# HOWTO: Bluetooth Network Access Point (NAP)

## thesnowman

Intro

This HOWTO aims to help people share an Internet connection via a Bluetooth adapter using the Personal Area Network (PAN) Bluetooth profile.  I use this setup to give my Windows Mobile PDA Internet access.

We are going to be setting up a Network Access Point as documented here.  I'm not going to go into the technical details of how all this works, besides I probably couldn't explain it properly anyway.  If you want to know it's all covered in that document.  I'm just trying to make the setup a bit more user-friendly and Gentoo specific.

This is what our network will look like when we are finished:

```
                   +====================+

                   | LAN Infrastructure |

                   +====================+

                             |

                             |

         +---                |

         |              +---------+

         |              |   NIC   |   (eth0 - 192.168.1.0/24)

         |              +---------+

         |                   |

  server |                   |

         |                   |

         |              +---------+

         |              |   NAP   |   (br0 - 10.0.0.254)

         |              +---------+

         +---          /     |     \

                      /      |      \

                     /       |       \

                    /        |        \

                   /         |         \

         +---     /          |          \

         |    +------+    +------+    +------+

 clients |    | PANU |    | PANU |    | PANU |   (bnep0, bnep1, bnep2 - DHCP clients)

         |    +------+    +------+    +------+

         +---

```

Do we need another?

This topic is (sort of) covered in the Gentoo Linux Bluetooth Guide (Setting up a Personal Area Network).  The example given there is more for connecting two machines using Bluetooth rather than providing for Internet access to a device that wouldn't otherwise have it.  The example given is not automated either.  If you follow those steps then reboot you will have to reconfigure everything again.

There's also this HOWTO in the wiki.  That setup messes with your current network configuration whereas what I describe here will work with your current setup.

Bridge configuration

You must ensure your kernel supports "802.1d Ethernet Bridging".  The following is for a 2.6 kernel (ck-sources-2.6.14-r6 to be precise):

```
Networking  --->

   Networking options  --->

      <M> 802.1d Ethernet Bridging
```

Compile it in or as a module.  Just remember to add bridge to /etc/modules.autoload.d/kernel-2.6 if you go the module route.  Recompile and reboot.

Emerge bridge-utils which is required by the Gentoo network configuration scripts:

```
# emerge -av bridge-utils
```

Speaking of the Gentoo network configuration scripts - for this to work you are going to need at least sys-apps/baselayout-1.12.  The reason being that you cannot create the bridge shown below (with no network interface) using an older (1.11) baselayout.  So, tell portage you don't mind using the "unstable" version of baselayout and emerge it.

```
# echo "sys-apps/baselayout ~x86" >> /etc/portage/package.keywords

# emerge -av baselayout
```

NB: Don't forget to update your config files after emerging the new baselayout!

Now we are going to use Gentoo's wonderful network configuration script (thanks UberLord!) to create a bridge that our incoming Bluetooth connections will be added to.  Edit /etc/conf.d/net and add the following lines to create a bridge interface called br0:

```
### bluetooth bridge ###

brctl_br0=( "setfd 0" "stp off" )

config_br0=( "10.0.0.254/24" )
```

We need to create a net.br0 symlink (as described in the Getting Started chapter of the Gentoo Network Configuration section of the Gentoo Handbook).

```
# cd /etc/init.d

# ln -s net.lo net.br0
```

You should now be able to start net.br0 and see that you have a network interface called br0 with an IP address of 10.0.0.254.

```
# /etc/init.d/net.br0 start

 * Starting br0

 *   Creating bridge br0 ...           [ ok ]

 *   Bringing up br0

 *     10.0.0.254/24                   [ ok ]

# ifconfig

br0       Link encap:Ethernet  HWaddr 00:00:00:00:00:00  

          inet addr:10.0.0.254  Bcast:10.0.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
```

Now that's it's working, ensure it stays working after we reboot:

```
# rc-update add net.br0 default

 * net.br0 added to runlevel default
```

bluez configuration

I'm not going to cover how to get Bluetooth up and running under Gentoo.  Follow the Gentoo Linux Bluetooth Guide which will assist you in configuring your kernel and pairing devices.

Assuming you have your Bluetooth device setup and your PDA paired, let's edit /etc/conf.d/bluetooth and enable Personal Area Network (PAN) support.

```
# Start pand (allowed values are "true" and "false")

PAND_ENABLE=true

# Arguments to pand

PAND_OPTIONS="--listen --role NAP"
```

Start (or restart) bluetooth and ensure pand is started:

```
# /etc/init.d/bluetooth start

 * Starting Bluetooth ...

 *     Starting hcid ...               [ ok ]

 *     Starting sdpd ...               [ ok ]

 *     Starting rfcomm ...             [ ok ]

 *     Starting pand ...               [ ok ]
```

and

```
# rc-update add bluetooth default

 * bluetooth added to runlevel default
```

At this point your PDA should be able to "see" your access point.  On my PDA (iPAQ h4350) I open the Bluetooth Manager and "Explore a Bluetooth device".  If I select this option, then select my server, I can see "Network Access Point" in the list of services provided by my server.

Lastly we need to add a dev-up script to /etc/bluetooth/pan (create this directory if it does not exist):

```
#!/bin/bash

brctl addif br0 $1

ifconfig $1 0.0.0.0 up
```

and ensure it's executable:

```
# chmod 744 /etc/bluetooth/pan/dev-up
```

This script is run by pand whenever a client connects.  $1 will be the interface name that gets created (bnep0, bnep1, etc).  This script adds the interface to our bridge.

DHCP

I'm using dnsmasq as a DHCP server (it also acts as a DNS server, but that's just a nice side effect).  It's so easy to configure this.  First of all emerge it:

```
# emerge -av dnsmasq
```

Edit /etc/conf.d/dnsmasq and tell dnsmasq to listen only on our bridge interface - we don't want it interferring with other DHCP servers that may be running on the local network.

```
DNSMASQ_OPTS="-i br0"
```

Now add a dhcp range to /etc/dnsmasq.conf.  I'm using 10.0.0.1 to 10.0.0.9.  Considering only seven clients can connect simultaneously this is more than enough IP addresses:

```
# echo "dhcp-range=10.0.0.1,10.0.0.9" >> /etc/dnsmasq.conf
```

Start dnsmasq and add it to the default run level:

```
# /etc/init.d/dnsmasq start

# rc-update add dnsmasq default
```

I've also changed the dependencies of the init script to ensure that net.br0 is up and running before dnsmasq:

```
depend() {

   provide dns

   need net.br0

}
```

Now reconnect your client and ensure it is assigned an IP address.  I use the great (and somewhat free) vxUtil program from Cambridge Computer Corporation for TCP/IP troubleshooting under Windows Mobile.

Shorewall configuration

By now you should be able to connect to your NAP, be assigned an IP address and have IP connectivity with the server.  However, you will not be able to access any other machines on your local network, nor the Internet.  For that we are going to use shorewall to perform IP Masquerading.  This means that any connections from our NAP clients will appear to come from the server's primary network interface (eth0 in this HOWTO).

To use shorewall you need to configure network packet filtering support in your kernel.  I don't know what all these options are for so I just include them all as modules and if they are needed they will be loaded.  Include everything under:

```
Networking  --->

   Networking options  --->

      Network packet filtering (replaces ipchains)  --->

         IP: Netfilter Configuration  --->
```

Now emerge shorewall:

```
# emerge -av shorewall
```

The possibilites with regards to policies here are endless.  I'm going to present two very simple scenarios.

Option 1 - 2 zones, 2 interfaces

This scenario will allow your NAP clients the same access to your local network as your NAP does.

eth0 is in zone loc and net

br0 is in zone loc

/etc/shorewall/zones

```
loc     Local       Local network

net     Internet    The big bad Internet
```

/etc/shorewall/interfaces

```
-               eth0            192.168.1.255

loc             br0             10.0.0.255
```

/etc/shorewall/hosts

```
loc             eth0:192.168.1.0/24

net             eth0:0.0.0.0/0                  tcpflags
```

/etc/shorewall/masq

```
eth0
```

/etc/shorewall/policy

```
fw         all     ACCEPT

loc        all     ACCEPT

#

# THE FOLLOWING POLICY MUST BE LAST

#   

all         all     REJECT      info
```

NB: This is a VERY lax policy.  It means that any host on your local network can access any service on your box.  If you don't want this I suggest you change the policy and add some rules to /etc/shorewall/rules.

Option 2 - 3 zones, two interfaces

This gives you more control over what access your NAP clients have to your local network as we are putting the bridge interface into it's own zone.

eth0 is in zone loc and net

br0 is in zone pan

/etc/shorewall/zones

```
loc     Local       Local network

net     Internet    The big bad Internet

pan     PAN         Bluetooth Personal Area Network
```

/etc/shorewall/interfaces

```
-               eth0            192.168.1.255

pan             br0             10.0.0.255
```

/etc/shorewall/hosts

```
loc             eth0:192.168.1.0/24

net             eth0:0.0.0.0/0                  tcpflags
```

/etc/shorewall/masq

```
eth0
```

/etc/shorewall/policy

```
fw         all     ACCEPT

pan        fw      ACCEPT

pan        net     ACCEPT

#

# THE FOLLOWING POLICY MUST BE LAST

#   

all         all     REJECT      info
```

This policy ensures you NAP clients cannot communicate with other computers on your LAN.  It also means no computers on your LAN can communcate with your server.  This is probably not what you want.  You will need to configure some rules for the loc zone in /etc/shorewall/rules.

Start shorewall and add it to the default runlevel:

```
# /etc/init.d/shorewall start

# rc-update add shorewall default
```

If it doens't work check you system log files.  Especially messages from Shorewall regarding dropped or rejected packets.

Edits:

24 Jan 06 - added /etc/shorewall/masq configLast edited by thesnowman on Mon Jan 23, 2006 1:31 pm; edited 1 time in total

----------

## moeeeep

The pan configuration doesn't seem to work from a mobile device (Sony Ericsson K750i). Any suggestions to create a connection from the mobile phone to the Computer. I want to use my DSL to develop some applications which should use the advantage of cheap gprs (sms gateway  :Very Happy: ).

An rfcomm dial makes no sence for me, because i need a connection from the mobile to my computer. 

Any suggestions?

----------

## carlos-K

Great HOWTO, this had me up and running with my ipaq in no time.

I had to edit /etc/shorewall/masq to get the whole thing working, I added the following line:

```
eth0 br0
```

Many thanks!

----------

## thesnowman

 *carlos-K wrote:*   

> I had to edit /etc/shorewall/masq to get the whole thing working

 

Whoops, that's a big mistake.  Don't know how I forgot that.  Thanks for letting me know - I'll update the doco.

Actually you don't need to add br0 in there, just eth0.

----------

## thesnowman

 *moeeeep wrote:*   

> The pan configuration doesn't seem to work from a mobile device (Sony Ericsson K750i). Any suggestions to create a connection from the mobile phone to the Computer. I want to use my DSL to develop some applications which should use the advantage of cheap gprs (sms gateway ).
> 
> An rfcomm dial makes no sence for me, because i need a connection from the mobile to my computer. 
> 
> Any suggestions?

 

You will need to use ppp over rfcomm via dund.  I did a quick google and couldn't find any recent documents that describe how to do this.  Hint: any document that mentions bluez-sdp is old.

----------

## alexlm78

A wonderfull howto, two days ago i got a bluetooth usb adapter and now i try to use on my new Gentoo box ( a AMD64 3200+) i'll do it and tell you.

Saluditos.

----------

## alexlm78

Well it's almost done, just the bnet0 interface is not working ans i don't know, i follow the howto and my pda reconized my pc.

My pc (Eowyn) ia a AMD64 3200+ with a bluetooth usb adapter.

my PDA  (Hermione) is a Tungsten T3 from PalmOne

I want to share my internet conexion from my LAN to my Hermione.

any idea qhy the interface isn't work.

Saluditos.

----------

## thesnowman

 *alexlm78 wrote:*   

> Well it's almost done, just the bnet0 interface is not working ans i don't know, i follow the howto and my pda reconized my pc.

 

Do you have BNEP protocol support enabled in your kernel?

```
Networking  --->

   Bluetooth subsystem support  --->

      <M> BNEP protocol support
```

Also, the interface does not get created until your PDA actually connects.  Is your PDA connecting to your PC and being assigned an IP address?

----------

## alexlm78

 *thesnowman wrote:*   

> 
> 
> Do you have BNEP protocol support enabled in your kernel?
> 
> ```
> ...

 

Actually I have BNEP compile and runnig

```
Eowyn linux # lsmod

Module                  Size  Used by

isofs                  34980  0

zlib_inflate           18496  1 isofs

nls_iso8859_1           7296  0

nls_cp437               9024  0

sd_mod                 16704  0

bnep                   17280  2

rfcomm                 39656  1

l2cap                  26624  9 bnep,rfcomm

hci_usb                16784  0

snd_seq_midi_event      9152  0

snd_seq                57536  1 snd_seq_midi_event

snd_via82xx            27688  4

gameport               14800  1 snd_via82xx

snd_ac97_codec        105496  1 snd_via82xx

snd_ac97_bus            4544  1 snd_ac97_codec

snd_pcm                88840  3 snd_via82xx,snd_ac97_codec

snd_timer              24072  2 snd_seq,snd_pcm

snd_page_alloc         11920  2 snd_via82xx,snd_pcm

snd_mpu401_uart         9152  1 snd_via82xx

snd_rawmidi            23616  1 snd_mpu401_uart

snd_seq_device         10064  2 snd_seq,snd_rawmidi

snd                    50960  15 snd_seq,snd_via82xx,snd_ac97_codec,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device

soundcore              10592  1 snd

ehci_hcd               31624  0

bridge                 39504  0

sr_mod                 16420  0

vfat                   14080  0

fat                    49712  1 vfat

nls_base               10240  5 isofs,nls_iso8859_1,nls_cp437,vfat,fat

cdrom                  38504  1 sr_mod

ide_scsi               17476  0

usb_storage            38084  0

via_rhine              24196  0

Eowyn linux #
```

And my pc not asign IP to my PDA 

this aprt isn' do it my sys

 *Quote:*   

> 
> 
> Lastly we need to add a dev-up script to /etc/bluetooth/pan (create this directory if it does not exist):
> 
> ```
> ...

 

any idea??? or need mor info, help

Saluditos

----------

## thesnowman

Did you create the /etc/bluetooth/pan/dev-up script?  Can you show the output of

```
ls -lha /etc/bluetooth/pan/
```

and

```
cat /etc/bluetooth/pan/dev-up
```

Also show the output of /var/log/messages (or whatever file your system logger is using) when you try to connect.

----------

## startail

I don't know if this is why I am having problems with PAN, but it seems like it.

```

Oct 12 18:38:42 tailz audit(1160671122.381:2): dev=bnep0 prom=256 old_prom=0 auid=4294967295

Oct 12 18:38:42 tailz br0: port 1(bnep0) entering learning state

Oct 12 18:38:42 tailz br0: topology change detected, propagating

Oct 12 18:38:42 tailz br0: port 1(bnep0) entering forwarding state

Oct 12 18:38:42 tailz rc-scripts: net.bnep0 is not allowed to be hotplugged

```

What does that mean, and how can I solve that? I do not have a net.bnep0 script in my init.d folder, since your HowTO did not specify  having one.

----------

