Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

bridging a ppp connection with wlan [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tarnai_t
n00b
n00b


Joined: 14 Feb 2006
Posts: 22
PostPosted: Mon Sep 21, 2009 1:05 pm    Post subject: bridging a ppp connection with wlan [SOLVED] Reply with quote
Hi,

my network topology looks like this:

ISP<-->ALIX box runinng ppp on eth0 having wlan interface wlan0 managed by hostapd<--> Wireless client (e.g. Laptop with wlan0 interface)

I have following the instructions on this site:

http://www.linux.com/archive/articles/55617

and managed to set up both wlan cards in the bridge and on the client, but I didn't manage to get to the internet with the client. I have a pppoe dsl connection set up on the bridge,
and I suppose I have to add ppp0 instead of eth0 in the following code

Code:

    ifconfig eth0 0.0.0.0 up
    ifconfig wlan0 0.0.0.0 up
    brctl addbr br0
    brctl addif br0 eth0
    brctl addif br0 wlan0



but when I execute

Code:

    brctl addif br0 ppp0



I get

Code:

    can't add ppp0 to bridge br0: Invalid argument



another question is what to do on the client side? I execute

Code:

    wpa_supplicant -Dwext -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf



o I can open an ssh session to the bridge, but how do I tell the client to connect through the bridge to the internet?
o What about dns resolving?
o would it make sense to first build the bridge with interfaces wlan0 and eth0 and start the ppp daemon and make it use the br0 interface?

Thank you for your answers in advance,

Kindest Regards,
t

Last edited by tarnai_t on Fri Sep 25, 2009 2:37 pm; edited 1 time in total
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
PostPosted: Fri Sep 25, 2009 2:21 pm    Post subject: Reply with quote
When bridging wireless with anything else you must provide one more argument to wpa_supplicant; example:
Code:
/usr/sbin/wpa_supplicant -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf -W -B -iwlan0 -bbr0 -P/var/run/wpa_supplicant-wlan0.pid

Note -bbr0.
Make sure ppp0 exists before adding it to the bridge. It also must not have been assigned an IP address. I also think you shouldn't bridge eth0 since ppp0 is tunnelled through that interface.

Bridging ppp0 with anything else makes sense if your PPP connection is on the same IP network as the bridge slaves (there's a better way saying that but you get the picture). Otherwise you should consider routing, which is done by default.

As for DNS resolving, you can use openresolv, by Roy Marples aka Uberlord.

I'm afraid I don't understand your first question OTOH.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
tarnai_t
n00b
n00b


Joined: 14 Feb 2006
Posts: 22
PostPosted: Fri Sep 25, 2009 2:36 pm    Post subject: Reply with quote
VinzC wrote:
When bridging wireless with anything else you must provide one more argument to wpa_supplicant; example:
Code:
/usr/sbin/wpa_supplicant -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf -W -B -iwlan0 -bbr0 -P/var/run/wpa_supplicant-wlan0.pid

Note -bbr0.
Make sure ppp0 exists before adding it to the bridge. It also must not have been assigned an IP address. I also think you shouldn't bridge eth0 since ppp0 is tunnelled through that interface.

Bridging ppp0 with anything else makes sense if your PPP connection is on the same IP network as the bridge slaves (there's a better way saying that but you get the picture). Otherwise you should consider routing, which is done by default.

As for DNS resolving, you can use openresolv, by Roy Marples aka Uberlord.

I'm afraid I don't understand your first question OTOH.


Hi,

thank you very much for your answer. In the meantime I realized that with a proper iptables rule setup I get what I want. I just read the Gentoo Home Router guide, and modified it to my needs.

Code:

#!/bin/sh

INET_IFACE="ppp0"

LAN_IFACE="wlan0"

LO_IFACE="lo"

LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/secure_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

$IPTABLES -F
$IPTABLES -t nat -F

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -N bad_tcp
$IPTABLES -N allowed
$IPTABLES -N tcp_pkg


$IPTABLES -A bad_tcp -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP
$IPTABLES -A bad_tcp -p tcp ! --syn -m state --state NEW -j DROP

$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP

$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 443  -j allowed
$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 6881 -j allowed
$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 8000 -j allowed

$IPTABLES -A INPUT -p ALL -m  state --state INVALID -j DROP
$IPTABLES -A INPUT -p ALL -i  $LO_IFACE  -j ACCEPT
$IPTABLES -A INPUT -p ALL -i  $LAN_IFACE  -j ACCEPT
$IPTABLES -A INPUT -p TCP -j  bad_tcp
$IPTABLES -A INPUT -p ALL -i  $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p TCP -i  $INET_IFACE -j tcp_pkg

$IPTABLES -A OUTPUT -p ALL -s $LO_IP      -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $LAN_IFACE  -j ACCEPT

$IPTABLES  -I FORWARD -i $LAN_IFACE  -d 192.168.0.0/255.255.0.0 -j DROP
$IPTABLES  -A FORWARD -i $LAN_IFACE  -s 192.168.0.0/255.255.0.0 -j ACCEPT
$IPTABLES  -A FORWARD -i $INET_IFACE -d 192.168.0.0/255.255.0.0 -j ACCEPT
$IPTABLES  -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE


Regards, trinux
Back to top
View user's profile Send private message
mrness
Retired Dev
Retired Dev


Joined: 17 Feb 2004
Posts: 375
Location: bucharest.ro
PostPosted: Sun Oct 18, 2009 10:29 am    Post subject: Reply with quote
trying to add a point-to-point interface to a IEEE 802.1D bridge is silly :roll:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy