2

What I am looking for is a bridge. WiFi cannot handle normal bridging, so how can I route two IP Ethernet networks using WiFi? (Under Linux)

How do I set up IP routing under Linux? It must forward DHCP, that is, the router must forward broadcast packets.

NAT is not a solution.

UPDATE: The reason I am going WiFi is that our internet cable is badly grounded. Lightning recently traveled through our cables, destroying much of our equipment, including computers and routers. This is the most sure way to ensure it doesn't happen again.

SOLUTION: I have come up with 2 solutions thanks to the answers.

  1. Put NAT on the Ethernet side. Everything looks like it is coming from a single IP now. Shortcoming is that network access is difficult from the other side because of the NATing.
  2. Better solution is to run dhcrelay, parprouted, and set ip_forward=1. That allows true IP based routing to work and DHCP works because of dhcrelay. The shortcoming is that NetBIOS names (which relies on broadcast packets) are not relayed. So computers must be accessed by their UNC path IP address in Windows \\192.168.1.3\SharedDocuments instead of \\LaptopMain\SharedDocuments.
unixman83
  • 1,912
  • 8
  • 25
  • 33

4 Answers4

3

Can you clarify what you're looking to accomplish? By definition, broadcast packets are not routed. Routed connections and linked broadcast domains are mutually exclusive. Setting up a DHCP helper is possible, but doesn't sound like what you're after.

There's nothing different between an IP network on Ethernet, and one on wi-fi, and they can share a broadcast domain easily if desired; plug them into each other.

If what you're really looking for is to route between your two networks, it's as simple as a change in /etc/sysctl.conf: net.ipv4.ip_forward=1. And dhrelay provides a means to play DHCP helper.

Of course, then your router for the wireless network segment would be a client system, not accessible directly via the access point. Not a good thing.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • What does your last sentence mean? "your router .. would be a client system, not accessible .. via the access point" – unixman83 May 24 '11 at 06:09
  • Usually, on a wi-fi network, the direction a packet needs to go to reach its router is into the access point. In this situation, where the system routing the traffic is not reachable via the access point, it needs to traverse into and then back out of the access point to reach the router. This cuts your throughput in half, and makes the network less stable in the event that there are any interruptions in the router's connection to the AP. – Shane Madden May 24 '11 at 14:07
  • +1 for `net.ipv4.ip_forward=1` – unixman83 Jun 02 '11 at 20:37
3

You're right wifi cannot handle normal bridging. It only works with certain hacks, which are very vendor specific.

Another hack (vendor independent) is http://freshmeat.net/projects/parprouted/. This can accomplish something like bridging. I used it but didn't like it. I would suggest a classic routing scheme: an additional subnet with it's own dhcpd or a relay.

You could also tunnel from the STA (the wifi bridge) to your router and then bridge through the tunnel.

http://lartc.org/howto/ gives a good overview on the possibilities linux has.

I use http://www.pcengines.ch/ to create linux based wifi-clients in order to be able to run dhcpd, dhcp relay, VPN or whatever I need.

Ganwell
  • 451
  • 3
  • 7
3

If you want "normal" bridging, I'd suggest just plugging a wireless access point into your network instead of creating an overcomplicated setup using Linux and some wifi cards.

There are plenty of examples of "normal" bridging of interfaces under Linux kernels using brctl with a vast number of different wifi cards - projects like DD-WRT or OpenWRT are some of them - the only prerequisite is to have the wifi interface in acesspoint mode. But I suppose, since you were having problems with bridging, that you are using a wireless interface in client mode, where interface capabilities (unable to switch to promiscuous mode) or encryption may get in the way.

But if you still want to route your wireless traffic (there may be valid reasons to do so - network separation for security reasons being one of them), you would need to configure different IP addresses in different networks for your interfaces, enable IP forwarding as suggested by Shane and set up dhcrelay to act as a BOOTP/DHCP relay forwarding the client's DHCP requests to a predefined DHCP server - which in turn would need to have a scope defined for your wireless network.

If you have further questions on what to do at the specific steps, you would need to supply detailed information on what your config files / startup parameters look like, how your network interfaces are set up and what your DHCP server configuration looks like.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
1

This may be a silly answer, but...

To ensure perfect electrical isolation simply connect your border machine to the rest of your network using optical fiber.

This avoids the potential security issues of wifi, keeps the latency down, and avoids unnecessary complexity.

Chris Butterworth
  • 11
  • 1