
Reactions: jem
This is because mtu of interfaces into a bridge can not be differ.
Example:
my test machine:
Code:
test# uname -a
FreeBSD test.<hidden> 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May  1 08:49:13 UTC 2009     [email]root@walker.cse.buffalo.edu[/email]:/usr/obj/usr/src/sys/GENERIC  i386
test# ifconfig
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether <MAC hidden>
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        media: IEEE 802.11 Wireless Ethernet autoselect <hostap> (autoselect <hostap>)
        status: associated
        ssid <ssid hidden> channel 4 (2427 Mhz 11g) bssid <MAC hidden>
        authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit TKIP 3:128-bit
        txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250
        roam:rssi11g 7 roam:rate11g 5 protmode CTS burst dtimperiod 1
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether <MAC hidden>
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000
I'm creating bridge interface and 'connect' children ath0
Code:
test# ifconfig bridge0 create
test# ifconfig bridge0
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether <MAC hidden>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
test# ifconfig bridge0 addm ath0
test# ifconfig bridge0
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether <MAC hidden>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
        member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 370370
Warning! After create bridge, it's mtu = 1500, but after connect interface ath0, mtu of bridge was changed to 2290
Try connect interface rl0
Code:
test# ifconfig bridge0 addm rl0
ifconfig: BRDGADD rl0: Invalid argument
Error because mtu different!
I'm try create TAP interface with default mtu (1500):
Code:
test# ifconfig tap0 create
test# ifconfig tap0 
tap0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether <MAC hidden>
test# ifconfig bridge0 addm tap0
ifconfig: BRDGADD tap0: Invalid argument
I see some error, try change tap0's mtu to value ath0's mtu = 2290 and connect it to the bridge:
Code:
test# ifconfig tap0 mtu 2290
test# ifconfig bridge0 addm tap0
test# ifconfig bridge0 
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether <MAC hidden>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 2000000
        member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 370370
It's OK!

You can change mtu your ath0 interface to 1500?..
 
Back
Top