# bridging a ppp connection with wlan [SOLVED]

## tarnai_t

Hi,

my network topology looks like this:

ISP<-->ALIX box runinng ppp on eth0 having wlan interface wlan0 managed by hostapd<--> Wireless client (e.g. Laptop with wlan0 interface)

I have following the instructions on this site:

http://www.linux.com/archive/articles/55617

and managed to set up both wlan cards in the bridge and on the client, but I didn't manage to get to the internet with the client. I have a pppoe dsl connection set up on the bridge,

and I suppose I have to add ppp0 instead of eth0 in the following code

```

    ifconfig eth0 0.0.0.0 up

    ifconfig wlan0 0.0.0.0 up

    brctl addbr br0

    brctl addif br0 eth0

    brctl addif br0 wlan0

```

but when I execute

```

    brctl addif br0 ppp0

```

I get

```

    can't add ppp0 to bridge br0: Invalid argument

```

another question is what to do on the client side? I execute

```

    wpa_supplicant -Dwext -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

```

o I can open an ssh session to the bridge, but how do I tell the client to connect through the bridge to the internet?

o What about dns resolving?

o would it make sense to first build the bridge with interfaces wlan0 and eth0 and start the ppp daemon and make it use the br0 interface?

Thank you for your answers in advance,

Kindest Regards,

tLast edited by tarnai_t on Fri Sep 25, 2009 2:37 pm; edited 1 time in total

----------

## VinzC

When bridging wireless with anything else you must provide one more argument to wpa_supplicant; example:

```
/usr/sbin/wpa_supplicant -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf -W -B -iwlan0 -bbr0 -P/var/run/wpa_supplicant-wlan0.pid
```

Note -bbr0.

Make sure ppp0 exists before adding it to the bridge. It also must not have been assigned an IP address. I also think you shouldn't bridge eth0 since ppp0 is tunnelled through that interface.

Bridging ppp0 with anything else makes sense if your PPP connection is on the same IP network as the bridge slaves (there's a better way saying that but you get the picture). Otherwise you should consider routing, which is done by default.

As for DNS resolving, you can use openresolv, by Roy Marples aka Uberlord.

I'm afraid I don't understand your first question OTOH.

----------

## tarnai_t

 *VinzC wrote:*   

> When bridging wireless with anything else you must provide one more argument to wpa_supplicant; example:
> 
> ```
> /usr/sbin/wpa_supplicant -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf -W -B -iwlan0 -bbr0 -P/var/run/wpa_supplicant-wlan0.pid
> ```
> ...

 

Hi,

thank you very much for your answer. In the meantime I realized that with a proper iptables rule setup I get what I want. I just read the Gentoo Home Router guide, and modified it to my needs.

```

#!/bin/sh

INET_IFACE="ppp0"

LAN_IFACE="wlan0"

LO_IFACE="lo"

LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

echo 1 > /proc/sys/net/ipv4/ip_dynaddr

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

echo 0 > /proc/sys/net/ipv4/conf/all/secure_redirects

echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp

echo 1 > /proc/sys/net/ipv4/ip_forward

for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

$IPTABLES -F

$IPTABLES -t nat -F

$IPTABLES -P INPUT DROP

$IPTABLES -P OUTPUT DROP

$IPTABLES -P FORWARD DROP

$IPTABLES -N bad_tcp

$IPTABLES -N allowed

$IPTABLES -N tcp_pkg

$IPTABLES -A bad_tcp -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP

$IPTABLES -A bad_tcp -p tcp ! --syn -m state --state NEW -j DROP

$IPTABLES -A allowed -p TCP --syn -j ACCEPT

$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A allowed -p TCP -j DROP

$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 443  -j allowed

$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 6881 -j allowed

$IPTABLES -A tcp_pkg -p TCP -s 0/0 --dport 8000 -j allowed

$IPTABLES -A INPUT -p ALL -m  state --state INVALID -j DROP

$IPTABLES -A INPUT -p ALL -i  $LO_IFACE  -j ACCEPT

$IPTABLES -A INPUT -p ALL -i  $LAN_IFACE  -j ACCEPT

$IPTABLES -A INPUT -p TCP -j  bad_tcp

$IPTABLES -A INPUT -p ALL -i  $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -p TCP -i  $INET_IFACE -j tcp_pkg

$IPTABLES -A OUTPUT -p ALL -s $LO_IP      -j ACCEPT

$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT

$IPTABLES -A OUTPUT -p ALL -o $LAN_IFACE  -j ACCEPT

$IPTABLES  -I FORWARD -i $LAN_IFACE  -d 192.168.0.0/255.255.0.0 -j DROP

$IPTABLES  -A FORWARD -i $LAN_IFACE  -s 192.168.0.0/255.255.0.0 -j ACCEPT

$IPTABLES  -A FORWARD -i $INET_IFACE -d 192.168.0.0/255.255.0.0 -j ACCEPT

$IPTABLES  -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

```

Regards, trinux

----------

## mrness

trying to add a point-to-point interface to a IEEE 802.1D bridge is silly   :Rolling Eyes: 

----------

