2

edit: I have found that this is a duplicate of Why ARP Response only when network adapter in promiscuous mode?.

I use a Raspberry Pi 3B+ with Rasbian Stretch and set it up with proxy arp following the tutorial from Debian: Bridging Network Connections with Proxy ARP to "bridge" eth0 to wlan0. According to this it is easy to set up proxy arp with:

rpi3 ~# echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp rpi3 ~# echo 1 > /proc/sys/net/ipv4/ip_forward rpi3 ~# ip route add 192.168.10.60/32 dev eth0

192.168.10.60 is the client on eth0 that should be "bridged" to wlan0.

But it doesn't work. I have to enable promiscuous mode on wlan0 to get it to work but could not find any hints to do this.

rpi3 ~# ip link set wlan0 promisc on

Is promiscuous mode needed for Stretch? If not, how can I avoid it?

updates:
Checked that rp_filter is set to 0.
hostapd is not installed. wlan0 is in client mode and managed by wpa_supplicant.

Improve this question
4
  • have you set rp_filter to 0? Commented May 29, 2018 at 21:29
  • @RuiFRibeiro I haven't touched that settings but checking them, all possible pseudo files in /proc/ /sys/net/ipv4/conf/*/rp_filter contain 0. Commented May 29, 2018 at 23:39
  • is wlan0 in hostapd/AP mode or just a client? Commented May 30, 2018 at 2:52
  • @RuiFRibeiro Have updated the question. wlan0 is in client mode. Commented May 30, 2018 at 11:51

3 Answers 3

Reset to default
2

Aparently, it is not possible to bridge ethernet frames between wireless in client mode and ethernet. e.g. It wont work.

Also, beware of injecting frames from others sources into an AP infrastructure as a client.

most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.

Improve this answer
1
  • 1
    I know that bridging wireless to ethernet interface isn't possible on OSI layer 2 because lack of 4addr support. That is the reason why I want to work around this with proxy arp on layer 3. My internet router as access point does not reject frames. It responses. Otherwise I won't get responses in promiscuous mode on the raspi. Commented Jun 11, 2018 at 9:58
2

It seems only to be a problem on wifi from Raspberry Pi. Also a duplicate Question Why ARP Response only when network adapter in promiscuous mode? uses a Raspberry Pi. Nowhere else in any tutorial can be found a note to enable promiscuous mode for proxy arp. I have verified it on my laptop where proxy arp works without promiscuous mode.

I think this issue can only be fixed by the RASPBERRY PI FOUNDATION and/or its closed source driver manufacturer. Till then we have to live with it.

Improve this answer
0

Bridge using ARP-proxy with promisc mode

It is possible to "bridge" connections from WiFi-to-LAN (e.g. on a Raspberry Pi Zero W with microUSB-LAN adapter) having all devices on the same subnet (IP-range) using ARP-proxy with promisc mode.

Scheme:
[Router] <---WiFi---> [RasPi wlan0 <---bridge---> eth0] <---LAN cable---> [Wired device, e.g. computer]

Hints: Provided solutions are based on these excellent sources
Source #1 by Pascal Geiser
Source #2 by Will Haley

Hardware/OS used in these examples:
Raspberry Pi Zero W with microUSB-to-LAN adapter
Raspbian Stretch Lite (2019-04-08) + Updates



Solution #1 - ARP-proxy via INTERFACES (manual config)

Note: This depends if your WiFi router supports "IP Layer 3 solution" (Network layer)

1) Assuming Raspberry Pi's WiFi connection to router is already set up and connected

2) Install packages

$ sudo apt-get install parprouted dhcp-helper

3) Edit and add the following lines:

Assuming

  • wlan0 is ID of Raspberry built in WiFi card
  • eth0 is ID of wired ethernet card (microUSB-LAN adapter)
$ sudo nano /etc/network/interfaces 
# Clone the dhcp-allocated IP to eth0 so dhcp-helper will relay for the correct subnet auto wlan0 allow-hotplug wlan0 iface wlan0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf pre-up /sbin/ip link set wlan0 promisc on post-down /sbin/ip link set wlan0 promisc off post-up /usr/sbin/parprouted eth0 wlan0 post-down /usr/bin/killall /usr/sbin/parprouted post-up /etc/init.d/dhcp-helper restart pre-up /sbin/ifup eth0 post-up /sbin/ip addr add $(/sbin/ip -4 -br addr show wlan0 | /bin/grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")/32 dev eth0 pre-down /sbin/ip addr del $(/sbin/ip -4 -br addr show wlan0 | /bin/grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")/32 dev eth0 post-down /sbin/ifdown eth0 # Set ethernet interface to "manual" mode auto eth0 allow-hotplug eth0 iface eth0 inet manual

4) Enable packet forwarding:

$ sudo nano /etc/sysctl.conf 
# Find and uncomment this line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 # to --> net.ipv4.ip_forward=1

5) Configure DHCP Relay

DHCP helper will catch requests and forward them to "real" DHCP server:

$ sudo nano /etc/default/dhcp-helper 
# Change eth0 by the name of your wireless interface (e.g. wlan0) #DHCPHELPER_OPTS="-b eth0" # to --> DHCPHELPER_OPTS="-b wlan0"

6) Configure AVAHI

Enabling "reflector mode" will allow clients to browse all the services connected to the bridge:

$ sudo nano /etc/avahi/avahi-daemon.conf 
# Find and change the following line #enable-reflector=no # to --> enable-reflector=yes

7) Reboot RasPi

After reboot, via eth0 / LAN connected device should get access to the same network of WiFi router.
Note: Working solution depends if your WiFi router supports "IP Layer 3 solution" (Network layer)

$ sudo reboot


Solution #2 - ARP-proxy via SERVICES (automated script solution)

Note: This depends if your WiFi router supports "IP Layer 3 solution" (Network layer)

1) Create bash-script with these contents:

$ sudo nano bridge.sh 
#!/usr/bin/env bash set -e [ $EUID -ne 0 ] && echo "run as root" >&2 && exit 1 ########################################################## # You should not need to update anything below this line # ########################################################## # Credits to Will Haley # Mainly based on source: https://willhaley.com/blog/raspberry-pi-wifi-ethernet-bridge/#option-1---same-subnet # Edited on line #52 by Tomtom: path to systemd for parprouted.service # parprouted - Proxy ARP IP bridging daemon # dhcp-helper - DHCP/BOOTP relay agent apt update && apt install -y parprouted dhcp-helper systemctl stop dhcp-helper systemctl enable dhcp-helper # Enable ipv4 forwarding. sed -i'' s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/ /etc/sysctl.conf # Service configuration for standard WiFi connection. Connectivity will # be lost if the username and password are incorrect. systemctl restart wpa_supplicant.service # Enable IP forwarding for wlan0 if it's not already enabled. grep '^option ip-forwarding 1$' /etc/dhcpcd.conf || printf "option ip-forwarding 1\n" >> /etc/dhcpcd.conf # Disable dhcpcd control of eth0. grep '^denyinterfaces eth0$' /etc/dhcpcd.conf || printf "denyinterfaces eth0\n" >> /etc/dhcpcd.conf # Configure dhcp-helper. cat > /etc/default/dhcp-helper <<EOF DHCPHELPER_OPTS="-b wlan0" EOF # Enable avahi reflector if it's not already enabled. sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || { printf "something went wrong...\n\n" printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n" } # I have to admit, I do not understand ARP and IP forwarding enough to explain # exactly what is happening here. I am building off the work of others. In short # this is a service to forward traffic from WiFi to Ethernet. #cat <<'EOF' >/usr/lib/systemd/system/parprouted.service cat <<'EOF' >/etc/systemd/system/parprouted.service [Unit] Description=proxy arp routing service Documentation=https://raspberrypi.stackexchange.com/q/88954/79866 Requires=sys-subsystem-net-devices-wlan0.device dhcpcd.service After=sys-subsystem-net-devices-wlan0.device dhcpcd.service [Service] Type=forking # Restart until wlan0 gained carrier Restart=on-failure RestartSec=5 TimeoutStartSec=30 # clone the dhcp-allocated IP to eth0 so dhcp-helper will relay for the correct subnet ExecStartPre=/bin/bash -c '/sbin/ip addr add $(/sbin/ip -4 -br addr show wlan0 | /bin/grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")/32 dev eth0' ExecStartPre=/sbin/ip link set dev eth0 up ExecStartPre=/sbin/ip link set wlan0 promisc on ExecStart=-/usr/sbin/parprouted eth0 wlan0 ExecStopPost=/sbin/ip link set wlan0 promisc off ExecStopPost=/sbin/ip link set dev eth0 down ExecStopPost=/bin/bash -c '/sbin/ip addr del $(/sbin/ip -4 -br addr show wlan0 | /bin/grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")/32 dev eth0' [Install] WantedBy=wpa_supplicant.service EOF systemctl daemon-reload systemctl enable parprouted systemctl start parprouted dhcp-helper

2) Execute the bash-script (check output for any errors):

$ sudo bash bridge.sh

3) Reboot RasPi

After reboot via eth0 / LAN connected device should get access to the same network of WiFi router. Note: This depends if your WiFi router supports "IP Layer 3 solution"

$ sudo reboot


General notes:

  • ARP-proxy requires support by the WiFi router for "IP Layer 3 / Network layer"-capabilities (guess you just can try and find out).
  • Preferred solution via WDS (topic has not been dealt with here) for providing a bridge-solution on the same subnet requires WDS-support of the WiFi chip and the WiFi router. You can check WiFi chip of your Raspberry Pi for WDS-support with
$ iw list

in section Supported interface modes

Wiphy phy0 ... Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point ...

If WDS is not distinctly listed here, then WDS is not supported by the WiFi chip (Raspberry Pi Zero W doesn't support WDS).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.