[How-To] Internet Source from WIFI To Ethernet [Bridge WiFi to Ethernet]

Hello im new and im Italian so i hope you will not hate me if i write not perfectly (Who said Google Translate?? No No No)


This Guide is for a "client to client" setup of the box, we will internally switch Wifi to Eth, so a working computer can access internet from its eth port even if the router signal source is wireless.


Router AP -----> ARM BOX [WIFI internal or usb dongle] ===>> internal eth0 ------> ethernet cable --> client eth port


  • Make sure WiFi in arm box is connected using nmtui command
    • FROM NOW ON <WIFI CARD> is the wifi adapter name es: replace "<WIFI CARD>" with "wlx0013eff301ee"
  • Execute: sudo apt-get update && sudo apt-get install dnsmasq iptables iptables-persistent -y
    • say no to save actual iptables rules (we dont have any yet)
  • Edit /etc/network/interfaces
    • comment if exist the part of eth0 "iface eth0" to "#iface eth0"
    • add those lines
    • allow-hotplug eth0
      	iface eth0 inet static
      	up ip addr add dev eth0
  • execute those commands
    • ip addr add dev eth0
      iptables -A FORWARD -o <WIFI CARD> -i eth0 -s -m conntrack --ctstate NEW -j ACCEPT
      iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
      iptables -t nat -F POSTROUTING
      iptables -t nat -A POSTROUTING -o <WIFI CARD> -j MASQUERADE
      sh -c "iptables-save > /etc/iptables.ipv4.nat"
      sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
      /etc/init.d/dnsmasq stop
      cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup
  • Edit /etc/dnsmasq.conf inserting
    • interface=eth0
  • Edit /etc/sysctl.conf inserting
    • net.ipv4.conf.default.forwarding=1
  • Edit /etc/rc.local inserting before "exit 0"
    • iptables-restore < /etc/iptables.ipv4.nat
  • execute those commands
    • systemctl enable dnsmasq
      systemctl enable iptables





We set static net to eht0 then we set routing in iptables [forward and back] wlan<->eth then we make this setup persistent so that will persist after reboot.

Working on my RK3318 Armbian bullseye 5.15 minimal and USB3 dongle RTL8814AU (also tested with a 8812au)

Remember that with 



IP will change after 72h of system-up, just remove ,72h for always.



13 hours ago, lmdc45 said:

seems to have some network and some network probably a mistake. 
Otherwise working ok thanks

Probably my mistake, should be all if i remember right, anyway im using it as cheap low latency powerfull wifi-eth for my gaming pc.


@lmdc45 Yeah too many failing "how to" on web, when you know how to do it with firewall rules is not that hard, but on web many do things/commands without thinking too much.

Im not very happy with this mode by using firewall, because it trigger too much the cpu when in high load of packets (like when downloading games from Steam, the cpu temperature skyrock...).
Debian has bridge-util that should do the same thing but, hopefully, better then firewall redirections.
I didnt find enough doc material on web to be sure it works and works better then my actual firewall rules so for now im stuck to this setup.

If you try that bridge-util update me with your results, i just cant ruin my setup because its necessary for my main pc-setup internet connection.

