embedded system network setup

Setting up the bridge 

Linux won't let you bridge a wireless interface in managed mode at all unless you enable 4addr:

iw dev wlan0 set 4addr on

Enable routing by modifying the ip_forward /proc filesystem file

 

echo 1 > /proc/sys/net/ipv4/ip_forward

Create the bridge using brctl:

 

root@bridge:~> brctl addbr br0
        

Second, we do not need the STP (Spanning Tree Protocol). I.e. we do only have one single router, so a loop is highly improbable. We may then deactivate this feature. (Results in less polluted networking environment, too):

root@bridge:~> brctl stp br0 off
        

After these preparations, we now do finally some effective commands. We add our two (or even more) physical ethernet interfaces. That means, we attach them to the just born logical (virtual) bridge interfacebr0.

 

root@bridge:~> brctl addif br0 wlan0 
root@bridge:~> brctl addif br0 eth1

 

Now, our two previously physical ethernet interfaces became a logical bridge port each. Erm, ok, there were and will be the physical devices. They are still there, go have a look ;-) But now they became part of the logical bridge device and therefore need no IP configuration any longer. So release the IPs:

 

root@bridge:~> ifconfig wlan0 down
root@bridge:~> ifconfig eth1 down
root@bridge:~> ifconfig wlan0 0.0.0.0 up
root@bridge:~> ifconfig eth1 0.0.0.0 up

We tell Linux the new (logical) interface and associate one single IP with it:

root@bridge:~> ifconfig br0 192.168.0.1 up
        

 

Setting up DNSMasq

By default DNSMasq will forward  the DNS requests to the DNS server specify in /etc/resolv.conf. Therefore I needed to create this file:

# more /etc/resolv.conf 
nameserver 192.168.10.1

DNSmasq reads a configuration file, the default file is /etc/dnsmasq.conf:
 The following configuration was defined:

# If you want dnsmasq to listen for DHCP and DNS requests only on     
# specified interfaces (and the loopback) give the name of the        
# interface (eg eth0) here.                                           
# Repeat the line for more than one interface.                        
interface=br0                                                        
 

# Uncomment this to enable the integrated DHCP server, you need       
# to supply the range of addresses available for lease and optionally 
# a lease time. If you have more than one network, you will need to   
# repeat this for each network on which you want to supply DHCP       
# service.                                                            
dhcp-range=192.168.0.50,192.168.0.150,12h   

# Override the default route supplied by dnsmasq, which assumes the              
# router is the same machine as the one running dnsmasq.                         
dhcp-option=3,192.168.0.1  


Run dnsmasq:

# dnsmasq or
# dnsmasq -C /path-to-your-configuration/dnsmasq.conf
 

The first time that dnsmasq is run, it complains about not finding the directory '/var/lib/misc'. Please create this directory manually:

#mkdir /var/lib/misc

Setting up HostAPD 

By default, HostAPD reads the configuration at /etc/hostapd.confThe following configuration was defined:

# more hostapd.conf 
interface=wlan0
driver=nl80211
ssid=tss_ap
channel=1
hw_mode=g
auth_algs=1
wpa=3
wpa_passphrase=12345678
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP

Run hostapd. The -b option is used to run hostapd in the background:

#hostapd -B hostapd.conf 

Setting up IPTables

Enable routing by modifying the ip_forward /proc filesystem file

echo 1 > /proc/sys/net/ipv4/ip_forward

Allow masquerading
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

Prior to masquerading, the packets are routed via the filter table's FORWARD chain.

iptables -A FORWARD -t filter -i wlan0  -j ACCEPT