Hi Everyone, After deep digging the web for the last two days with sleepness nights,
I need some help and clarification.

I have a years of experience with linux, however I'm surely not a network expert

I have more than 22 PCs/Devices in my home network,some are Lan, other are wLan with a lot of traffic - as no private consumer grade router was ever satisfying my needs, I have decided to build my own enterprise grade router and throw my ac1750 to the sharks

I had some good old core I5 pc with 4gb of ram and SSD (I'm using it as HTPC as well) , Two Ethernet Lan and One WIFI USB Adapter which is working in master mode where other AP will spread the signal to the rest of the house - this is my setup:

ppp0 > Connected Through eth0
eth0 > Connected to VDSL Modem with pppoe dialer
eth1 > Connected to LAN HUB, using dnsmasq for DHCP and DNS and having NAT to ppp0 with iptables

Everything works properly, and now I would like to Add:

wlan0 > should be used as AP, wireless devices should talk with LAN devices connected eth1, using hostapd (it works with my wifi driver).

To make the long story short, I've been thinking to add br0 which will bridge eth1 and wlan0 and have nat to ppp0, however i've read bridging wlan and lan is not possible (could see some hacks with mac spoofing ,don't want to use this approach)

I've also tried assigning wlan0 to the same subnet of eth1, could see that having two network in the same subnet is not acceptable, I also got a deadlock and decided to abandon this approach

This is my /etc/network/interfaces:

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules

#eth0 connected to vDsl modem for generating ppp0
allow-hotplug eth0
iface eth0 inet dhcp

#eth1 home network
allow-hotplug eth1
iface eth1 inet static
address 10.0.0.138
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255

#ppp0 pppoe dialer
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-provider

This is my iptables rules:

*nat
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j DROP
COMMIT

This is my dnsmasq.conf:

interface=eth1
listen-address=127.0.0.1
domain=home.local
dhcp-range=10.0.0.100,10.0.0.199,12h

What is the best practice to handle wlan0 AP in this setup?

I don't think there is any problem with bridging the ethernet and wireless AP as such eg example outlined here...
https://michaelfranzl.com/2014/06/08...ndroid-phones/

However, as fas I understand it isn't possible to bridge wireless client (stations) and ethernet interfaces though, as discussed in this recent thread. Here I proposed using parprouted (Proxy ARP) solution to do the necessary (ref post #10 onwards).

Thanks for the reference and clarification, it did work for me (I've set a bridge between eth1 and wlan0).
Looks like I will need a better wireless adapter, but that's another story.
Marking as 'Solved'

Glad to have been of assistance!