Wireless-bridging – the third way

So, you know the way you can’t do proper wireless bridging, in client mode, if your AP doesn’t support “4addr” mode, in Linux, these days? The Debian page on same is about the best resource going on the subject, but the ebtables instructions just plain don’t work. Also, parprouted hasn’t seen any updates in 3 years, and crashes a lot.


Well, if you enable proxy arp on the wireless and bridge interface using sysctl settings, it works, and is nice and simple. :)

Here’s the relevant bit from my /etc/sysctl.conf

net.ipv4.conf.wlp2s0.proxy_arp = 1
net.ipv4.conf.br0.proxy_arp = 1

I split my private subnet into two 25 bit networks so the kernel hopefully knows which IP’s are on which side (the bridge or wireless). Here’s my /etc/network/interfaces:

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto wlp2s0
iface wlp2s0 inet static
 wpa-iface wlp2s0
 wpa-ssid ssid
 wpa-psk password

auto br0
iface br0 inet static
 bridge_ports none

I don’t specify any bridge ports, because they get added dynamically by KVM/LXD – the purpose of this setup is to have KVM/LXD hosts set up on the bridge side, which can communicate with each other, and the rest of the network/internet as though they are “real” and directly connected.

No firewall rules. Just works. No fuss.

Only thing to note is that you either need a separate DHCP server on the bridge interface side, or to configure a dhcp relay so that VM’s/containers can get an address.

Leave a comment