epoch1970
Posts: 5012
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: A scenario very close to one described...

Thu Apr 26, 2018 9:11 am

JohnEdens wrote:
Wed Apr 25, 2018 10:29 pm
I think the above referenced link is similar to what I want, however I won't be using DHCP and am not sure from the instructions at the link how this would work with static IP addresses. I'm also not sure whether or not I would need three different static IPs in this setup, one for the camera, one for eth0 and one for wlan0.
This thread is a crumbling mess, although "I want wifi and ethernet to play nice" isn't the rarest of requests I would advise you try and create a new thread if you have further issues.

To answer your questions, and looking at the post your were referring to:
  • Drop the dhcpcd part, you'll be working with static addresses
  • Make the Pi's wifi interface a client on the wireless network. I suppose this is DHCP, see if you can get a fixed lease as you'll need to know this address in order to get to the cameras (via NAT, same as having a public website installed at home.)
  • For the ethernet part, take 2 addresses on any network you want, like 192.168.0.1 and 192.168.0.2, use one for the Pi, one for the IP camera.
  • In addition you have to NAT the wifi address, say port 8080/tcp to the IP cam's address, same port. That's an additional iptables rule you need to set in the file mentioned in the post. I think this is what you want.
Overall that will work, but it does not play nice with the rest of the setup (MAC VLAN and monitoring central.) Also, I am not so sure why USB cams would fail and IP cams would work, except IP cams are usually higher quality gear.

So I would advise to install a test machine with the simple setup above, and see if you can reliably get a stream out of the test cam over a few days.
  • If you don't, then the issue is with the wifi link, either in the Pi or in the AP (or both, or somewhere else, wireless is funny like that).
    Further options:
    • Replace the Pi with a dedicated wireless device, like a pocket travel AP (which works as "ethernet to wireless bridge" for a single device) or whatever wireless device your IT recommends. Could play nice with MAC VLAN
    • Replace wifi and Pi with a pair of powerline adapters (one next to the IP cam, one in the monitoring room -- or next the main ethernet switch in the museum building). Will play nice with MAC VLAN
    • Deploy something like POF (plastic optical fiber) instead of ethernet: fast, flexible, small diameter, easy to install, carries no electricity. So it could be easy to install/reinstall. 50m cable runs should be ok. Requires a pair of powered copper-to-fiber adapters at each end, should be cheap but sourcing is a bit of a challenge. Will play nice with MAC VLAN.
  • If you do, then all hail the mighty Pi. You'll still have that pesky VLAN and seamless integration with other cams to contend with.
    Your IT will advise, but let me peddle a solution to it here. You can implement that with Pis and/or big honking servers. That would give you your VLAN and seamless integration, plus a welcome layer of security over the wifi link if you cipher the VPN tunnel(s).
Have fun :)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

riph72-lumi
Posts: 34
Joined: Wed Jul 19, 2017 8:41 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Thu Apr 26, 2018 10:43 am

jamesh wrote:
Mon Jul 24, 2017 8:45 pm
Or you could just read the official instructions..

https://www.raspberrypi.org/documentati ... s-point.md
I followed this and it worked (which is amazing because I've been struggling with this) 8-)

Shahriar Al Rabbi
Posts: 3
Joined: Mon May 14, 2018 9:53 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Tue Jul 10, 2018 11:43 am

I followed every step and it doesn't work. Moreover, my headless pi 3 doesn't connect to WiFi after reboot. It doesn't connect to the router through ethernet either.
I can't connect to it via vnc or ssh. So I'm blind right now.
I can borrow a friend's monitor to undo the changes. I can undo any changes made using nano. But how do I undo the changes made by the following two commands?

Code: Select all

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE 
and

Code: Select all

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Tue Jul 10, 2018 11:48 am

Access the SD card and remove this file.
/etc/iptables.ipv4.nat

Edit: What do you mean it won't connect to Wifi? You can't bridge a client wireless device to any other network device. It must be an AP.

Shahriar Al Rabbi
Posts: 3
Joined: Mon May 14, 2018 9:53 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Thu Jul 12, 2018 5:39 am

Thank you for the help.
In addition to changing back the contents of the files, I had to run one more command to restore iptables.

Code: Select all

sudo iptables -F
After that, the pi became good as before.

It seems, I am in the wrong thread. I am looking for a way to bridge the pi's wlan0 and eth0 where eth0 serves as an Access Point and the wlan0 connects to any wifi hotpot as usual. in short, wlan0 forwards packets to eth0.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Thu Jul 12, 2018 7:47 am

Shahriar Al Rabbi wrote:
Thu Jul 12, 2018 5:39 am
It seems, I am in the wrong thread. I am looking for a way to bridge the pi's wlan0 and eth0 where eth0 serves as an Access Point and the wlan0 connects to any wifi hotpot as usual. in short, wlan0 forwards packets to eth0.
As has been said by several people in this thread already a bridge (where both ports are on the same Ethernet network) is not (usually*) possible due to how Wi-Fi works.

The only option is having the pi act as a router where the Ethernet port is on a different network to the WiFi and the pi routes (and potentially nats) the packets as they pass through.



* there are some extensions (generally proprietary) that might let a client bridge packets like that. There are also some hacks (like proxy arp) that make some things appear to work (but some stuff might fail in unusual ways)

Thebaldguy
Posts: 1
Joined: Mon Apr 16, 2018 3:08 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Tue Jul 24, 2018 6:36 pm

I have done the code discribed a dozon times on a fresh install. I’m running Jessie on pi 3. And can’t pull information or get information on the Ethernet line. So my question is. Is there anything that I am missing? Is there any troubleshooting that I can do? What information can I supply to everyone to solve this issue. Yes you guess it my new here.

CameronSas
Posts: 1
Joined: Tue Dec 04, 2018 3:47 pm

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Tue Dec 04, 2018 3:51 pm

I decided to bring my RPi3 to school and set it up and got it to work on the schools wifi (they have ethernet ports in the walls), however, whatever device connects to it, that device then thinks that the location is my house. Is there anyway to fix this?

Vairetz
Posts: 44
Joined: Wed Apr 27, 2016 4:54 pm

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Wed Dec 05, 2018 8:30 pm

Is it possible only on RPI3 or I can do it with Raspberry Pi 2 B+?
I made a site with a raspi projects' collection, my idea is sharing my projects with other people.
My web site is https://raspiproject.altervista.org/ I hope you like it and you want work with me

sanfx
Posts: 89
Joined: Thu Sep 08, 2016 5:40 pm

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Sat Sep 21, 2019 6:34 pm

once you bridge eth0 to wlan0 you cannot ssh to eth0 .

epoch1970
Posts: 5012
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Sat Sep 21, 2019 6:42 pm

nonsense.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Richy_T
Posts: 6
Joined: Wed Jun 18, 2014 12:40 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Sat Sep 28, 2019 6:02 pm

Edit: Your reply doesn't seem to correspond directly to the post you're replying to so I'm assuming you just made a typo or something (which would be supported by the rest of your post). The original post was talking about a wifi client/ethernet bridge
mfa298 wrote:
Thu Jul 12, 2018 7:47 am
As has been said by several people in this thread already a bridge (where both ports are on the same Ethernet network) is not (usually*) possible due to how Wi-Fi works.
I don't know how people are saying this as this has been something I have been doing for at least a decade. I currently have at least four devices that do it, one still currently in use. If wifi doesn't allow it, it works anyway.

It might be true to say that the Raspberry Pi can't do it (though it appears that maybe it once could) and that's fair information since that's what I came here to look for (though the solution provided is *not* bridging and the thread should be retitled). I will brush the dust off of one of my b/g devices and use that instead.

For what it's worth, I've had a lot of success doing bridging on routers flashed with Tomato (Though I've also seen it natively in router firmware). That's Linux based so it seems there probably shouldn't be anything inherent about the Pi that prevents it from doing this unless it's in the wifi drivers.

Edit2: I might try the bridge anyway just because.

dhanishvijayan
Posts: 3
Joined: Thu Oct 10, 2019 6:50 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Fri Oct 18, 2019 6:32 am

If you mess up everything, the quick and easy way to do things is start from a fresh OS installation. You can get numerous tutorials on bridging the network interfaces in RPI, both from Wifi to ethernet as well as from ethernet to WiFi. Please see the following link for more details.

https://www.elementzonline.com/blog/sha ... spberry-pI
:idea: Dhanishvijayan: A Tech Enthusiastic Blogger

not2XS
Posts: 1
Joined: Wed Nov 20, 2019 12:16 am

Re: How To: Wifi to Ethernet Bridge(Updated for RPi 3)

Wed Nov 20, 2019 12:27 am

Old thread, and it goes off on tangents in places, but it comes up in searches, so I thought I would add to it for future readers wanting to do this.

Based on pathead's modified write-up and other information, there is another way of doing this that can work for many people. You do not necessarily need the Pi to be a DHCP server (so you do not need to install dnsmasq) - if you are willing to transfer a couple of pieces of information from the Pi to the other computer(s) manually. In the absence of DHCP and manually configured static IP addresses, the Pi and most other computers are set up to assign link-local (aka zero-conf) IP addresses. I know this works with Windows, I expect it works with Apple but I don't have one to verify, and I know it works by default with many but not all Linux distro's. The way to check is to just connect the machines with an ethernet cable, wait a few seconds for them to do their thing, and then check for their ethernet IP addresses, link-local IPv4 addresses begin with 169.254, but any addresses can be NAT'd. The assigned link-local addresses seem to be repeatable, even if I wipe mass-storage and install a new operating system the same machine ends up getting the same IP address (I guess there is a one in sixty-five-thousand chance that both machines may want the same address and the conflict resolution may or may not be so repeatable, I don't know).

So, how to do this:
On the Pi, if it has it's default iptables settings of no rules and all policies set to ACCEPT, the only rule you need is
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Having said that is the only rule you need, there are some additional rules you may want. If your Pi is set up to run headless and you ssh or vnc into it over ethernet and use wifi to connect to the internet, the following rules block ssh and vnc in over wifi for both ipv4 and ipv6, and block the Pi from forwarding ssh and vnc in from wifi through the Pi and on to the machine at the other end of the ethernet cable.

Code: Select all

sudo iptables -t filter -A INPUT -i wlan0 -p tcp -m multiport --dports 22,5900 -j DROP
sudo ip6tables -t filter -A INPUT -i wlan0 -p tcp -m multiport --dports 22,5900 -j DROP
sudo iptables -t filter -A FORWARD -o eth0 -p tcp -m multiport --dports 22,5900 -j DROP
sudo ip6tables -t filter -A FORWARD -o eth0 -p tcp -m multiport --dports 22,5900 -j DROP
The only other change you need to make to the Pi is to enable forwarding.
sudo sh -c "echo 1 > /proc/..."
The existing write up explains how to make these changes persistent over boot-ups, but I prefer to make the iptables rules persistent and use the following shell script to turn internet-connection-sharing on and off as needed.

Code: Select all

#!/bin/bash
# Invoked as 'share-internet.sh off' will turn off internet-connection-sharing
# else sets up internet-connection-sharing
 if [ "$1" != "off" ]; then
# turn on wifi and forwaring
rfkill unblock wifi
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
# and show what has been done
echo -n '/proc/sys/net/ipv4/ip_forward = '
cat /proc/sys/net/ipv4/ip_forward
echo -n 'wifi is '
rfkill --output SOFT --noheadings list wifi
 else
# turn-off forwarding and wifi
sudo sh -c "echo 0 > /proc/sys/net/ipv4/ip_forward"
rfkill block wifi
# and turn-off pi (take this bit out if not running pi headless and just using it for wifi sharing)
sudo shutdown --poweroff now
 fi
Save the script as share-internet.sh then chmod +x share-internet.sh to make it executable.

Now, the information you need to pass on to the other computer(s). The first thing is to tell them to use the Pi as a gateway. On the Pi type
ifconfig eth0
and about 2 lines down it should say something like "inet 169.254.102.97", where the actual numbers you get will be the IP address of your Pi's ethernet connection. If you ssh or vnc into your pi over ethernet then you already know this address, it is the one you are using to ssh/vnc. You need to tell the other computer(s) to use this address as a gateway. If it is another Pi or a similar variant of Linux the command sequence is

Code: Select all

sudo /etc/init.d/networking stop
sudo ip route add default via 169.254.102.97 dev eth0
sudo /etc/init.d/networking restart
sudo ip route show
(substitute your own address for the numbers, and if the interface is not called 'eth0'). On Windows or Mac you need to use their help systems to tell you how to set a gateway address.
The other piece of information you need to transfer is the addresses of the DNS servers to use. On Linux this is the contents of the /etc/resolv.conf file. On the Pi this defaults to 8.8.8.8 (Google DNS), but gets temporarily changed when the Pi is connected to wifi. I don't know why it does not work if you just leave it like that, but a simple test showed that I needed to use the DNS that the wifi connection specified. On the Pi, type
iw dev wlan0 link
to verify that the pi is connected to the AP, then type
cat /etc/resolv.conf
On the other computer(s), you need to set their DNS to the same settings. On Windows or Mac use their help systems again, on another Pi or Linux just make a backup copy of /etc/resolv.conf and then sudo nano to change its contents to match the Pi. If you check the man pages you can do all this with rsync, but I tend to use the same wifi AP each time, so I just keep copies of the file contents around on the other machine. Again, I put these commands in a shell script to invoke just on a when-needed basis myself.

I don't know where to find public wifi near me that implements an IPv6 connection, so I have only verified how to do this for IPv4. I believe IPv6 will not need to be NAT'd, which leads to an interesting thought... I wonder if the Pi can forward IPv4 DHCP negotiations successfully between the wifi AP and the other computer(s) on the ethernet cable, instead of doing NAT itself. --- A project for some other time.

Return to “Networking and servers”