3-way Bridge: WAN{BSS}-LAN-OPT1{AP}

pcatiprodotnet · May 11, 2006, 4:36 AM

[using beta4]
I need to set up a simple 3-way bridge on my wrap.2c with two wifi cards and 1 ethernet port.
I bridged LAN-to-WAN and OPT1-to-LAN. But ethernet traffic isn't passing yet.
I set the firewall to all/all/all on all interfaces (just for testing). I set the IPs on each interface to the same IP number.
WAN is in BSS/Client mode connected to a distant AP/Bridge. OPT1 is set to Access Point (hostap) mode.
No PCs can ping each other or the gateway (or get DHCP from the gateway) through my "bridge".
However, from my "bridge" I can ping the PCs, and the PC's can ping it.
Any suggestions are greatly appreciated.
Thank you, -Pete

hoba · May 11, 2006, 6:11 AM

Are all interfaces involved in the bridge up? In case your LAN is unconnected the bridge won't pass traffic.

pcatiprodotnet · May 11, 2006, 5:13 PM

Yes, All three interfaces are involved, and they are listed in "ifconfig" under bridge0.

In case your LAN is unconnected the bridge won't pass traffic.
Thanks! I did have it unconnected while testing wan-op1.

pcatiprodotnet · May 11, 2006, 5:13 PM

I changed the bridges to: LAN->WAN & OPT1->WAN
ifconfig indicates the wan is connected to the remote AP, but I can't ping the remote AP, not even from pfSense.

sullrich · May 11, 2006, 6:36 PM

3 way bridging does not work in 1.0. This will appear in 1.1.

pcatiprodotnet · May 13, 2006, 4:01 AM

no bridge, no RIP… don't see any way around having to hard coding tons of routes old-school, unless you accomplish the 3-way bridge by spending double $ for two hardware units 2-way bridged. I guess this also means no seamless wireless roaming between APs is possible without bridging. I look forward to pfSense1.1 when I can enjoy the combination of RIP & OLSR.

billm · May 13, 2006, 4:24 AM

@pcatiprodotnet:

no bridge, no RIP… don't see any way around having to hard coding tons of routes old-school, unless you accomplish the 3-way bridge by spending double $ for two hardware units 2-way bridged. I guess this also means no seamless wireless roaming between APs is possible without bridging. I look forward to pfSense1.1 when I can enjoy the combination of RIP & OLSR.

Until FreeBSDs hostapd supports IAPP, seemless roaming between APs (which really isn't all that seemless anyway) isn't a possibility regardless of bridging. The code is in hostapd for IAPP already if anyone feels like removing the linux-ism's and making it actually work in FreeBSD - it's on my plate currently - it'll be a while (as much as I want it).

–Bill

lsf · Jul 2, 2006, 5:41 AM

Adding this to hostapd.conf should give you what you are looking for. This should work in hostapd 0.4.8 and newer.

rsn_preauth=1
rsn_preauth_interfaces=em0 (layer2 connected interface to talk to other AP's)
The rsn_preauth lines are only for preauthentication of WPA key etc. This provides the client to preauth to the new AP prior to actually associating(romaing to) with the new AP.

iapp_interface=em0 (layer2 connected interface to talk to other AP's)