既然 OpenWrt 有
Bridged AP
Bridged AP is to extend your existing wired host router to have wireless capabilities. Clients connecting to OpenWRT will get an IP address from the wired host router.
OpenWrt bridges the LAN network with the WLAN of the device in Access Point mode. The advantage of bridging is that broadcast traffic from Wireless to LAN and vice versa works without further changes.
This document outlines the steps necessary to implement such a setup.
Note: This recipe results in a bridged LAN that will work fine for home and small networks. It is similar to the “Dumb AP” recipe at dumbap. These pages should probably be merged.
Configuration
The changes below assume an OpenWrt default configuration, the relevant files are:
Step 1: Change the LAN interface
……
Step 4: Connect host router and openwrt router correctly
Ensure the host router is connected with a lan port of the openwrt, not the wan port!
………
的『食譜』,剛好將之變化一下
創造一個學習
橋接器
橋接器(英語:network bridge),又稱網橋,一種網路裝置,負責網路橋接(network bridging)之用。橋接器將網路的多個網段在資料鏈路層(OSI模型第2層)連接起來(即橋接)。
特點
橋接器在功能上與集線器等其他用於連接網段的裝置類似,不過後者工作在實體層(OSI模型第1層)。
- 網橋能夠辨識資料鏈路層中的資料框,並將這些資料框臨時儲存於記憶體,再重新生成訊號作為一個全新的資料框轉發給相連的另一個網段(network segment)。由於能夠對資料框拆包、暫存 、重新打包(稱為儲存轉發機制 store-and-forward),網橋能夠連接不同技術參數傳輸速率的資料鏈路,如連接10BASE-T與100BASE-TX。
- 資料框中有一個位叫做FCS,用來通過CRC方式校驗資料框中的位。網橋可以檢查FCS,將那些損壞的資料框丟棄。
- 網橋在向其他網段轉發資料框時會做衝突檢測控制。
- 網橋還能通過位址自學機制和過濾功能控制網路流量,具有OSI第2層網路交換機功能。這稱為transparent bridge,由DEC在1980年代發明。[1]其機制是網橋內部有一個資料庫,最初沒有資料。當網橋從一個網段收到一個資料框,就會在資料庫中登記(或者更新)資料框的源位址屬於這個網段,並檢查封包的目的位址。如果目的位址在資料庫中屬於另外一個網段,則網橋向該網段轉發該資料框;如果目的位址在資料庫中沒有記錄,則網橋向除了源位址所在之外的其他所有網段轉發(flood)該資料框。
- 橋接器僅僅在不同網路之間有資料傳輸的時候才將資料轉發到其他網路,不是像集線器那樣對所有資料都進行廣播。對於乙太網路,「橋接」這一術語正式的含義是指符合IEEE 802.1D標準的裝置,即「網路切換」。橋接器可以分割網段,不似集線器仍是在為同一碰撞域,所以對頻寬耗損較大。因橋接器透過其內之MAC表格,讓傳送影格不會通過,所以其稱之為資料鏈結層操作之網路元件,可隔離碰撞。
若有通訊頻繁的機器,則應置於同區之內,否則效能將降低。
無線橋接
無線橋接(Wireless bridge)指的是用來連接兩個或多個物理上或邏輯上(不同網路傳輸協定)分開的網路區段(例如不同區域網路或是同一個區域網路下的不同部分)的硬體組件。「橋」並不一定要是一個硬體裝置,像一些作業系統如Windows、GNU/Linux、Mac OS X及FreeBSD等都提供了用來橋接不同網路傳輸協定的軟體,這在無線到有線的網路傳輸協定下很常見。在某種意義上,電腦使用作業系統橋接軟體的作用就如同橋接器。
很多無線路由器及無線存取點提供了「橋接」及「中繼」兩種模式 ,兩種模式產生的作用類似,不同點在於橋接模式連接兩種不同網路傳輸協定,而中繼模式則轉送相同網路傳輸協定。
遵從802.11a、b、g、n標準的無線路由器、無線存取點及橋接器等都可作為無線橋接器。這些無線標準在多數國家都能使用免執照的無線頻帶。
無線橋接裝置需成對作用(點對點),兩者分別在「橋」的兩邊。然而,一個中央裝置可以同時有多個「橋」(點對多點)。
橋接可以經由無線分散系統來達成,該系統會在兩點或多點之間建立一個第二層無線橋接器。橋接的無線裝置需要設定相同的服務設定識別碼(SSID)以及相同的無線通道,而這些裝置可以輪流形成「存取點-客戶端」的關係來完成橋接。
在國際標準化組織的OSI模型中,封包穿越網路層的裝置稱為路由器 ,而封包穿越資料鏈結層的僅被認為是橋接器。
橋接一直以來是指資料不穿越網路堆疊(如TCP/IP)的傳播。「無線橋接器」是一個口語化的名詞。對於連接兩個區域網路,比較精確的敘述應該是:「(無線的)區域網路到區域網路的橋接」。這樣的區別很重要,因為裝置可能無法支援經由一個遠端無線網路存取點來橋接兩個區域網路,一個能支援真正橋接的無線存取點可能滿值得嚮往的:封包不需經由網路傳輸協定堆疊、防火牆或其他網路抽象而穿越無線介質到有線網路。兩個被橋接的網路可以視為同一個IP子網路。[2][3]
之環境也☆
※ 參考︰
root@LEDE:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd42:80c5:b618::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1'
option proto 'static'
option ipaddr '5.168.166.88'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option type 'bridge'
option proto 'dhcp'
option ifname 'eth0'
option peerdns '0'
option dns '8.8.8.8'
config interface 'wwan'
option proto 'dhcp'
root@LEDE:~# cat /etc/config/wireless config wifi-device 'radio0' option type 'mac80211' option channel '11' option hwmode '11g' option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1' option htmode 'HT20' option disabled '0' config wifi-iface 'default_radio0' option device 'radio0' option mode 'ap' option ssid 'LEDE-RPI-3B' option encryption 'psk2+ccmp' option key '12345678' option network 'lan' config wifi-device 'radio1' option type 'mac80211' option hwmode '11g' option path 'platform/soc/3f980000.usb/usb1/1-1/1-1.4/1-1.4:1.0' option htmode 'HT20' option disabled '0' config wifi-iface option network 'wwan' option ssid 'WiFi-2.4' option encryption 'psk2' option device 'radio1' option mode 'sta' option bssid '4C:E6:76:C4:E3:EA' option key 'XXXXXXXXX'
root@LEDE:~# cat /etc/config/firewall config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan' config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'wan wan6 wwan' config forwarding option src 'lan' option dest 'wan' ...
因為這裡設定『出口網區』 Output Zone 是『wan』,所以仍需要『預設』的『dnsmasq』哩!
root@LEDE:~# ps | grep dnsmasq 830 dnsmasq 872 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg02411c 1243 root 1028 S grep dnsmasq
其餘自可研讀乎?
root@LEDE:~# brctl show bridge name bridge id STP enabled interfaces br-lan 7fff.000ec6817901 no eth1 wlan0 br-wan 7fff.b827ebd9d72f no eth0
root@LEDE:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:0E:C6:81:79:01
inet addr:5.168.166.88 Bcast:5.168.166.255 Mask:255.255.255.0
inet6 addr: fe80::20e:c6ff:fe81:7901/64 Scope:Link
inet6 addr: fd42:80c5:b618::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7086 errors:0 dropped:0 overruns:0 frame:0
TX packets:10469 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:449189 (438.6 KiB) TX bytes:13518181 (12.8 MiB)
br-wan Link encap:Ethernet HWaddr B8:27:EB:D9:D7:2F
inet addr:5.168.168.20 Bcast:5.168.168.255 Mask:255.255.255.0
inet6 addr: fe80::ba27:ebff:fed9:d72f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6663 errors:0 dropped:1046 overruns:0 frame:0
TX packets:5144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:647327 (632.1 KiB) TX bytes:1511683 (1.4 MiB)
eth0 Link encap:Ethernet HWaddr B8:27:EB:D9:D7:2F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6663 errors:0 dropped:0 overruns:0 frame:0
TX packets:5144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:647327 (632.1 KiB) TX bytes:1573335 (1.5 MiB)
eth1 Link encap:Ethernet HWaddr 00:0E:C6:81:79:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6976 errors:0 dropped:0 overruns:0 frame:0
TX packets:10547 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:433562 (423.4 KiB) TX bytes:13615423 (12.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:2375 (2.3 KiB) TX bytes:2375 (2.3 KiB)
wlan0 Link encap:Ethernet HWaddr B8:27:EB:8C:82:7A
inet6 addr: fe80::ba27:ebff:fe8c:827a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:112 errors:0 dropped:0 overruns:0 frame:0
TX packets:2364 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15683 (15.3 KiB) TX bytes:204362 (199.5 KiB)
wlan1 Link encap:Ethernet HWaddr E8:4E:06:4F:C5:5C
inet addr:192.168.11.6 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::ea4e:6ff:fe4f:c55c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9479 errors:0 dropped:0 overruns:0 frame:0
TX packets:5837 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13485212 (12.8 MiB) TX bytes:524780 (512.4 KiB)
root@LEDE:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 wlan1 5.168.166.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 5.168.168.0 0.0.0.0 255.255.255.0 U 0 0 0 br-wan 5.168.168.1 0.0.0.0 255.255.255.255 UH 0 0 0 br-wan 192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan1 192.168.11.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan1
root@LEDE:~# arp-scan --interface=br-lan --local Interface: br-lan, datalink type: EN10MB (Ethernet) WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-oui.txt: No such file or directory WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/mac-vendor.txt: No such file or directory Starting arp-scan 1.9.2 with 256 hosts (http://www.nta-monitor.com/tools-resources/security-tools/arp-scan/) 5.168.166.101 b8:27:eb:c2:b0:6e (Unknown) 5.168.166.101 b8:27:eb:97:e5:3b (Unknown) (DUP: 2) 5.168.166.101 b8:27:eb:97:e5:3b (Unknown) (DUP: 3) 5.168.166.120 b8:27:eb:c2:b0:6e (Unknown) 4 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.2: 256 hosts scanned in 3.036 seconds (84.32 hosts/sec). 4 responded
pi@raspberrypi:~route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 5.168.166.88 0.0.0.0 UG 202 0 0 eth0 0.0.0.0 5.168.166.88 0.0.0.0 UG 303 0 0 wlan0 5.168.166.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0 5.168.166.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
pi@raspberrypi:~sudo arp-scan --interface=eth0 --local Interface: eth0, datalink type: EN10MB (Ethernet) Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) 5.168.166.88 00:0e:c6:81:79:01 ASIX ELECTRONICS CORP. 5.168.166.101 b8:27:eb:97:e5:3b Raspberry Pi Foundation 3 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9: 256 hosts scanned in 3.317 seconds (77.18 hosts/sec). 2 responded