Bridging Wifi to Ethernet on Ubuntu not working

23

4

When running Windows I was able to bridge my wifi connect through my laptops Ethernet connection so a range of ethernet only devices could piggy back off my wifi (Raspberry Pi, Xbox etc etc). I am now trying to do the same within Ubuntu, i.e the set up would be:

Wireless Router ---> Wifi on laptop ---> bridge to Ethernet ---> Device that needs internet plugged into Ethernet port

Now I have been trying to get this working in Ubuntu using brctl

I used the below command:

sudo brctl addif br0 eth0 wlan0

And get the following error:

can't add wlan0 to bridge br0: Operation not supported

I am hoping someone can help as I refuse to believe something I can do in windows very easily can't be done in Linux.

If you need any more info do let me know. Thanks

Zac Powell

Posted 2013-05-20T20:07:53.540

Reputation: 477

Very similar Problem handled in [http://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why] – Legionair – 2013-05-20T22:11:17.850

Answers

10

This cannot be done. You cannot bridge a WiFi client connection. If you could, we wouldn't need WDS, we'd just bridge.

The problem is very simple -- an access point is prohibited by the WiFi specifaction from broadcasting traffic over the WiFi network unless something authorizes that transmission. This is largely a relic from the days when WiFi networks were very slow and had poor, if any, security.

The bridge only has a client connection to the access point. This only authorizes the access point to transmit traffic bound for the bridge. Because any machines connected to the bridge are not clients of the access point, the access point has no reason to send traffic bound for them over the WiFi link. So it will not do so.

Unfortunately, WiFi is enough like Ethernet that it's easy to expect it to act like Ethernet. But it's just different enough to bite you.

WDS configuration is a specific authorization for an access point to send traffic not bound for any of its clients. When both ends support WDS, they include the address of the bridging endpoint as well as the address of the destination, authorizing the access point to send the traffic.

You have to use something other than bridging to do this. Routing with NAT, for example. You can also use four address mode, if both ends of the WiFi link support it.

David Schwartz

Posted 2013-05-20T20:07:53.540

Reputation: 58 310

I notice that one person here says you can in ubuntu..and i've done something like it in windows too.. though you say it's impossible so perhaps you can explain what the difference is between that and this. In Windows when u do this https://www.youtube.com/watch?v=96Z1_6rX5qU WiFi connected to the internet.No cable in Ethernet connector..or cable of another comp in Ethernet connector. Then Selecting WiFi adaptor and Ethernet adaptor, it bridges them, n then another computer can plug its cable in and use the Internet connection The laptop's still a WiFi client I think(and not an access point)

– barlop – 2015-04-24T21:48:56.223

@barlop It's faking it with NAT by rewriting the MAC address so that the client impersonates the machines that are bridged to it. This is very fragile and as soon as you try to do anything unusual (non-IP traffic, multicast, many other things), it tends to break. If you want to bridge over wireless, use WDS. If you can't use WDS, route instead of bridging. It's not worth the pain. – David Schwartz – 2015-04-25T12:04:23.703

1@DavidSchwartz If a person has a laptop with no working wireless and no network switch to plug it into for internet access, but another laptop has wireless internet access, and there's no spare wireless usb stick. Then it seems the only solution is the bridging fakery. If both laptops had a working wireless network adaptor they could both just connect to the main wireless access point, no need for extra access points and WDS.. I've used the bridging fakery when one laptop couldn't do wireless. – barlop – 2015-04-26T17:36:04.883

@barlop You can use real NAT, having the laptop with wireless act like a NAT router. This is what Internet Connection Sharing does. Just don't bridge, route. – David Schwartz – 2015-06-12T16:55:33.797

1Incorrect. For starters, a WDS is a WiFi connection, not unlike the others. Secondly, there's these cutie-pie devices called client-bridges or media-bridges that connect up via an AP and transparently bridge 3-5 Wired jacks, which can be hubs, etc. To be sure, there's probably limitations with how those work and how many MACs they can bridge FOR, but in the end...there is a way.

Hell, even Linux will let you use WDS mode as a STA if you set 4addr as a mode on the device via the iw command and the driver lets you do it.

You can bridge...it's just got...provisos. – Svartalf – 2016-09-20T22:36:54.817

@DavidSchwartz - indeed. The rub begins with WDS, which technically still isn't a standard. For example, even though I did mention 4addr, it's provisos are that there are no assurances that it'll work with anything other than a matching Linux AP with SoftMAC support. If the far end doesn't use the 4-address mode right, no go. – Svartalf – 2016-09-20T22:39:31.667

@Svartalf Of course a WDS connection is a WiFi connection, it's just not a WiFi client connection. And, as I said, devices that fake bridging over a client WiFi connection actually do NAT, which has all kinds of limitations. Sure, it might happen to work well for you, but there's lots of cases where it works very, very badly. Sometimes, it works just fine until it doesn't, and then what? – David Schwartz – 2016-09-20T23:37:04.930

Actually, you can make "client" connections if the AP on the other end uses the same WDS behavior you do. The STA node's not acting as an AP. WDS or "normal" doesn't make it NOT a client connection- it's the role in question that determines this. If I tell a STA interface it's 4ADDR it's using WDS 4-address frames, but isn't an AP. Can't be interacted WITH as one. – Svartalf – 2016-09-21T12:19:40.963

The nasty gotcha begins with the fact that you can't rely on the WDS connection that way- there are no assurances that you have a "valid" AP on the other end. (Hint: I'm actually researching best path forward for an actual industrial product- and have quite a few years of this insanity under my belt..) And, you're right, NAT just sucks- but unless something like one of those Client Bridges that Trendnet, TP-Link, etc. sell for "game" or "media" adapters use WDS mode...NAT may be your only choice. – Svartalf – 2016-09-21T12:22:07.517

@Svartalf You can route instead of bridging. Or you can use real WDS. Otherwise, it's not supposed to work -- sometimes it does, sometimes it doesn't. Sometimes it does and then suddenly it doesn't. – David Schwartz – 2016-09-22T02:12:48.820

1@DavidSchwartz : Routing? Seriously? Here's a hint. The application can have 500+ nodes in the network. Can YOU make routing gracefully work that way? "Real WDS"? Can I be assured that it will work with Cisco, Aruba, Ubiquiti, and others? If so, then yes...if not...the premise is a problem out of box. I've got it working rather nicely with the madness I'm trying for with WDS-Station mode...but will it work with something other than a hostapd or similar derived Linux device? – Svartalf – 2016-09-29T03:02:59.623

@Svartalf Ask your own question and give more details. It may be that you have a problem that has no easy solution. – David Schwartz – 2016-09-29T16:48:12.460

3

You can solve this problem by re-writing the mac addresses with ebtables

– ccarton – 2013-10-26T11:24:30.067

3

I had a similar problem with LXC, I worked around the bridging issue in wifi devices. First you need a spare ethernet device in the computer. The trick is to create a route from the ethernet device to the wifi.

In the server file, change /etc/network/interfaces, pick an unused network for your virtual hosts, i.e. 10.0.0.0. Assign one IP to your spare ethernet interface, here it is eth0, bridging it like this:

auto br0
iface br0 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_fd 0
    bridge_maxwait 0

Once it is done you can go the MASQUERADE way as answered by Kostyantyn here before. Those should be in rc.local or in a script that you must run on boot-up or before starting the virtual domains:

# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# echo "1" > /proc/sys/net/ipv4/ip_forward

In the virtual server configure static IPs in /etc/network/interfaces. I am using network 10.0.0.0, I will start using from .2 , when you create more virtual hosts you probably will use 3, and so on. If you have many you can consider installing a dhcp server for those. The .1 is the gateway, as configured before.

auto eth0
iface eth0 inet static
    address 10.0.0.2
    netmask 255.255.255.0
    broadcast 10.0.0.255
    gateway 10.0.0.1

Configure also a DNS server, mine was the network router, in /etc/resolv.conf:

nameserver 192.168.1.1

Hope this helps

Francesc Guasch

Posted 2013-05-20T20:07:53.540

Reputation: 181

This is layer 3 trickery and not really "bridging"- the moment you're using iptables, you're routing. – Svartalf – 2016-09-21T12:23:20.403

0

I think what you really need is not a bridge but either:

  • SNAT (if WLAN has a static IP) (see this page )

or

  • MASQUERADE (if WLAN has dynamic IP - that is, IP changes)

1) create forwarding_enable_file.sh with the following content:

#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

2) Run the file:

sudo ./forwarding_enable_file.sh

3) on the rest of the host specify your Ubuntu box as a gateway NOTE: if some of the boxes are also running Linux you can do it with this command:

sudo ip route add default via ubuntu-ip

where ubuntu-ip should be replaced by your ubuntu-box IP address i.e. 192.168.1.10

4) try pinging some IP, i.e. 8.8.8.8 from other hosts:

ping 8.8.8.8

5) check your DNS settings by pinging some domain, i.e.:

ping slivkoed.ru

6) if step 4) works and 5) doesn't, than you have problems with your DNS settings. in such case run with root privileges:

# echo "nameserver 8.8.8.8" > /etc/resolv.conf

Run step 5) again.

More information on resolv.conf can be found here.

Kostyantyn

Posted 2013-05-20T20:07:53.540

Reputation: 101

Depends on what you're needing. If you need transparent (waves hand), no, you don't want that. Seriously. You need the behavior evidenced by things like Trendnet's retired TEW640-MB media bridge (STA mode session attached to 4 Ethernet ports.). This is likely only to be had with WDS (4addr) mode operation or with ebtables MAC masquerading (which is not to be confused with what you've posted)- both of which have their own pains and problems. – Svartalf – 2016-09-21T12:25:57.363

-1

You need to bring down the interfaces before bridging them.

ifconfig eth0 down

ifconfig wlan0 down

Scandalist

Posted 2013-05-20T20:07:53.540

Reputation: 2 767

1Still get the same error with both interfaces down – Zac Powell – 2013-05-20T20:30:14.197

@Zac Powell are you using Network-Manager? I had some past experiences that it might interfere. In that case you can try stopping the service, and bring it back up again afterwards – Legionair – 2013-05-20T21:20:46.890

Yes I am, ok so i should try bringing them both down and stopping network-manager then doing the birdge and then bring everything back up? – Zac Powell – 2013-05-20T21:21:57.703

yes, with service network-manager stop, then do your thing, start it again with service network-manager start – Legionair – 2013-05-20T21:23:07.523

still not working :/ everything is shut down but still get the same error – Zac Powell – 2013-05-20T21:26:35.030

-4

sudo iw dev wlan1 set 4addr on

Emilio Navarrete Lineros

Posted 2013-05-20T20:07:53.540

Reputation: 1

Sadly, it doesn't work with many AP's. As for how it MIGHT solve his problem if it worked right with most AP's is that it gives the AP ability through adding an additional MAC to the number given in each 802.11 frame to relay frames for more than just the authenticated MAC. – Svartalf – 2016-09-21T12:28:25.087

From another answer: http://serverfault.com/a/554663/280693

– jhutar – 2016-11-05T21:20:45.767

Care to explain how this solve OP's problem? – Braiam – 2013-10-13T02:48:22.293

@Braiam My answer pretty much explains why this would work if it was supported by the AP. – David Schwartz – 2013-10-13T03:45:31.337

Asked: 2013-05-20T20:07:53.540

Viewed: 49 752 times

Active: 2017-05-07T01:27:00.290