Bridging wire and wireless

[habnefrage]

Hmmm i have read millions of HowTos, other millions of Threads in this forum but dit not find the answer

my setup:

eth0 ----- switch ------ (some clients like adsl Modem, and two computers)
wlan0 ---------- some wlan clients

with some ip tabel rules i got it working, that every client on eth0 or wlan0 can connect to the internet (ppp0)



But now my Problem: I can´t ping cross the network adapters. they are in the same subnet (192.168.0.0) and have the correct netmask (255.255.255.0) but a client connected via wlan can not ping a client connectet via eth0 and visawersa


this is the way i setup the bridge:

[mens]

can you ping the bridge itself from both sides?

[habnefrage]

yes i can...

and i also can ping the clients from the server/router/bridge


any idea??

[mens]

when you try to ping through the bridge, do you see any packets arrive on the bridge?

[mens]

Did you explicitly turn of STP? Since you only have 1 bridge, it shouldn't make a difference, but did you try turning it on?

[habnefrage]

i just emerge tcpdump, then i can answer your first question.

2. No, I dit not turn it of my selft, it is off by its own. i also tryed to turn it on, but it had no effekt.

[habnefrage]

OK, tcpdump is running and i can see this:

21:59:01.405074 802.1d config 8000.00:09:5b:b9:09:fc.8001 root 8000.00:09:5b:b9:09:fc pathcost 0 age 0 max 20 hello 2 fdelay 15


every two/three seconds



This is what tcpdump says when i start pinging

21:59:50.395643 arp who-has 192.168.0.228 tell 192.168.0.106
21:59:50.396166 arp reply 192.168.0.228 is-at 00:09:5b:b9:09:fc


what does this mean?

[UberLord]

You may need to put the interfaces in promiscous mode

[habnefrage]

i did it and thats the new ifoncifg output

[mens]

[habnefrage]

[mens]

[habnefrage]

OK, first let me say THANKS that you take the time to help me... I would give you credits if I could

Here is my Networktopology...:


AP (Netgear WG302 with IP 192.168.0.228) <---wl---> many Wirelessclients
|
w
|
Switch <---w--> ADSL Modem <---w----> Interget
|
w
|
eth0 --bridge (IP 192.168.0.1)-- ath0 (in Master mode) <---wl----> PC1 (IP 192.168.0.106)


(w = wired connection | wl = wireless connection)

I am going to setup a working accesspoint with ath0. SO I soon can switch off the Netgear AP. But I still need to ping through the bridge because there are other clients connectet to the switch (My Dbox for watching TV, maybe an Asterisk Server)


an here comes what happens when I ping from PC1 (IP 192.168.0.6)


TCPDUMP on PC1

[mens]

OK, first of all, since you already have an access point, you should definately enable STP on your bridge. Your access point is a bridge as well and you need STP to get the two bridges working correctly.
If I'm correct, you are trying to ping your AP from PC1. I also see the ping request enter on ath0 but I do not see it exit on eth0. I assume you can ping your AP from your bridge. Did you setup ip forwarding on this bridge?
If you will get rid of the netgear AP, why don't you try disabling that one and switch al your existing wireless clients to use the bridge. See if this works. It would sure make things a lot easier for you. Are the networks using the netgear AP and your bridge-AP using the same essid? What is the default gateway of your clients, your AP and your bridge?

[habnefrage]

OK...

I will Enable stp right now (But i allready had enabled it, without any success)


Yes you were right, i tryed to ping the Accesspoint from PC1 (through the bridge)
What do you mean with "forwarding on the bridge" ?? There are iptables that NAT all the Traffic so that i can use the internet from both, eth0 and ath0. But no forwarding bitween the net. interfaces (i think)


OK, like you say i will turn off the Netgear AP so that every Client has to use the Bridge as AP. Do i than still need STP turned on?


No the Netgear AP and the "self made AP" don´t use the same essid. Also not the same channel.



The default Gateway the Clients use is the IP of the Bridge (192.168.0.1). For the internet it works.

[budee]

hi, bridging don't work with wlan cards. you need two APs in bridge mode, or you can set up Proxy-ARP (this way broadcasts won't get through). If you are interested in proxy-arp i can provide some more info on that.
peace, bud

[habnefrage]

You are welcome

Please give me ALL you have. I NEED the connection from my DBOX to the WLAN.


thx

[budee]

ok, i really recommend you buying an AP, it will make your life much easier.
as for the proxy-arp, here is the explanation how it works: http://www.tldp.org/HOWTO/Proxy-ARP-Subnet/how.html
that howto is a bit outdated, there is no need for the arp command anymore (i think since 2.4). a

[Trappies]

Hey Guys,

I am still a bit of a n00b when it comes to the more technical stuff, I have a very similar setup, I also have ath0 and eth0 with a bridge br0, now, everything seems to work ok, the only problem I have is the following. The wireless card seems to go into some or other suspend mode, it disconnects, reconnects and then works fine again for about 5 minutes, and then disconnects again, here is a sample of what happens :

[jkroon]

Are you familiar with a hardware bridge? They were orriginally used in the days of HUBS to segment networks into smaller chunks to reduce the amount of network traffic (remember that HUBS broadcast all received packets to all ports). Now that we have switches they are not really needed any more as a switch essentially functions as an n:n bridge (ie, it acts as a bridge between all it's ports). I guess you can say a bridge was the predessor of a switch (it usually only had 2 ports afaik, possibly a few more).

Anyhow, binding a bunch of network cards in a machine into a bridge turns it into a very expensive and highly intelligent switch for all practical purposes. The advantage of a bridge over a switch is that it allows for multi-path routes at a layer 2 level allowing for quite a bit of redundancy (STP). So unless you have an actual <b>loop</b> in your network you should not need STP.

In theory a wireless card should only provide layer 2 services to the O/S in any case. It might be possible that it's not possible for the O/S to tamper with the source MAC address though causing all transmitted packets on the device to have the machines own MAC address as source even though the source IP is not it's own. This may or may not cause the "received packet with own address as source address" error. Take into consideration that wireless is esentially an ethernet without the wire, a broadcast medium as such, thus you may receive the packets you transmit as well, especially if the destination MAC is the broadcast one (ff:ff:ff:ff:ff:ff).

The printk line just says that another line identical to the previous was received but not output. By default the syslog (I think) only shows a few identical lines before it will simply keep a copy and a line counter and print such a message. The fact that it's prefixed by printk (printf for in-kernel use) indicates that this behaviour might in fact be in-kernel.

I'm not a particular fan of Wireless for anything but notebooks (it's usually more hassle than what it's worth imho), and even then I'm semi-skeptical.

As for proxy-arp: The whole point of proxy-arp is to use the same subnet on both sides, if you are using different subnets you can just as well use normal ip-forwarding since you are going to need to configure a gateway in any case. Also, my understanding is that broadcast packets (ie: packets to ff:ff:ff:ff:ff:ff) will still be forwarding in the case of proxy-arp, not so? If not, it should be relatively simple to make iptables (possibly with a small helper) forward these packets for you.

Back to trappies, tcpdump might be able to better diagnose this problem.
_________________
There are 10 kinds of people in the world,
those who understand binary and who don't