Connect to ethernet devices through WiFi access point

Product support
1

I have a device with a WiFi access point (USB dongle) and an ethernet port that connects to a switch and then lots of other devices. I want my balena device to to DHCP and DNS for all ethernet AND WiFi clients. I could not figure out how to put 2 different interfaces on the same subnet so I have a subnet with dnsmasq instance for each interface.

WiFi AP config:

[connection]
id=balena-hotspot
uuid=36060c57-aebd-4ccf-aba4-ef75121b5f77
type=wifi
autoconnect=true
interface-name=wlp0s20u4
permissions=
secondaries=

[wifi]
band=bg
mac-address-blacklist=
mac-address-randomization=0
mode=ap
seen-bssids=
ssid=somehotspotssid

[wifi-security]
group=
key-mgmt=wpa-psk
pairwise=
proto=rsn
psk=some-password

[ipv4]
address1=10.42.0.1/24
dns=127.0.0.1;
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

dnsmasq \
  --address=/#/10.42.0.1 \
  --dhcp-range=10.42.0.1,10.42.0.254 \
  --dhcp-option=option:router,10.42.0.1 \
  --interface=wlp0s20u4 \
  --bind-interfaces \
  --except-interface=lo \
  --conf-file \
  --no-hosts \
  --log-facility=-

Ethernet

[connection]
id=pci-eth-1
type=ethernet
interface-name=enp3s0
permissions=
secondaries=

[ethernet]
mac-address-blacklist=

[ipv4]
address1=192.168.30.1/24
dns=127.0.0.1;
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

dnsmasq \
  --address=/#/192.168.30.1 \
  --dhcp-range=192.168.30.1,192.168.30.254 \
  --dhcp-option=option:router,192.168.30.1 \
  --interface=enp3s0 \
  --bind-interfaces \
  --except-interface=lo \
  --conf-file \
  --no-hosts \
  --log-facility=-

The issue

When I connect to the WiFi AP, dnsmasq on the balena device will allocate a 10.42.0.X IP. Unfortunatley I cannot then ping any ethernet device running on 192.168.30.X. Similarly, ethernet devices cannot ping WiFI devices.

Possible solutions?

  • If there some way to only have 1 dnsmasq instance that manages both the eth and wifi interfaces? Then I would not need to communicate accross two subnets.
  • Can I create some sort of bridge between these two subnets so every device can access every other device?

Thanks so much for any advice! :slight_smile:

6

Hi, so you basically want to have a router-like setup with the Ethernet and WiFi interfaces serving clients on a single network. I have never tried such setup myself and I am not sure how well NetworkManager will support this, but you will need to aggregate the interfaces with a bridge. I see in some examples I googled bridge.stp is set to no - you can check whether this should apply to you.

You can create a new bridge profile with type=bridge, interface-name=br0 and id=br0. If you run nmcli con add ifname br0 type bridge con-name br0 that will create a profile for you in /etc/NetworkManager/system-connections that you can edit.

In that profile define a method=manual in the [ipv4] section, and method=ignore in the [ipv6] section. Then assign a static address like you do in your profiles above.

Then in your WiFi and Ethernet profiles remove completely their [ipv4] and [ipv6] sections. Then add master=br0 and slave-type=bridge in their [connection] section.

After you setup the bridge to aggregate the two interfaces you can try running a single dnsmasq on top of the bridge interface similarly to how you are doing that currently. I have not tried that myself, but in theory that should work.

As for your second question with your current setup with two subnets I do not think you need to add a bridge. If you cannot ping devices from one subnet to the other please try running iptables -P FORWARD ACCEPT in the host OS. When a packet with unknown IP is sent from a device, it will be forwarded to the default gateway (in your case this device with the two interfaces) - then the kernel will know that it needs to forward it to a device on the other subnet. The above iptables command changes the default forwarding policy from DROP to ACCEPT, so that this can happen.

I will be on vacation till the middle of next week starting from tomorrow, so I may not be able to respond till I get back if you have some feedback here, but my colleagues will look into it and respond if they have an answer.

Thanks a lot,
Zahari

8

Thanksso much for your help @majorz !

I’ve made those changes. Should I be running dnsmasq on the bridge ot the two interfaces, i.e. dnsmasq --interface=br0 ... or dnsmasq --interface=enp3s0 --interface=wlp0s20u4. In either case I’m getting an dnsmasq: unknown interface br0 style error.

These two connections and the bridge are now marked as disconnected in nmcli. I tried adding autoconnect=true to no avail. The hotspot SSID is no longer visible on the network - I assume this is the result of removing the [ipv4] settings.

root@balena:~# nmcli
wlp2s0: connected to balena-hotspot-2
        "wlp2s0"
        wifi (rtl8821ae), DC:85:DE:E7:C2:9D, hw, mtu 1500
        inet4 10.43.0.1/24
        route4 10.43.0.0/24
        inet6 fe80::8c3c:2ad1:5bee:98e5/64
        route6 fe80::/64
        route6 ff00::/8

supervisor0: connected to supervisor0
        "supervisor0"
        bridge, 02:42:A0:B3:27:20, sw, mtu 1500
        inet4 10.114.104.1/25
        route4 10.114.104.0/25

enp3s0: disconnected
        "enp3s0"
        1 connection available
        ethernet (r8169), FC:AA:14:DF:A1:41, hw, mtu 1500

wlp0s20u4: disconnected
        "Ralink n"
        1 connection available
        wifi (rt2800usb), 9C:EF:D5:FB:C1:D4, hw, mtu 1500

balena0: unmanaged
        "balena0"
        bridge, 02:42:68:75:60:7D, sw, mtu 1500

br-255c7c989811: unmanaged
        "br-255c7c989811"
        bridge, 02:42:01:0D:98:82, sw, mtu 1500

br0: unmanaged
        "br0"
        bridge, DA:4B:0A:EA:C2:EE, sw, mtu 1500

resin-dns: unmanaged
        "resin-dns"
        bridge, 62:5B:D4:33:38:66, sw, mtu 1500

veth43fe36f: unmanaged
        "veth43fe36f"
        ethernet (veth), 7E:AF:EE:41:60:B5, sw, mtu 1500

veth45faec8: unmanaged
        "veth45faec8"
        ethernet (veth), 8A:91:C1:8E:3F:80, sw, mtu 1500

veth70a49ac: unmanaged
        "veth70a49ac"
        ethernet (veth), 1E:31:E8:F1:7A:11, sw, mtu 1500

vetha8a8d35: unmanaged
        "vetha8a8d35"
        ethernet (veth), 16:D4:E7:CA:1A:F1, sw, mtu 1500

vethb53ee17: unmanaged
        "vethb53ee17"
        ethernet (veth), 1E:C5:76:F4:A7:F0, sw, mtu 1500

vethd45be50: unmanaged
        "vethd45be50"
        ethernet (veth), 52:AE:84:5F:19:23, sw, mtu 1500

sit0: unmanaged
        "sit0"
        iptunnel (sit), sw, mtu 1480

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
9

Hi,
the br0: unmanaged is suspicious, NetworkManager should bring it up and enable both wlp0s20u4 and enp3s0 as br0 is their master. Could you please share the config file you are using for br0? Also do you see the br0 interface running a simple ip addr command?
Thanks