Home / server / Questions / 277372
Accepted
Jayen
Asked: 2011-06-07 02:39:23 +0800 CST

network bridge+nat on ubuntu maverick

  • 772

I've got three ubuntu maverick machines and an access point. I want to be able to set up the following scenario:

three computers and an access point on one subnet, where one computer is a bridge for a second

The setup is as follows:

  • 192.168.0.1 is an access point
  • 192.168.0.2 is a wireless connection on a laptop to the access point
  • 192.168.0.3 is a wireless connection on computer 2 to the access point
  • 192.168.0.4 is a wired connection on computer 1 to computer 2
  • 192.168.0.5 is a wired connection on computer 2 to computer 1
  • 123.45.67.89 is a wired connection on computer 2 to the internet
  • 123.1.1.1 is an internet gateway

In this picture, the things I want to be able to do are:

  • ssh from the laptop to computer 1 (without having to ssh to computer 2 first)
  • access the internet from computer 1 (via computer 2, presumably)

I thought I could bridge the wired and wireless connections on computer 2 so all the 192.168.0.* interfaces would appear to be on the same subnet and would all appear to be directly accessible with each other, but I've been playing with brctl (bridge-utils) and /etc/network/interfaces all day and haven't gotten it working.

As for accessing the internet from computer 1 via computer 2, I'm pretty sure I can set up NAT and IP forwarding on computer 2, as per these instructions (I've done it before.), but I've gotten stumped on the bridge and haven't ventured any further.

ubuntu bridge wireless-bridge ubuntu-10.10

1 Answers

  1. Best Answer

    The problem most likely is that your wireless interface on computer2 doesn't support bridging. Here is an explanation of what the reasons could be.

    This is a well known issue, and in many cases, Linux cannot provide a solution (in fact, it's unlikely to even work in Windows).

    However, there are other solutions to this. They involve using separate network segments and some routing, but they will give you what you want. Essentially you need to set up computer2 as a router. In order for this to work properly, I would recommend using separate subnets on the wired and wireless network segments.

    EDIT: Adding subnets to the diagram above to show the solution, as well as a startup script to configure the networking. Script also allows internet from computer 1 via a NAT on computer 2.

    network diagram with subnets

    #!/bin/bash
PATH=/usr/sbin:/sbin:/bin:/usr/bin
WAN=wlan0
WAN2=eth1
LAN=eth2
LANIP=192.168.0.5
ifconfig ${LAN} ${LANIP} netmask 255.255.255.254 up
iptables -F
iptables -t nat -F
iptables -A INPUT -i lo -j ACCEPT
iptables -I INPUT 1 -m state --state NEW -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -m state --state NEW -i ${WAN} -j ACCEPT
iptables -A FORWARD -i ${WAN2} -o ${LAN} -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ${LAN} -o ${WAN} -j ACCEPT
iptables -A FORWARD -i ${WAN} -o ${LAN} -j ACCEPT
iptables -A FORWARD -i ${LAN} -o ${WAN2} -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN2} -j MASQUERADE
iptables -A FORWARD -i ${WAN} -o ${WAN} -j REJECT
iptables -A FORWARD -i ${WAN2} -o ${WAN2} -j REJECT
for file in ${LAN} ${WAN} ${WAN2}; do
  echo "1" > /proc/sys/net/ipv4/conf/${file}/proxy_arp
  echo "1" > /proc/sys/net/ipv4/conf/${file}/forwarding
done
echo 1 > /proc/sys/net/ipv4/ip_forward
    • 1