You are not logged in.
Hi.
I need some guidence as my knowledge is somewhat limited.
There are 3 interfaces and one of them is wireless: eno1, enp2s0, wlp3s0
I would like to achieve something like this:
INTERNET <--> eno1 | NAT | enp2s0,wlp3s0 <--> wired & wireless clients on the same subnet with dhcp
Should I create a bridge between enp2s0 & wlp3s0, Will this limit network speed on wired interface?
Right now I'm using create_ap script from AUR:
/usr/bin/create_ap -g 192.168.1.1 --ieee80211n wlp3s0 eno1 <ssid> <passphrase>
This works, but I need wired connection as well.
Thanks in advance!
EDIT:
Here is my current create_ap generated configuration:
hostapd.conf
ssid=<ssid>
interface=wlp3s0ap
driver=nl80211
hw_mode=g
channel=1ctrl_interface=/tmp/create_ap.wlp3s0.conf.3YL2ejqo/hostapd_ctrl
ctrl_interface_group=0
ignore_broadcast_ssid=0
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40+]
wpa=3
wpa_passphrase=<passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
dnsmasq.conf
listen-address=192.168.1.1
bind-dynamic
dhcp-range=192.168.1.1,192.168.1.254,255.255.255.0,24h
dhcp-option=option:router,192.168.1.1
no-hosts
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -i eno1 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -i wlp3s0ap -j ACCEPT
Last edited by insomnia (2014-09-24 13:27:24)
Offline
I use the service file below to set up my bridge, maybe you can just replace the device names and IP addresses with yours.
# /etc/systemd/system/brlan.service
[Unit]
Description=LAN Bridge Interface
BindsTo=sys-subsystem-net-devices-eth0.device
Wants=network.target sys-subsystem-net-devices-wlp2s0u1.device
Before=dhcpcd.service network.target
After=sys-subsystem-net-devices-eth0.device sys-subsystem-net-devices-wlp2s0u1.device
[Service]
Type=oneshot
RemainAfterExit=yes
### Start ###
# NOTE: try to not fail if wlp2s0u1 is not present
ExecStart=/usr/bin/sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
ExecStart=-/usr/bin/sysctl -w net.ipv6.conf.wlp2s0u1.disable_ipv6=1
ExecStart=/usr/bin/brctl addbr brlan
ExecStart=/usr/bin/brctl setfd brlan 0
ExecStart=/usr/bin/brctl addif brlan eth0
ExecStart=/usr/bin/ip link set up dev eth0
ExecStart=/usr/bin/ip addr add 192.168.1.1/24 broadcast + dev brlan
ExecStart=/usr/bin/ip addr add fdxx:xxxx:xxxx:1::1/64 dev brlan
ExecStartPost=/usr/bin/sleep 1
### Stop ###
ExecStop=/usr/bin/ip addr flush dev brlan
ExecStop=/usr/bin/brctl delif brlan eth0
ExecStop=/usr/bin/ip link set dev brlan down
ExecStop=/usr/bin/brctl delbr brlan
ExecStop=/usr/bin/sysctl -w net.ipv6.conf.eth0.disable_ipv6=0
ExecStop=/usr/bin/sysctl -w net.ipv6.conf.wlp2s0u1.disable_ipv6=0
KillMode=none
[Install]
WantedBy=multi-user.targetThe hostapd dependencies need to be overridden like this:
# /etc/systemd/system/hostapd.service
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Requires=brlan.service
After=brlan.service
[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/bin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
[Install]
WantedBy=multi-user.targetAnd the bridge needs some time to initialize before other daemons can bind to it, but there is no easy way to know when it's ready so I put in a fixed time wait like this:
# /etc/systemd/system/wait_net.service
[Unit]
Description=Wait for brlan to initialize
Wants=network.target
After=brlan.service dhcpcd.service
Before=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/sleep 20
[Install]
WantedBy=multi-user.targetThen just add the access point to the bridge with the following lines in /etc/hostapd/hostapd.conf:
bridge=brlan
wds_sta=1Offline
Also you will need to change all references to "wlp3s0ap" in your iptables config to "brlan".
Note that 'iptables -S' does not show the entire iptables configuration, it is only the FILTER table. Use 'iptables-save' to dump the entire current configuration, and edit the boot configuration in /etc/iptables/iptables.rules.
Offline
@insomnia I replied to you at create_ap thread
Offline
Thanks got it working now.
Offline