WLAN Pi – Bridge Wi-Fi Hotspot to Ethernet Interface

In my previous article, I was explaining how you could configure the WLAN Pi to be used in a hotspot mode. Following the article, the configurations have been added to the new WLAN Pi image (starting at 1.7) and it is now part of the default WLAN Pi image (Thanks to Nigel Bowden and Jerry Olla).

​One of the feedback I got is that the Wi-Fi interface is not bridged to the ethernet interface. So, if you are connected to the Wi-Fi network, you will not be able to communicate back to the wired network.

So, in this article, I explain how you can configure the WLAN Pi to allow the Wi-Fi interface to be bridged to the ethernet interface. To make it work, I received huge help from Florent Lassia.

The first thing to do is to enable ip forwarding. To do so, open the /etc/sysctl.conf file and uncomment the following line:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

This will enable traffic forwarding between the wlan0 and eth0 interfaces.

Then, we need to modify the DHCP server configurations in order to add the default gateway and DNS server information. To do so, open the /etc/wlanpihotspot/dhcp/dhcpd.conf file and add the following lines:
# WLAN Pi DHCP Hotspot Server Config
# wlan0 DHCP Scope
subnet 192.168.88.0 netmask 255.255.255.0 {
 interface wlan0;
 range 192.168.88.100 192.168.88.200;
 option routers 192.168.88.1;
 option domain-name-servers 1.1.1.1;
 option domain-name-servers 8.8.8.8;
 default-lease-time 600;
 max-lease-time 7200;
}
​Once this is done, you will have to reload the DHCP service on the WLAN pi using the following command:
sudo /etc/init.d/isc-dhcp-server restart
​Here is the output you should see from running this restart test:
[ ok ] Restarting isc-dhcp-server (via systemctl): isc-dhcp-server.service.
Then, we need to configure the firewall to allow communications between the two interfaces. In order to do so,  you need to modify a line in the /etc/default/ufw file. You will need to set the default forward policy to ACCEPT. It is set to DENY by default.
# Set the default forward policy to ACCEPT, DROP or REJECT.  Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY=“ACCEPT”
​Finally, we need to configure a NAT so that all the traffic coming from the Wi-Fi hotspot is natted behind the eth0 IP address. In order to do so, we need to modify the /etc/ufw/before.rules file. At the bottom of the file, after COMMIT, add the following lines:
# NAT rule to nat the Hotspot network behind the Ethernet interface
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE
 
COMMIT
​Once this is done, you can test your configurations by disabling and re-enabling the firewall. In order to do so, use the following command:
sudo ufw disable && sudo ufw enable
​Here is the output you should get:
Firewall stopped and disabled on system startup
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Note: the configuration of both the /etc/default/ufw and /etc/ufw/before.rules will not revert back to the default if you go back to the normal mode of the WLAN Pi. You will have to manually re-configure them if you don’t want to allow them in the normal mode.​

You can now reboot the WLAN Pi into the hotspot mode using the buttons and it should reboot in the Hotspot mode supporting these bridging configurations. You should be able to connect a client device to the Wi-Fi network and get network connectivity to the LAN if the WLAN Pi is connected to your LAN.

The plan now is to integrate this into the next version of the WLAN Pi image so it could be enabled by default in the Hotspot mode. To be continued…

Leave a Reply

Your email address will not be published. Required fields are marked *