Setting up a wifi to ethernet bridge with npf (Raspberry pi 4)

DeepReef11

I tried to setup an internet access from wifi to ethernet with my raspberry pi. I do not have a lot of knowlege on network, just very general.

Setup

Raspberry pi 4
Live image of netbsd 10.99.1
Interface bwfn0 (wifi), genet0 (ethernet)
DLink router that receive internet from ethernet port (haven't found a features that would allow the router to connect directly to internet from wifi)

/etc/npf.conf


set bpf.jit off

$ext_if = "bwfm0"
$int_if = "genet0"

group "external" on $ext_if {
        pass all
}
group "internal" on $int_if {
        pass all
}
group default {
        pass final on lo0 all
        block all
}

Expected behaviour

The DLink router would receive internet from ethernet port. Devices connected to it should be able to connect to internet. The router isn't able to connect to internet when connected to the raspberry pi.

I've also tried to create a bridge with a bridge command, but that didn't work either. In the man page of bridge, it says only ethernet interface will work, so I suppose this is expected.

JuvenalUrbino

Hi @DeepReef11 and welcome to this forum.

DeepReef11 I do not have a lot of knowledge on network, just very general.

Knowledge comes practicing, finding solutions to problems and reading documentation.

DLink router that receive internet from ethernet port (haven't found a features that would allow the router to connect directly to internet from wifi)

Perhaps, by router you mean a powefline, a LAN switch or a wifi extender? The router itself is responsible of orchestrating your local network.

DeepReef11 The router isn't able to connect to internet when connected to the raspberry pi.

You mean the other way round, that the raspberry pi isn't able to ping any address when connected via cable to the router?
Does this happen with NPF turned off too, or is the firewall blocking packets?
More info is needed, ifconfig output, /etc/ifconfig.genet0, and the network-related section of your /etc/rc.conf.

$ext_if = "bwfm0"
$int_if = "genet0"

Why specify an 'external' and an 'internal' interface if you aren't bridging them or configuring ip forwarding from either of the two to the other?

DeepReef11 I've also tried to create a bridge with a bridge command, but that didn't work either. In the man page of bridge, it says only ethernet interface will work, so I suppose this is expected.

I haven't personally tried that. The man page also says that:

     A bridge can be used to provide several services, such as a simple
     802.11-to-Ethernet bridge for wireless hosts, and traffic isolation.

I highly recommend reading and trying to understand Chapter 24. Setting up TCP/IP on NetBSD in practice.
Depending on what you're trying to achieve, you may also have a look at NetBSD nat/router/firewall setup. As for a NetBSD router configuration, keep in mind that the functionality of rtsol(8) has been superseded by dhcpd(8)'s built-tin solicitation capability. This is covered in guide Chapter 24, linked above.
Anyway, I'd try to get your network up and working first if it isnt; one step at a time. Several threads on wifi networking can be found on this forum and the netbsd-users mailing list.

Jay

Hi check this thread of they help as i am not experienced with npf :

https://www.unitedbsd.com/d/763-netbsd-desktop-pt3-simple-stateful-firewall-with-npf

https://www.unitedbsd.com/d/435-how-to-use-blacklistd8-with-npf-as-a-fail2ban-replacement

DeepReef11

JuvenalUrbino

I want to clear this up to make sure I've explained properly the purpose of this. I want my router to do its router job and the raspberry pi to provide internet connection to the router.

Something I am not sure to understand with my current configuration on raspberry pi, I cannot ssh into it when it is plugged in the wan port of the router, nor I can ssh from the wifi connection (from the other router that provide internet). The network is working when I provide internet to the router and the rpi is plugged to a lan port. But I am not able to get internet from the wifi connection of the rpi (which, if I remember correctly, was working before I change npf settings).

genet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ec_capabilities=0x1<VLAN_MTU>
        ec_enabled=0
        address: e4:5f:01:86:22:4e
        media: Ethernet autoselect (1000baseT full-duplex,master)
        status: active
        inet6 fe80::2766:8d4c:3dff:488b%genet0/64 flags 0 scopeid 0x1
        inet 192.168.0.182/24 broadcast 192.168.0.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
        status: active
        inet6 ::1/128 flags 0x20<NODAD>
        inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
        inet 127.0.0.1/8 flags 0
bwfm0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ssid Home nwkey 65536:"",0xb6b976eadc35a917987de5a0fa0be801,0xae4162a374437ec3b1620b972833ce27,""
        powersave off
        bssid 74:24:9f:d2:9d:9a chan 11
        address: e4:5f:01:86:22:50
        media: IEEE802.11 autoselect (HT mode 11ng)
        status: active
        inet6 fe80::bc03:5a38:e829:8107%bwfm0/64 flags 0 scopeid 0x3
        inet6 2605:59c8:23f8:e910:794d:16d4:1b1b:2840/64 flags 0x40<AUTOCONF>
        inet6 fd5e:9a9e:c5bd:10:cd60:d452:3d06:8e28/64 flags 0x40<AUTOCONF>
        inet6 2605:59c8:23f8:e910::922/128 flags 0
        inet6 fd5e:9a9e:c5bd:10::922/128 flags 0
        inet 192.168.1.118/24 broadcast 192.168.1.255 flags 0

/etc/ifconfig.genet0 doesn't exist.

rc.conf:

sshd=YES
dhcpcd=YES
ntpd=YES
ntpd_flags="-g"
creds_msdos=YES
creds_msdos_partition=/boot
mdnsd=YES
devpubd=YES
wscons=$(dev_exists wsdisplay0)
ec2_init=$(dev_exists ena0)


wpa_supplicant=YES
wpa_supplicant_flags="-i bwfm0 -c /etc/wpa_supplicant.conf"
dhcpcd_flags="${dhcpcd_flags} -b"

ifconfig bfwm0 up
npf=YES

wpa_supplicant:

# $NetBSD: wpa_supplicant.conf,v 1.1 2019/01/12 16:51:54 roy Exp $

# Allow wpa_cli(8) to configure wpa_supplicant
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
        ssid="Home"
        psk="xxxx"
}
update_config=1