Wired to wireless bridge in Linux

Bridges made easy:

There is a project on sourceforge made just for your situation. http://sourceforge.net/projects/bridger/ It even comes as a deb package.

With regard to 'dropping' packets:

  1. Did you check to see if iptables is set to default drop? sudo iptables --list should say "ACCEPT, ACCEPT, ACCEPT" for a box of this type. If that's the issue turn it off.

  2. Are you even forwarding the packets, bro? Make sure the line "net.ipv4.ip_forward=1" is NOT commented in /etc/sysctl.conf (it is by default), then restart your networking.

  3. Promiscuous mode is not supported by your wireless dongle. (meaning it can't accept packets that are not destined for it)

Pure Bridge vs. Shared Bridge:

  1. iface br0 inet dhcp indicates a shared bridge, meaning that the bridge itself gets an ip and can be an endpoint for traffic.

  2. A pure bridge does not get an ip address and only forwards traffic between the two interfaces

  3. Shared Bridge Sample /etc/network/interfaces config file (Debian/Ubuntu)

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# Bridge between eth0 and wlan0
auto br0
iface br0 inet dhcp
  pre-up ip link set eth0 down
  pre-up ip link set wlan0 down
  pre-up brctl addbr br0
  pre-up brctl addif br0 eth0 wlan0
  pre-up ip addr flush dev eth0
  pre-up ip addr flush dev wlan0
  post-down ip link set eth0 down
  post-down ip link set wlan0 down
  post-down ip link set br0 down
  post-down brctl delif br0 eth0 wlan0
  post-down brctl delbr br0

Restart the network: sudo /etc/init.d/networking restart After making complex network configuration changes its easier to just reboot rather than make sure everything restarted properly in the reboot.

You think you have routing issues:

  1. Eliminate DNS as a cause by testing with ping 8.8.8.8. If this works, then you probably have a DNS issue in your network.

  2. Check your gateway with sudo ip route hopefully you see default via 192.168.1.1 dev br0 proto dhcp (assuming your gateway is 192.168.1.1). If it's missing or wrong, fix it sudo ip route add default via 192.168.1.1. Test again: ping 8.8.8.8

  3. Renew your shared bridge ip with dhclient br0 and retest with ping 8.8.8.8

  4. Check your 'slave' interfaces with ifconfig and make sure eth0 and wlan0 do NOT have ip addresses. They are a part of the bridge now. If they do, make sure you remove them from all the config files, set them to static 0.0.0.0 or something.

If NONE of this works, try that debian bridging app, and if that doesn't work then your wireless dongle doesn't support promiscuous mode. (see above)

If it works at any time here, reboot and make sure it still works.


I have some wireless bridges working on Debian Linux and Openwrt, so I am very familiar with this issue.

You missed one important command: You forgot to tell your wireless driver to transmit 4-address frames (sometimes improperly/historically called WDS), which is required for 802.11/wireless bridging. Do this with the command "iw dev wlan0 set 4addr on". Use a "pre-up" statement in your Debian interfaces file on the bridge to apply it before bringing up the bridge. Note that 4-address frame mode requires driver support and some old crappy 802.11 drivers or hardware may not support it.

I also strongly suspect your problems may have been complicated by a bug in the Linux kernel which specifically affects bridged interfaces. I ran into this bug myself and had to compile my own wpa_supplicant from sources because the version in Debian is old and affected. wpa_supplicant and hostapd share a common code base, but I'm not completely sure that this affected hostapd as well as wpa_supplicant.

There is a work-around commit to the issue here:

https://w1.fi/cgit/hostap/commit/?id=e6dd8196e5daf39e4204ef8ecd26dd50fdca6040

I am under the impression this is in the 2.5 release, and I know it's in the current 2.6 source. The current Debian version is 2.4, which is broken. Please pester the Debian project to update their wpasupplicant and hostapd packages.

Here is a sample config for a wireless bridge client using WPA/WPA2 with a wireless bridge between interfaces wlan0 and eth0, with the host getting a DHCP address on the br0 interface (replace "dhcp" with "manual" for no IP address). For a situation where you want to be the AP, include the interface= and bridge= commands in hostapd.conf and omit the wpa-* commands below.

In your /etc/network/interfaces file:

allow-auto br0
iface br0 inet dhcp
    bridge_ports wlan0 eth0
    bridge_stp off
    bridge_waitport 5
    bridge_fd 0
    wpa-ssid mynetwork
    wpa-psk abc123abc123abc123abc123abc123abc123abc123abc123abc123abc123
    wpa-iface wlan0
    wpa-bridge br0
    pre-up iw dev wlan0 set 4addr on
    post-down iw dev wlan0 set 4addr off

And make sure your wpa_supplicant is version 2.5 or later. It won't work with wpa_supplicant 2.4 and current kernel versions.

I should also note that there is currently a race bug in ifup where bridge interfaces may fail to come up at boot time, but that's a whole other issue.


You seem to need ip forwarding.

try cat /proc/sys/net/ipv4/ip_forward

If it's 0 issue: echo 1 > /proc/sys/net/ipv4/ip_forward