7. Configuration (c.) - bridging

I chose to stay with this configuration for now, since it allows me to pull my Aspire out of the network from time to time without loosing Internet connectivity. When travelling, I use my Aspire as a GPS device in combination with a USB connected satellite antenna.

These are the commands given in the necessary order placed inside the /etc/rc.d/rc.local file:
#!/bin/sh
#
# /etc/rc.d/rc.local:  Local system initialization script.
#
# Put any local startup commands in here.  Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.

/etc/rc.d/rc.radiusd start

/sbin/ifconfig wlan0 up
/sbin/iwconfig wlan0 channel auto

/etc/rc.d/rc.hostapd start

/sbin/ifconfig wlan0_0 172.17.0.1

/sbin/ifconfig eth0 up
/sbin/ifconfig wlan0 up

/usr/sbin/brctl addbr br0
/sbin/ifconfig br0 up
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 wlan0

/sbin/ifconfig br0 192.168.1.55

/sbin/route add default gw 192.168.1.1

/usr/sbin/dhcpd wlan0_0

/etc/rc.d/firewall/acerap_br.fw
/etc/rc.d/rc.traffic_shaping start

/etc/rc.d/rc.bind restart

#EOF

The part that concerns bridging is in bold. Bridging on Linux is really easy and it should not cause you any troubles. The spanning tree should be off as it is by default. Turn it on only if you really know what you are doing. The dhcpd is bound only to the wlan0 to serve 172.17.0.0/16 addresses to the Welcome network. The network with the Acer_A1 ssid is getting its IP addresses from the "Linksys SRX 200" DHCP server trough the bridge (it transfers broadcasts transparently). The rc.traffic_shaping script is for traffic shaping which turned out to be necessary, because some of the clients in Welcome misbehaved (see 6. Additional administrative tasks).

Of course you will need a firewall as well, so here is the acerap_br.fwb file created with the FWbuilder project and the script acerap_br.fw it generated, really basic, but a good starting point. I decided to switch to WPA2 after using this configuration for about one month. This required only a change of wpa=1 in /etc/hostapd.conf to wpa=2 and a restart of the hostapd. I was worried about the amount of work necessary to reconfigure all clients, but it turned out that only some small changes to the Windows clients are required.