#MacOSX : Make your Mac a Wireless Network Bridge

Jun 3

Posted by


Sometimes you need to extend wireless field; you can do it transforming your Mac as a Wireless Network Bridge.

Why  your Mac? Maybe a new shining Mac Book Pro? Well, let’s say your city has been hit by a big earthquake, so you had to leave your house, but your wireless network still works. Mobile Network won’t  work due to excessive overhead but you can still access internet to contact your friends and family. Sharing your internet connection give this chance also to many other people (this has been happened to me recently).

First you need a Switch or a Router or a Wireless Access Point and Ethernet cables.

Then:

  • Connect your mac to your wireless network
  • Connect Switch / Router / Wireless Access Point to Mac Ethernet port
  • Go to System Preferences -> Sharing
  • Check Internet Sharing
    • Share your connection from: Wi-Fi
    • To computers using: Ethernet and Bluetooth PAN
  • Let DHCP enabled

NOTE: this way you can connect to internet while you can maintain a secure distance from damaged buildings.

About whitehatty

Computer Engineer and Scientist interested in Computer Security, Complex Networks, Math, Biology and Medicine. "Think Different" life style. Quake 3 Arena player. NERD by DNA.

Posted on June 3, 2012, in Mac OS X Tips & Tricks and tagged , , , , , . Bookmark the permalink. 33 Comments.

  1. Jeff Rizzo | July 20, 2012 at 5:38 pm

    This isn’t a bridge. :/

    Reply
  2. No | November 16, 2012 at 8:53 pm

    No, this is a NAT gateway or router. A bridge operates at the MAC addr level and doesn’t span different networks.

    Reply
    • whitehatty | November 16, 2012 at 10:25 pm

      please read linked wikipedia article…

      Reply
      • Neal Piche | April 9, 2013 at 6:01 pm

        haha wikipedia. using wikipedia as proof is like using the campaign advertisements of politicians to prove they are decent people

      • whitehatty | April 9, 2013 at 9:02 pm

        Actually Wikipedia has shown to be quite reliable. That said, you have Google or books if you want a better reference.

      • The Cybernetic Entomologist | July 20, 2014 at 1:18 am

        This is most definitely not a bridge. Regardless of the semantics or the Wikipedia article (which is terrible) or whatever, the fact remains that what OSX creates when you enable internet sharing is, in fact, a routed NAT network. Devices connecting to the Mac get an entirely different subnet than the one the Mac is connecting to. Therefore, this is absolutely NOT acting as a bridge, it is a NAT router (routers operate at the network layer, or Layer 3. Bridges operate at the link layer, or Layer 2)

      • whitehatty | July 20, 2014 at 10:13 am

        You might want add some flexibility to the categorization you just provided. Routers (and switches) can operate at a higher level than what you said, so if you strictly consider your definition they are not (Cisco sell them, just sayin’).
        Let me try to explain, once and for all.
        Wireless bridge in a network means a link between two devices, where the link is wireless. Now, as you can see, there isn’t a specification on how this can be achieved. If using natting or whatever else, It still is a wireless bridge. I can remove the word “network” if you find it is confusing, that’s it.

  3. Tim Harper | December 29, 2013 at 12:17 am

    whitehatty, they’re right, it’s not a bridge. When you bridge two networks together, it’s done at an ethernet protocol layer, not at a TCP/IP layer. These instructions clearly set the computer up as a router which routes traffic from one network to another. The differences are subtle, but one key difference is when two networks are bridged devices can talk directly one to another using physical MAC addresses. MAC addresses not on a network will be forwarded to the bridged connection, and vice versa.

    Reply
    • Tim Harper | December 29, 2013 at 12:24 am

      … although, bridging can happen on any network protocol, I suppose. I don’t think what you describe is a bridge because bridges do not translate addresses.

      Reply
    • whitehatty | December 29, 2013 at 4:46 am

      Don’t stop on the word bridge and take the time to read the link to Wikipedia, please.
      Btw, if you look for fancy stuff you might be surprised to find that exist level 7 switches and routing then 🙂
      In all these cases the words bridge, switch and router assume a broader meaning than the one they have in the classic TCP/IP or ISO/OSI layering.
      CS PhD student here.

      Reply
      • The Cybernetic Entomologist | July 20, 2014 at 1:20 am

        Words have meaning, especially where technical subjects are concerned. Since the subject at hand deals specifically with ethernet and TCP/IP, using meanings ascribed to those words from outside the scope of those two subjects is not helpful.

        Also goes to reinforce the idea that CS academics haven’t got the foggiest clue how stuff works out there in the real world.

      • whitehatty | July 20, 2014 at 10:25 am

        Yes, words have meaning and it looks like you failed to keep up with them.

        No seriously, don’t make it personal…

  4. Maciej Żenczykowski | January 24, 2014 at 4:21 pm
    Mac Internet Connection Sharing is not a bridge in the normal meaning of the word. Normally when you say bridge you mean ‘level 2 network bridging’, which does not require a DHCP server, a separate IP subnet, IP routing, nor NAT. Internet Connection Sharing utilizes NAT and is thus a NAT-ed router and not a bridge. (it internally implements a DHCP server, allocates a new IP subnet for the wifi connection and does IP routing [with NAT]) Among other things this means that if you have a computer ‘A’ connected to the wired port of the mac ‘B’ (likely via switch or switch+router, since you presumably also want to connect your internet connection here) and another one ‘C’ connected via the wireless sharing feature of ‘B’, then: ‘C’ can reach ‘B’ and ‘A’ ‘B’ can reach ‘A’ and ‘C’ ‘A’ can reach ‘B’ but cannot reach ‘C’ Why? Because A and B are directly connected so can reach each other. Similarly B and C are directly connected and can thus reach each other. C can reach A (and the internet) because of the outgoing NAT translation. A cannot reach C because of the unidirectionality of NAT. In order to get A to be able to reach C you would need to setup port forwarding and/or use uPnP. [This is why games/voip devices/programs/etc often require you to configure port forwarding on your router/nat device] — There appears to be a bit of a hack to get real (level 2) network bridging available at .gist table { margin-bottom: 0; } This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters #import <CoreWLAN/CoreWLAN.h> #import <objc/message.h> int main(int argc, char* argv[]) { @autoreleasepool { int ch; NSString *ssid = nil, *password = nil; while((ch = getopt(argc, argv, "s:w:h")) != -1) { switch(ch) { case 's': ssid = [NSString stringWithUTF8String:optarg]; break; case 'w': password = [NSString stringWithUTF8String:optarg]; break; case '?': case 'h': default: printf("USAGE: %s [-swh] commandn", argv[0]); printf("nOPTIONS:n"); printf(" -s ssid SSIDn"); printf(" -w password WEP passwordn"); printf(" -h Print helpn"); printf("nCOMMAND:n"); printf(" status Print interface moden"); printf(" start Start Host AP moden"); printf(" stop Stop Host AP moden"); return 0; } } NSString *command = nil; if(argv[optind]) { command = [NSString stringWithUTF8String:argv[optind]]; } CWInterface *iface = [CWInterface interface]; if(!command || [command isEqualToString:@"status"]) { NSString *mode = nil; switch(iface.interfaceMode) { case kCWInterfaceModeStation: mode = @"Station"; break; case kCWInterfaceModeIBSS: mode = @"IBSS"; break; case kCWInterfaceModeHostAP: mode = @"HostAP"; break; case kCWInterfaceModeNone: default: mode = @"None"; } printf("%sn", [mode UTF8String]); } else if([command isEqualToString:@"stop"]) { // Stop Host AP mode if(getuid() != 0) { printf("You may need to run this command with root priviledge.n"); } objc_msgSend(iface, @selector(stopHostAPMode)); } else if([command isEqualToString:@"start"]) { // Channel = 11(2GHz), Channel width = 20MHz CWChannel *channel = [CWChannel alloc]; objc_msgSend(channel, @selector(initWithInfo:), @{@"CHANNEL": @11, @"CHANNEL_FLAGS": @10}); // securityType = 2: None, 32: WEP unsigned long long securityType = 2; if(password) { securityType = 32; } // Start Host AP mode NSError *error = nil; objc_msgSend(iface, @selector(startHostAPModeWithSSID:securityType:channel:password:error:), [ssid dataUsingEncoding:NSUTF8StringEncoding], securityType, channel, password, &error); if(error) { printf("%sn", [error.localizedDescription UTF8String]); return 1; } } return 0; } } view raw hostap.m hosted with ❤ by GitHub This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters all: hostap hostap: hostap.m clang -framework Foundation -framework CoreWLAN -o $@ $< clean: rm -rf hostap view raw Makefile hosted with ❤ by GitHub This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters Copyright (C) 2012 Yoshimasa Niwa Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. view raw MIT-LICENSE.txt hosted with ❤ by GitHub .gist table { margin-bottom: 0; } This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters #import <CoreWLAN/CoreWLAN.h> #import <objc/message.h> int main(int argc, char* argv[]) { @autoreleasepool { int ch; NSString *ssid = nil, *password = nil; while((ch = getopt(argc, argv, "s:p:h")) != -1) { switch(ch) { case 's': ssid = [NSString stringWithUTF8String:optarg]; break; case 'p': password = [NSString stringWithUTF8String:optarg]; break; case '?': case 'h': default: printf("USAGE: %s [-s ssid] [-p password] [-h] commandn", argv[0]); printf("nOPTIONS:n"); printf(" -s ssid SSIDn"); printf(" -p password WEP passwordn"); printf(" -h Print helpn"); printf("nCOMMAND:n"); printf(" status Print interface moden"); printf(" start Start Host AP moden"); printf(" stop Stop Host AP moden"); return 0; } } NSString *command = nil; if(argv[optind]) { command = [NSString stringWithUTF8String:argv[optind]]; } CWInterface *iface = [CWInterface interface]; if(!command || [command isEqualToString:@"status"]) { NSString *mode = nil; switch(iface.interfaceMode) { case kCWInterfaceModeStation: mode = @"Station"; break; case kCWInterfaceModeIBSS: mode = @"IBSS"; break; case kCWInterfaceModeHostAP: mode = @"HostAP"; break; case kCWInterfaceModeNone: default: mode = @"None"; } printf("%sn", [mode UTF8String]); } else if([command isEqualToString:@"stop"]) { // Stop Host AP mode if(getuid() != 0) { printf("this may need root (trying anyway)…n"); } objc_msgSend(iface, @selector(stopHostAPMode)); } else if([command isEqualToString:@"start"]) { if(!ssid) { printf("error: an ssid must be specifiedn"); return 1; } // known security types: // 2: no securiry // 16: wep // Note: values [-127..127] have been tried, and all but these return errors. int securityType = 2; if(password) { if([password length] < 10) { printf("error: password too short (must be >= 10 characters)n"); return 1; } securityType = 16; } NSSet *chans = [iface supportedWLANChannels]; //printf("chan count: %lun", [chans count]); NSEnumerator *enumerator = [chans objectEnumerator]; CWChannel *channel; while ((channel = [enumerator nextObject])) { //printf("channel: %lun", [channel channelNumber]); if ([channel channelNumber] == 9) break; } // Start Host AP mode NSError *error = nil; objc_msgSend(iface, //@selector(startIBSSModeWithSSID:security:channel:password:error:), @selector(startHostAPModeWithSSID:securityType:channel:password:error:), //[@"hunter2" dataUsingEncoding:NSUTF8StringEncoding], [ssid dataUsingEncoding:NSUTF8StringEncoding], securityType, channel, //@"abc123ffff", password, &error); if(error) { printf("startHostAPModeWithSSID error: %sn", [error.localizedDescription UTF8String]); return 1; } } return 0; } } view raw hostap.m hosted with ❤ by GitHub This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters all: hostap hostap: hostap.m clang -framework Foundation -framework CoreWLAN -o $@ $< clean: rm -rf hostap view raw Makefile hosted with ❤ by GitHub This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters Copyright (C) 2012 Yoshimasa Niwa Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. view raw MIT-LICENSE.txt hosted with ❤ by GitHub Which supposedly gets your wireless nic into host ap mode (without using Internet Connection Sharing), which combined with normal mac bridging of your wired and wireless interfaces should do the trick – ie. get you a real wireless ethernet bridge. — In general for ad-hoc temporary situations (like in a hotel room or at a conference) the built-in Mac OS X ‘Internet Connection Sharing’ feature is perfect. But if you want a stationary mac (say a mac mini or an imac) [that, for example, you have more permanently placed at home] to effectively act as a wireless range extender then you really should go the hostap+bridge way. Even though that is clearly harder to configure.
    Reply
    • whitehatty | January 24, 2014 at 6:47 pm

      Everything right, indeed I am not claiming it is a level 2 bridge…As I said earlier here the word “bridge” has a broader meaning, is it that hard to get it? Damn…
      Oh, bye the way, I will not reccomend the use of uPnP for security reasons. If you want forward/block packets from/to other subnets it is as easy as deploy a firewall rule, that is, you can create a whole virtual network on top of a physical network having completely different topology without any problem. [And I don’t know why you tell me this, since I just wrote that I have ample knowledge of the subject, lol]

      Now, the good part…the links on github, those might be useful to someone, even though I think there is no point having a Mac working that way [I repeat, IMHO]…well, what I mean is that you can have better performance and save a lot of money with a Linux box…

      Last, but not least…well, it was a temporary solution, an earthquake, got it?

      So, I don’t wan’t to be rude, but if the post is just to show your knowledge of the subject, what is the point? Everybody can google-paste what he finds, and then?
      Now, let’s talk about something that is more valuable; what’s the case scenario where you need a real level 2 bridge for a Mac [given that you can do the same with a router or a linux box]?

      Reply
      • Roo | October 24, 2015 at 7:09 am

        Case for needing a real Level 2 bridge with a Mac:
        1: Wifi only internet source (ISP’s router)
        2: Ethernet-only NAS
        3: 2 computers – 1x Mac Mini, 1x Macbook
        4: Both computers should be able to see and access the NAS for backups, etc.

        The ideal setup “feels” like
        – Mini connected to outside world by Wifi.
        – NAS connected to the ethernet port on the Mini
        – MacBook connects to the internet and the Mini AND the NAS over wifi.

        As it stands, I cannot get the Mini to correctly “bridge” the NAS to the same subnet as the wifi network, only to NAT the ethernet port through to the Internet on the outside of the ISP’s router.

  5. Maciej Żenczykowski | January 25, 2014 at 5:42 am

    I left the above comment simply because I was looking for a solution to making a wired to wireless bridge out of my mac and this blog posting was one of the first hits on Google, but wasn’t particularly helpful.

    Anyway I have to go try the above linked code and see if I can figure out how to get it to make a WPA2 Personal Access Point…

    Reply
  6. Peter | July 24, 2015 at 6:01 pm

    I would like to connect a DD-WRT (WRT-54GL) router to my Mac with an ethernet cable and share my WIFI from and external hi-gain USB WIFI adaptor which can reach the house from the workshop 150m away. The airport card cannot handle distance around the workshop. Anyone know how to do this?

    Reply
  7. NETWORKING BASICS | February 1, 2016 at 11:10 am

    Its very simple NOW my Mac is behaving like a wifi bridge. Thank you for this post. Its been very useful to me.

    Reply
  8. PhilBoogie | January 10, 2017 at 3:13 pm

    Old topic, still I’d like to configure this on my Mini as well. I simply want to share my WiFi Internet connection over Ethernet on OSX, nee, macOS 10.12 (aka Sierra). I have some basic knowledge on IP, still I’m either too stupid or Apple broke Internet Sharing in 10.12, possibly earlier.

    Any chance of opening up this old thread? TIA

    Reply
    • whitehatty | January 10, 2017 at 4:19 pm

      As of right now, my Mac is not supported by Mac OS Sierra, so I can’t test it. I will try however on El Capitan later today and I’ll post an update if needed.

      Reply
      • PhilBoogie | January 10, 2017 at 4:23 pm

        1. Wow! Very kind! And a swift reply to boot.

        2. I don’t think the version should matter that much though. This is basic networking, and I can’t imagine Apple would enable/disable anything so basic at TCP/IP stuff.

        3. Please allow me to writeup my config, which I’ll post later on.

        BIG thanks!

  9. PhilBoogie | January 10, 2017 at 4:53 pm

    Internet > ISP > DSL modem > Ethernet cable > AirPort Express > WiFi > MacMini

    That’s basically my current setup. Other Macs also connecting to the Internet over WiFi, but seems irrelevant. Anyway, That MacMini sits next to my TV in the living, and I simply want to share its Internet connection (from WiFi) over the Ethernet port, just so I can hook up my TV/DVD player/DVR so that’ll have Internet access as well. That’s either device, not all at once, no hub, couplers or anything.

    1. MacMini/SysPrefs/WiFi connects to AirPort Express, successfully, getting its IP over DHCP.
    2. MacMini/SysPrefs/Ethernet enabled. Set it to DHCP, but don’t know if that should be the case. DHCP with manual address didn’t work either, not does a static IP.
    3. MacMini/SysPrefs/Internet Sharing. Set to ’Share your connection from: WiFi…to computers using: Ethernet. (I have Remote Management enabled, as well as ssh and Screen Sharing, but that shouldn’t matter, right?)
    4. LAN cable, a straight one or CrossOver – doesn’t matter; neither works.
    5. DVR set to DHCP, doesn’t work. (Neither does static IP)
    6. Checked the port config on both. Can’t config the DVR, but the MacMini is set to automatically (instead of hardcoded 1000Mbps / Full Duplex bladibla)

    Various blogs and articles to be found on the Internet. But as they say, it’s an oasis of info. But getting something useful is another matter.

    Reply
    • whitehatty | January 23, 2017 at 12:05 am

      Hi, I tested mac os El Capitan and it seems to work.
      Specifically, my setup is:
      modem/router > ethernet cable > macbook pro > ethernet cable > access point.
      The devices that need to access the shared connection connects to the access point.
      DHCP is enabled everywhere.

      Reply
  10. PhilBoogie | January 23, 2017 at 5:29 am

    Thanks for getting back to me.

    It doesn’t work at my end, config:
    Internet > ISP > DSL modem > Ethernet cable > AirPort Express > WiFi > MacMini > Ethernet port on MacMini > (straight) LAN cable > DVR.

    All set to DHCP.
    On Mac, which has a valid IP and connects to the Internet:
    1) /SysPrefs/Sharing/Internet Sharing/ Share your connection from: WiFi To computers using: Ethernet.
    2) /SysPrefs/Network/Ethernet/DHCP and it gives me a 169 address.
    The DVR is set to DHCP and doesn’t get an IP.

    I’m missing something so obvious I’m completely overlooking it…

    Reply
    • whitehatty | January 23, 2017 at 1:10 pm

      Try to connect an access point or router before the dvr and check if it works

      Reply
      • PhilBoogie | January 24, 2017 at 11:44 am

        Succes! I hooked up a laptop, DHCP is getting an 10.0.0. address What I don’t understand is:
        1) The Internet Sharing on the MacMini is giving a 169 address to the ethernet port. I would’ve expected a subnet of the 10.0.0.0 address, but I have no knowledge on subletting, so there.
        2) The client is getting a 192.254.* address: why isn’t that a 169.* address?
        3) The more important question, for me, is: My Mac Pro is on the same WiFi as the MacMini. Why can’t I ping that 192.254 address from there? I can only reach it from he MacMini. Perhaps that’s just as good as well: this way I’m forced to ftp onto the DVR from the MacMini, making me copy content on a USB stick or SD Card. That will be so much faster than ftp-ing over WiFi (n).

        Anyway, thank you very much for your time and help. Much appreciated!

  11. Darren | January 12, 2020 at 5:40 am

    You know its guys like all of you who mess it up for the average consumer like me. All of you are jumping on this guy because of semantics. All I wanted to do was take my Mac and send the internet connection to my router to be rebroadcast. I could care less what it is called. But now that all you have thumped your chests and shown your knowledge, you accomplished nothing. Typical!!!

    Reply
    • whitehatty | December 29, 2020 at 2:09 pm

      I know right! All of them jumping to conclusions without even understanding the context, not even Wikipedia convinces them, they all have to brag they know better xD It is kinda funny to receive a notification once in a while of the usual culprit. I am actually surprised this blog still receives any traffic since I have not been writing in a while, but I am glad it worked for you!

      Reply
  12. ye | July 13, 2020 at 3:26 pm

    sharing is NOT the same as bridging a connection.

    Reply
  13. Net Eng | March 19, 2021 at 7:41 pm

    Net Eng here. This isn’t a bridge.

    This creates a DHCP server on the Macintosh which then NAT’s the traffic to the wifi interface.

    Reply
  14. Andrea | February 2, 2023 at 10:04 am

    I have a OBi200 analog phone adaptor and it only connects to Linux and Windows computers if the Ethernet adaptor is bridged with the Wifi adaptor. Following this tutorial leads to 169.254.x.x self assigned IP address. Any idea why? or any idea how I can successfully connect a OBi200 to a Mac mini’s wifi internet via the ethernet port?

    MacOS Monterey 12.6.2 is my current version.

    Reply

Leave a comment