Wireles Networking is a practical guide to planning and building low-cost telecommunications infrastructure. See the editorial for more information....

Transparent Bridging Access Point

This scenario can either be used for a two-radio repeater, or for an access point connected to an Ethernet. We use a bridge instead of routing when we want both interfaces on the access point to share the same subnet. This can be particularly useful in networks with multiple access points where we prefer to have a single, central firewall and perhaps authentication server. Because all clients share the same subnet they, can easily be managed with a single DHCP server and firewall without the need for DHCP relay.

For example, you could setup a server as the first scenario, but use two wired Ethernet interfaces instead of one wired and one wireless. One interface would be your Internet connection, and the other would connect to a switch. Then connect as many access points as you require to the same switch, set them up as transparent bridges, and everyone will pass through the same firewall and use the same DHCP server.

The simplicity of bridging comes at a cost of efficiency. Since all clients share the same subnet, broadcast traffic will be repeated throughout the network. This is usually fine for small networks, but as the number of clients increases, more wireless bandwidth will be wasted on broadcast network traffic.

Initial setup

The initial setup for a bridging access point is similar to that of a masquerading access point, without the requirement of dnsmasq. Follow the initial setup instructions from the previous example.

In addition, the bridge-utils package is required for bridging. This package exists for Ubuntu and other Debian-based distributions, as well as for Fedora Core. Make sure it is installed and that the command brctl is available before proceeding.

Setting up the Interfaces

On Ubuntu or Debian we set up the interfaces by editing the file /etc/ network/interfaces

Add a section like the following, but change the names of interfaces and the IP addresses accordingly. The IP address and netmask must match that of your existing network. This example assumes you are building a wireless repeater with two wireless interfaces, wlan0 and wlan1. The wlan0 interface will be a client to the “office” network, and wlan1 will create a network called “repeater”.

Add the following to /etc/network/interfaces:
auto br0
iface br0 inet static
  pre-up ifconfig wlan 0 up
  pre-up ifconfig wlan1 up
  pre-up iwconfig wlan0 essid “office” mode Managed
  pre-up iwconfig wlan1 essid “repeater” mode Master
  bridge_ports wlan0 wlan1
  post-down ifconfig wlan1 down
  post-down ifconfig wlan0 down

Comment out any other sections in the file that refer to wlan0 or wlan1 to make sure that they don't interfere with our setup.

This syntax for setting up bridges via the interfaces file is specificto Debian-based distributions, and the details of actually setting up the bridge are handled by a couple of scripts: /etc/network/if-pre-up.d/bridge and /etc/network/if-post-down.d/bridge. The documentation for these scripts is found in /usr/share/doc/bridge-utils/.

If those scripts don't exist on your distribution (such as Fedora Core), here is an alternative setup for /etc/network/interfaces which will achieve the same thing with only marginally more hassle:

iface br0 inet static
  pre-up ifconfig wlan 0 up
  pre-up ifconfig wlan1 up
  pre-up iwconfig wlan0 essid “office” mode Managed
  pre-up iwconfig wlan1 essid “repeater” mode Master
  pre-up brctl addbr br0
  pre-up brctl addif br0 wlan0
  pre-up brctl addif br0 wlan1
  post-down ifconfig wlan1 down
  post-down ifconfig wlan0 down
  post-down brctl delif br0 wlan0
  post-down brctl delif br0 wlan1
  post-down brctl delbr br0

Starting the bridge

Once the bridge is defined as an interface, starting the bridge is as simple as typing:

# ifup -v br0

The “-v” means verbose output and will give you information to what is going on.

On Fedora Core (i.e. non-debian distributions) you still need to give your bridge interface an ip address and add a default route to the rest of the network:

#ifconfig br0 netmask broadcast
#route add default gw

You should now be able to connect a wireless laptop to this new access point, and connect to the Internet (or at least to the rest of your network) through this box.

If you want more information about what your bridge and what it is doing, take a look at the brctl command. For example try this command:

# brctl show br0

That should show you some information about what your bridge is doing.

Last Update: 2007-01-24