How do you integrate your wired and wireless clients so that they share an Internet connection and LAN services all in one big happy subnet? You know that when you have multiple Ethernet interfaces on the same box they cannot all be on the same subnet, but must all have addresses from separate subnets. You want everyone all in a single subnet, and donít want a lot of administration headaches, so how will you do this?Solution
Your routerboard needs at least three network interfaces: your Atheros interface, plus two Ethernet interfaces. ath0 is your wireless interface, eth0 is the LAN interface, and eth1 is your WAN interface.
What we will do is build an Ethernet bridge between ath0 and eth0. Copy this example /etc/network/interfaces, substituting your own LAN addresses and your own ESSID. Remember to run /sbin/rw first to make the Pyramid filesystem writable:
You can test this now by networking with some LAN hosts that have static IP addresses. First restart networking on the router:
pyramid:~# /etc/init.d/networking restart
This creates a wide-open wireless access point. Point your clients to 192.168.1.50 as the default gateway, and you should be able to easily join any wireless clients to your LAN, and ping both wired and wireless PCs. When youíre finished, remember to return the filesystem to read-only:
This recipe is totally insecure, but it lets you test your bridge and wireless connectivity before adding more services.
Letís review the options used in this configuration:
post-down wlanconfig ath0 destroy
pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
pre-up iwconfig ath0 essid "alrac-net" channel 01 rate auto
How do you know which channel to use? If you have only one access point, channel 1 should work fine. If you have up to three, try using channels 1, 6, and 11. For more complex networks, please refer to Matthew Gastís excellent book, 802.11 Wireless Networks: The Definitive Guide (OíReilly):
pre-up ifconfig ath0 up
pre-up sleep 3
You donít have to build the bridge in the traditional way, by configuring eth0 with a zero-IP address, or bringing it up before the bridge is built, because scripts in /etc/ network/if-pre-up.d handle that for you.
Iím sure some of you are wondering about ebtables. ebtables is like iptables for Ethernet bridges. iptables cannot filter bridge traffic, but ebtables can. There are many ingenious ways to use ebtables and Ethernet bridges in your network. In this chapter, Iím leaving ebtables out on purpose because we will be running an iptables Internet firewall on our access point. ebtables is not suitable for an Internet firewall, and trying to use both on the same box is too complicated for this old admin.See Also
Please check back for the next part of this series.
blog comments powered by Disqus