LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-06-2009, 07:45 AM   #1
Astral Projection
Member
 
Registered: Apr 2006
Location: Parallel Universe
Posts: 49

Rep: Reputation: 15
Bridging wired and wireless network


Here's the situation: I have Internet access on laptop through 802.11 but I don't have wireless card on my desktop. So I was wandering is it possible to bridge my desktop's NIC (eth1) with laptops wlan card (ath0) to get Internet access to desktop? If it is possible, how can I do that? I played with brctl but I was unable to bridge these two interfaces, I'm probably doing something wrong :|

FYI, desktop is running Debian and laptop is running Ubuntu.
 
Old 10-06-2009, 07:59 AM   #2
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 114

Rep: Reputation: 23
Quote:
Originally Posted by Astral Projection View Post
Here's the situation: I have Internet access on laptop through 802.11 but I don't have wireless card on my desktop. So I was wandering is it possible to bridge my desktop's NIC (eth1) with laptops wlan card (ath0) to get Internet access to desktop? If it is possible, how can I do that? I played with brctl but I was unable to bridge these two interfaces, I'm probably doing something wrong :|

FYI, desktop is running Debian and laptop is running Ubuntu.
Do you have a connection to the lan network from your laptop?
 
Old 10-06-2009, 08:03 AM   #3
Astral Projection
Member
 
Registered: Apr 2006
Location: Parallel Universe
Posts: 49

Original Poster
Rep: Reputation: 15
Of course.. I setup wired connection between laptop and desktop and everything is working fine. From wireless AP I have IPs assigned by DHCP (192.168.1.0/24) on wired I have static IPs (10.10.10.0/24).

When I tried brctl addif ath0 eth1 && brctl bridge0 up I've lost both connections, LAN and WLAN.

Last edited by Astral Projection; 10-06-2009 at 08:05 AM.
 
Old 10-06-2009, 08:20 AM   #4
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 114

Rep: Reputation: 23
Quote:
Originally Posted by Astral Projection View Post
Of course.. I setup wired connection between laptop and desktop and everything is working fine. From wireless AP I have IPs assigned by DHCP (192.168.1.0/24) on wired I have static IPs (10.10.10.0/24).

When I tried brctl addif ath0 eth1 && brctl bridge0 up I've lost both connections, LAN and WLAN.
depending on the name of your interface for the lan connection this is a quick script i use for getting routing running just name it something and make sure its executable


Code:
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X

#Set default policies and define chains
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#define a new chain which is going to handle
# packets we don't want to respond to
# limit the amount of logs to 10/min

iptables -N Firewall
iptables -A Firewall -m limit --limit 10/minute -j LOG --log-prefix "Firewall: "
iptables -A Firewall -j DROP

#define a chain to deal with unlegitimate packets
# and limit the number of alerts to 10/min
# packets will be drop without informing the sender
iptables -N Badflags
iptables -A Badflags -m limit --limit 10/minute -j LOG --log-prefix "Badflags: "
iptables -A Badflags -j DROP

#define a chain to deal with rejections & log those packets and inform the sender that the packet was rejected
iptables -N Rejectwall
iptables -A Rejectwall -m limit --limit 10/minute -j LOG --log-prefix "Rejectwall: "
iptables -A Rejectwall -j REJECT
# use the following instead if you want to simulate that the host is not reachable
# for fun though
#iptables -A Rejectwall -j REJECT  --reject-with icmp-host-unreachable

#accept connections from local and lan
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT

#masquerade internal address as external IP drop invalid connections, allow unrestricted outbound access
iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
iptables -A FORWARD -i ath0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ath0 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#deal with known bad flags
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j Badflags
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j Badflags
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j Badflags
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j Badflags
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j Badflags
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j Badflags
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j Badflags
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j Badflags
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j Badflags
iptables -A INPUT -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j Badflags
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j Badflags

# Accept certain icmp message, drop the others
# and log them through the Firewall chain
# 0 => echo reply
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
# 3 => Destination Unreachable
iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
# 11 => Time Exceeded
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
# 8 => Echo
# avoid ping flood
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
iptables -A INPUT -p icmp -j Firewall

#Drop anything not allowed
iptables -A INPUT -j Rejectwall

Last edited by TheMadIndian; 10-06-2009 at 08:21 AM.
 
Old 10-06-2009, 08:34 AM   #5
Astral Projection
Member
 
Registered: Apr 2006
Location: Parallel Universe
Posts: 49

Original Poster
Rep: Reputation: 15
It was unnecessary to copy your whole script, I tried switching off firewall but that didn't help:

Code:
root@horus:/home/goran# brctl addbr bridge0
root@horus:/home/goran# brctl addif bridge0 ath0
root@horus:/home/goran# brctl addif bridge0 eth1
root@horus:/home/goran# brctl show
bridge name	bridge id		STP enabled	interfaces
bridge0		8000.0015af266439	no		ath0
							eth1

root@horus:/home/goran# echo 1 > /proc/sys/net/ipv4/ip_forward
root@horus:/home/goran# iptables -F
root@horus:/home/goran# iptables -A INPUT -i eth1 -j ACCEPT
root@horus:/home/goran# iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
root@horus:/home/goran# iptables -A FORWARD -i ath0 -m state --state NEW,INVALID -j DROP
root@horus:/home/goran# iptables -A FORWARD -i ath0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
root@horus:/home/goran# nslookup google.com
;; connection timed out; no servers could be reached

root@horus:/home/goran# ping google.com
ping: unknown host google.com
 
Old 10-06-2009, 09:01 AM   #6
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 114

Rep: Reputation: 23
Quote:
Originally Posted by Astral Projection View Post
It was unnecessary to copy your whole script, I tried switching off firewall but that didn't help:

Code:
root@horus:/home/goran# brctl addbr bridge0
root@horus:/home/goran# brctl addif bridge0 ath0
root@horus:/home/goran# brctl addif bridge0 eth1
root@horus:/home/goran# brctl show
bridge name	bridge id		STP enabled	interfaces
bridge0		8000.0015af266439	no		ath0
							eth1

root@horus:/home/goran# echo 1 > /proc/sys/net/ipv4/ip_forward
root@horus:/home/goran# iptables -F
root@horus:/home/goran# iptables -A INPUT -i eth1 -j ACCEPT
root@horus:/home/goran# iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
root@horus:/home/goran# iptables -A FORWARD -i ath0 -m state --state NEW,INVALID -j DROP
root@horus:/home/goran# iptables -A FORWARD -i ath0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
root@horus:/home/goran# nslookup google.com
;; connection timed out; no servers could be reached

root@horus:/home/goran# ping google.com
ping: unknown host google.com
it requires masquerading to get a response so your desktop is sending out to the internet on the IP the ISP provided. If you remove the bridging and just run this script your desktop will have internet access
 
Old 10-06-2009, 09:18 AM   #7
Astral Projection
Member
 
Registered: Apr 2006
Location: Parallel Universe
Posts: 49

Original Poster
Rep: Reputation: 15
Doesn't seem to work: I removed bridge iface and did what you said but I still don't have Internet access.
Code:
shiva:/home/astral# ping google.com
ping: unknown host google.com
Here's ifconfig from desktop:
Code:
shiva:/home/astral# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:14:85:5e:1b:eb  
          inet addr:10.10.10.2  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::214:85ff:fe5e:1beb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:189 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:20518 (20.0 KiB)  TX bytes:21940 (21.4 KiB)
          Interrupt:20
and here's ifconfig from laptop:
Code:
root@horus:/home/goran# ifconfig
ath0      Link encap:Ethernet  HWaddr 00:15:af:26:64:39  
          inet addr:192.168.1.65  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:afff:fe26:6439/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1269 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1009213 (1.0 MB)  TX bytes:256823 (256.8 KB)

eth1      Link encap:Ethernet  HWaddr 00:1e:8c:28:a4:a3  
          inet addr:10.10.10.3  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::21e:8cff:fe28:a4a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18868 (18.8 KB)  TX bytes:27456 (27.4 KB)
          Interrupt:21 Base address:0xc000
I just did ip forwarding part on laptop:
Code:
root@horus:/home/goran# echo 1 > /proc/sys/net/ipv4/ip_forward
root@horus:/home/goran# iptables -A INPUT -i eth1 -j ACCEPT
root@horus:/home/goran# iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
root@horus:/home/goran# iptables -A FORWARD -i ath0 -m state --state NEW,INVALID -j DROP
root@horus:/home/goran# iptables -A FORWARD -i ath0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Am I supposed to do something on Desktop?

Last edited by Astral Projection; 10-06-2009 at 09:21 AM.
 
Old 10-06-2009, 09:39 AM   #8
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 114

Rep: Reputation: 23
Quote:
Originally Posted by Astral Projection View Post
Doesn't seem to work: I removed bridge iface and did what you said but I still don't have Internet access.
Code:
shiva:/home/astral# ping google.com
ping: unknown host google.com
Here's ifconfig from desktop:
Code:
shiva:/home/astral# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:14:85:5e:1b:eb  
          inet addr:10.10.10.2  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::214:85ff:fe5e:1beb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:189 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:20518 (20.0 KiB)  TX bytes:21940 (21.4 KiB)
          Interrupt:20
and here's ifconfig from laptop:
Code:
root@horus:/home/goran# ifconfig
ath0      Link encap:Ethernet  HWaddr 00:15:af:26:64:39  
          inet addr:192.168.1.65  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:afff:fe26:6439/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1269 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1009213 (1.0 MB)  TX bytes:256823 (256.8 KB)

eth1      Link encap:Ethernet  HWaddr 00:1e:8c:28:a4:a3  
          inet addr:10.10.10.3  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::21e:8cff:fe28:a4a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18868 (18.8 KB)  TX bytes:27456 (27.4 KB)
          Interrupt:21 Base address:0xc000
I just did ip forwarding part on laptop:
Code:
root@horus:/home/goran# echo 1 > /proc/sys/net/ipv4/ip_forward
root@horus:/home/goran# iptables -A INPUT -i eth1 -j ACCEPT
root@horus:/home/goran# iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
root@horus:/home/goran# iptables -A FORWARD -i ath0 -m state --state NEW,INVALID -j DROP
root@horus:/home/goran# iptables -A FORWARD -i ath0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Am I supposed to do something on Desktop?
the desktop's gateway needs to be the laptops lan interface

so you can do

ip route change default via 10.10.10.3

on the desktop

also try running the whole script on the laptop you can always just restart iptables since it doesnt save to the config to erase the changes I make to iptables
 
Old 10-06-2009, 09:57 AM   #9
Astral Projection
Member
 
Registered: Apr 2006
Location: Parallel Universe
Posts: 49

Original Poster
Rep: Reputation: 15
That command didn't work:
Code:
shiva:/home/astral# ip route change default via 10.10.10.3
RTNETLINK answers: No such file or directory
but route add default gw 10.10.10.3 eth0 did the trick..
everything works now.. thank you
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bridging a wireless and wired network causes wired to stop working royce2020 Linux - Networking 0 04-21-2009 04:48 PM
Problems when bridging wireless and wired networks Rostfrei Linux - Networking 0 10-22-2008 02:04 PM
Bridging a wired network to a (managed by network manager) wireless one jemenake Linux - Wireless Networking 2 09-09-2008 09:18 PM
Bridging a Wifi and Wired Network... sancho Linux - Wireless Networking 8 07-18-2008 06:31 PM
Bridging Wireless interface with the Wired one hohenzolern Linux - Wireless Networking 3 04-04-2006 03:49 PM


All times are GMT -5. The time now is 11:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration