How to bridge a wireless interface with another wireless interface (both on the same computer)?

networking network-bridge wireless-access-point hostapd

24,042

(1) I believe brctl cannot bridge a wireless interface (wlan0) to another wireless interface (wlan1). Is this correct?

The requirement here is that all interfaces must be able to send packets with any source MAC address, and receive packets with any destination MAC (not just the device's own).

Wi-Fi AP interfaces can be bridged just fine (most "wireless routers" in fact have a plain Linux bridge between AP and Ethernet). Station-mode interfaces, however, cannot. So you can bridge wlan1 but not wlan0.

There's a way around it – the "4addr" mode aka "WDS" mode, which adds an extra MAC address field to Wi-Fi frames. You can enable it via iw, as long as your Wi-Fi driver supports it. Once enabled, you will be able to bridge wlan0 as well.

However, for security reasons, many APs don't allow 4addr mode by default. (Some have a general toggle, some have a MAC-based whitelist.) Will it work with your university AP? Try it and see.

(Another workaround is "arpnat" – like NAT but applied to MAC addresses – but it can confuse DHCP servers, and it's not supported by regular Linux anyway. Some APs, like PicoStation, support it in station mode.)

(2) If brctl cannot be used, can I still use hostapd?

Depends on your Wi-Fi driver. Most of them should support AP mode nowadays, but not all do. Use iw phy0 info, iw phy1 info to find out.

(3) If brctl cannot be used, what should I be looking for to accomplish the setup described above?

The most common alternative approach would be IP NAT (masquerading) using iptables.

In some cases, regular routing (without NAT) would also work.

(4) Would any of the following be a part of the solution to my problem

(a) dnsmasq to serve DHCP (b) hostapd (c) static IP address (for wlan1 ???) (for the device connected to wlan1 ??) (d) NAT (Network Address Translation) (e) iptables (f) IP Masquerade (g) sudo iw set dev wlan0 4addr on (h) WDS (wireless distribution system) (i) IP Forwarding ?

yes, no, no, yes, maybe, maybe, what, uh, are you just throwing assorted terms here?

24,042

sean

Updated on September 18, 2022

Comments

sean over 1 year

Ubuntu 14.04

Basically I am trying to accomplish the following setup -

wireless internet ---> wlan0 of Ubuntu computer "bridged to" wlan1 of same Ubuntu computer ---> device with wifi

The reason for this setup is that the wireless internet is a WPA2 Enterprise network which my device with wifi cannot connect to. (The device with wifi also cannot connect to peer-to-peer networks or ad-hoc networks.) Also, the wireless internet source has no whitelist / blacklist and therefore there is no issue with it seeing the device's MAC address (if necessary), and no issue with it assigning an IP address to the device (if necessary). It is the device that has an issue with WPA2 Enterprise authentication.

[EDIT - As the device cannot successfully authenticate, the wireless internet source is NOT likely to assign an IP address to the device, and also likely to take issue with seeing the device's MAC address.]

wlan0 is an Intel wireless chipset / interface which cannot be set to either access point mode or master mode, and therefore is used to connect to the WPA2 Enterprise internet source.

wlan1 is to be set to access point mode.

Obviously, the "bridge" between wlan0 and wlan1 is not meant to be wireless, as both are on the same computer.

(1) I believe brctl cannot bridge a wireless interface (wlan0) to another wireless interface (wlan1). Is this correct?

(2) If brctl cannot be used, can I still use hostapd?

(3) If brctl cannot be used, what should I be looking for to accomplish the setup described above?

(4) Would any of the following be a part of the solution to my problem - (a) dnsmasq to serve DHCP (b) hostapd (c) static IP address (for wlan1 ???) (for the device connected to wlan1 ??) (d) NAT (Network Address Translation) (e) iptables (f) IP Masquerade (g) sudo iw set dev wlan0 4addr on (h) WDS (wireless distribution system) (i) IP Forwarding ?

Thank you.
sean over 8 years

My current config in /etc/network/interfaces is - auto br0 iface br0 inet static address 192.168.1.252 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.254 bridge-ports wlan0 wlan1 Given that I'm specifying the details of br0 in /etc/network/interfaces (see above), how do I "refer (to) the bridge as an interface"? Is the above config for /etc/network/interfaces ok? Will br0 have an IP add of 192.168.1.252, and is it ok to specify bridge-ports wlan0 wlan1 ? Can wlan0 receive a dynamic IP from the internet source? What is wlan1 IP?
Pilot6 over 8 years

If you bridge two interfaces, they will not have separate IPs. The bridge will have the IP for both ports.
sean over 8 years

wlan0 has to receive a dynamic IP when connecting to the internet source. Do I then specify iface br0 inet dhcp instead of iface br0 inet static and also remove all specific IP address numbers from /etc/network/interfaces ?
Pilot6 over 8 years

That's correct.
sean over 8 years

I get the error message can't add wlan0 to bridge br0: Operation not supported. This is regardless of whether I specify br0 in /etc/network/interfaces, or sudo brctl to add wlan0 to br0. I also tried setting up the bridge before connecting wlan0 to the internet source (thereby receiving a dynamic IP address), as well as after (vice versa). I rebooted after each permutation (to clear the IP), but all tries result in the same error message.
Pilot6 over 8 years

Did you run sudo brctl addbr br0 first?
sean over 8 years

Yes - I added/created the bridge first before adding the interfaces. No problem with adding wlan1 to the bridge. From this Gentoo solution - forums.gentoo.org/viewtopic-t-833901-start-0.html , it appears that some particular file/config file has within it the line - config_wlan0=( "null" ), and this line must be removed from the file, but I cannot find the Ubuntu equivalent of the Gentoo file mentioned in the above URL.
sean over 8 years

Separately, for the hostapd config file, I am setting interface=wlan1 and bridge=br0. Is this correct or am I supposed to specify interface=br0?
sean over 8 years

Found this - nullroute.eu.org/~grawity/journal-2011.html#post:20110826 .
sean over 8 years

The use of sudo iw dev wlan0 set 4addr on to counter the error message can't add wlan0 to bridge br0: Operation not supported, albeit unsuccessfully, necessitates this question - is a bridge (brctl) going to get us there? Even if the internet source accepts the enabling of 4addr, four addresses mean that the WPA2 Enterprise source "sees" the end device - a non-authenticated device given that it is not WPA2 Enterprise capable. Instead of brctl, perhaps (a) setting up a route (b) ebtables (c) iptables (d) IP Forwarding (e) IP Masquerade (f) NAT? Static IP (not DHCP) for device?
user1686 over 8 years

@sean: It should work fine with WPA2 Enterprise, because the Wi-Fi frames have separate fields for the "radio station" MAC address and "end device" MAC address. (That's actually the reason you need 4addr, by the way.)
sean over 8 years

The internet source disconnects wlan0 when wlan0 has 4addr turned on. I believe this means that the 4addr (WDS) suggestion will not work for me. Please correct me if I am wrong. I will pursue the IP-NAT-masquerading-iptables proposal, but just a quick check - what about ebtables instead?
sean over 8 years

[Solved] iptables in place of brctl works. Issue closed.
James Hirschorn over 7 years

@sean can you please expand on your iptable solution? I tried this, but with ethernet for the 2nd interface, and I can't ping beyond the hardware wireless router.