If you recall I was after a configuration that would allow a Pi 4 or 5
to act in addition to its generic operation as a server on the network,
to also act as a wifi access point.

I have *sort of* succeeded.

The general process is to down the wifi and Ethernet interfaces, create
a bridge interface as master and slave the two other interfaces (Thernet
and wifi) to it

The bridge interface has all the IP stuff attached to it.

The Wifi interface has instructions to be an access point and have an
SSID, securitry and so on.


Ultimately I discovered that all this does is create and edit files in

/etc/NetworkManager/system-connections and frankly this is probably the easiest way to do it

Here are the three files I created via nmcli

# more br0.nmconnection
[connection]
id=br0
uuid=db3fc586-63b4-43f6-9cf3-efd207086553
type=bridge
interface-name=nm-bridge
timestamp=1768417618

[ethernet]

[bridge]
stp=false

[ipv4]
address1=192.168.0.101/24,192.168.0.254
dns=192.168.0.101;
method=manual

[ipv6]
addr-gen-mode=default
method=disabled

[proxy]


-----------------------------------

# more Garden.nmconnection
[connection]
id=Garden
uuid=f977bba8-bda3-404b-89c3-57c959c8b1fd
type=wifi
interface-name=wlan0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768410601

[wifi]
band=bg
channel=9
mode=ap
powersave=2
ssid=MyGarden

[wifi-security]
key-mgmt=wpa-psk
psk=rottenRatz

[bridge-port] --------------------------------------------------------------------

# more Ethernet.nmconnection
[connection]
id=Ethernet
uuid=4a8b7eb6-678a-47e2-b5b2-416cc800438f
type=ethernet
interface-name=eth0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768409686

[ethernet]

[bridge-port]

---------------------------------------------------------------------------
Now for the problems:

First of all I cant get the Pi4B to do more than 72Mbps. I *think* this
is a hardware limit

More importantly if any connected wifi clients try to use the
*internet*, response is flaky as fuck. 50%+ packet loss

But wifi clients connected via the Pi WiFi can access the *LAN*
smoothly. No packet loss.

Wifi clients attached via any other access point can access the internet smoothly.

Just not *wifi clients attached via the pi*....

I am struggling to understand how a device can access the LAN perfectly
but not the Internet.

Any ideas?

--
Future generations will wonder in bemused amazement that the early twenty-first century?s developed world went into hysterical panic over a globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to contemplate a rollback of the industrial age.

Richard Lindzen

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/14/26 16:00, The Natural Philosopher wrote:

If you recall I was after a configuration that would allow a Pi 4 or 5
to act in addition to its generic operation as a server on the network,
to also act as a wifi access point.

I have *sort of* succeeded.

The general process is to down the wifi and Ethernet interfaces, create
a bridge interface as master and slave the two other interfaces (Thernet
and wifi) to it

The bridge interface has all the IP stuff attached to it.

The Wifi interface has instructions to be an access point and have an
SSID, securitry and so on.

Ultimately I discovered that all this does is create and edit files in

/etc/NetworkManager/system-connections and frankly this is probably the easiest way to do it

Here are the three files I created via nmcli

# more br0.nmconnection
[connection]
id=br0
uuid=db3fc586-63b4-43f6-9cf3-efd207086553
type=bridge
interface-name=nm-bridge
timestamp=1768417618

[ethernet]

[bridge]
stp=false

[ipv4]
address1=192.168.0.101/24,192.168.0.254
dns=192.168.0.101;
method=manual

[ipv6]
addr-gen-mode=default
method=disabled

[proxy]

-----------------------------------

# more Garden.nmconnection
[connection]
id=Garden
uuid=f977bba8-bda3-404b-89c3-57c959c8b1fd
type=wifi
interface-name=wlan0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768410601

[wifi]
band=bg
channel=9
mode=ap
powersave=2
ssid=MyGarden

[wifi-security]
key-mgmt=wpa-psk
psk=rottenRatz

[bridge-port] --------------------------------------------------------------------

# more Ethernet.nmconnection
[connection]
id=Ethernet
uuid=4a8b7eb6-678a-47e2-b5b2-416cc800438f
type=ethernet
interface-name=eth0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768409686

[ethernet]

[bridge-port]

---------------------------------------------------------------------------

I've set up Pi2s3s4s as 'servers' before, it was
never THIS complex however. A PI is just a very
small Linux box. Alas if you need multiple net
ports you may need to think of USB dongles.

Oh, 'nmcli' ... if you have to add THIS much junk
faster to manually edit the config file. Actually
I posted instructions on that about a year+ ago.
The NM GUI app is fairly capable too, IF you
have a GUI on yer PI. Not all do, hence my post.

Now for the problems:

First of all I cant get the Pi4B to do more than 72Mbps. I *think* this
is a hardware limit

Net/USB/WiFi speed ratings for PIs are almost always
"best case" ... actually they're kinda LIES. The P4
was much better, P5s even better, but it's not gonna
be like a PCI card plugged into your Big Box.

More importantly if  any connected wifi clients try to use the
*internet*, response is flaky as fuck. 50%+  packet loss

WiFi is finniky as all hell. Recently had a PI getting
a super-crappy signal, tons of dropped packets - moved
it FOUR inches, no obvious obstacles involved, and now
have a 4X or 5X speed increase and almost never a
dropped packet. Note 2ghz tends to be more forgiving
than 5ghz - 'slower' CAN be faster in some circumstances.

But wifi clients connected via the Pi WiFi  can access the *LAN*
smoothly. No packet loss.

Wifi clients attached via any other access point can access the internet smoothly.

Just not *wifi clients attached via the pi*....

I am struggling to understand how a device can access the LAN perfectly
but not the Internet.

Any ideas?

DO check to see if your DNS and router base address
are correct. I had to get a new router and all my
clients were still pointed at the old base address.
They'd (usually) work OK on the LAN, but you could
not get updates or any other internet stuff.

/etc/dhcpcd is the place to start. Also use NM to
look at all those device defs. Tweaking those things
fixed MY internet problems. Just ONE number mal-typed,
ONE mistaken, number is enough to screw up everything.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 14/01/2026 22:59, c186282 wrote:

On 1/14/26 16:00, The Natural Philosopher wrote:

If you recall I was after a configuration that would allow a Pi 4 or 5
to act in addition to its generic operation as a server on the
network, to also act as a wifi access point.

I have *sort of* succeeded.

The general process is to down the wifi and Ethernet interfaces,
create a bridge interface as master and slave the two other interfaces
(Thernet and wifi) to it

The bridge interface has all the IP stuff attached to it.

The Wifi interface has instructions to be an access point and have an
SSID, securitry and so on.


Ultimately I discovered that all this does is create and edit files in

/etc/NetworkManager/system-connections and frankly this is probably
the easiest way to do it

Here are the three files I created via nmcli

# more br0.nmconnection
[connection]
id=br0
uuid=db3fc586-63b4-43f6-9cf3-efd207086553
type=bridge
interface-name=nm-bridge
timestamp=1768417618

[ethernet]

[bridge]
stp=false

[ipv4]
address1=192.168.0.101/24,192.168.0.254
dns=192.168.0.101;
method=manual

[ipv6]
addr-gen-mode=default
method=disabled

[proxy]


-----------------------------------

# more Garden.nmconnection
[connection]
id=Garden
uuid=f977bba8-bda3-404b-89c3-57c959c8b1fd
type=wifi
interface-name=wlan0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768410601

[wifi]
band=bg
channel=9
mode=ap
powersave=2
ssid=MyGarden

[wifi-security]
key-mgmt=wpa-psk
psk=rottenRatz

[bridge-port]
--------------------------------------------------------------------

# more Ethernet.nmconnection
[connection]
id=Ethernet
uuid=4a8b7eb6-678a-47e2-b5b2-416cc800438f
type=ethernet
interface-name=eth0
master=db3fc586-63b4-43f6-9cf3-efd207086553
slave-type=bridge
timestamp=1768409686

[ethernet]

[bridge-port]

---------------------------------------------------------------------------

  I've set up Pi2s3s4s as 'servers' before, it was
  never THIS complex however. A PI is just a very
  small Linux box. Alas if you need multiple net
  ports you may need to think of USB dongles.

  Oh, 'nmcli' ... if you have to add THIS much junk
  faster to manually edit the config file. Actually
  I posted instructions on that about a year+ ago.
  The NM GUI app is fairly capable too, IF you
  have a GUI on yer PI. Not all do, hence my post.

Now for the problems:

First of all I cant get the Pi4B to do more than 72Mbps. I *think*
this is a hardware limit

  Net/USB/WiFi speed ratings for PIs are almost always
  "best case" ... actually they're kinda LIES. The P4
  was much better, P5s even better, but it's not gonna
  be like a PCI card plugged into your Big Box.

More importantly if  any connected wifi clients try to use the
*internet*, response is flaky as fuck. 50%+  packet loss

..

But wifi clients connected via the Pi WiFi  can access the *LAN*
smoothly. No packet loss.

Wifi clients attached via any other access point can access the
internet smoothly.

Just not *wifi clients attached via the pi*....

I am struggling to understand how a device can access the LAN
perfectly but not the Internet.

Any ideas?

  DO check to see if your DNS and router base address
  are correct. I had to get a new router and all my
  clients were still pointed at the old base address.
  They'd (usually) work OK on the LAN, but you could
  not get updates or any other internet stuff.

As my job used to be in networking, of course I checked all that before posting

The PI is not acting as a DHCP server, Merely as a bridge. The router
does all that (DHCP) and assigns the DNS servers etc.

I can ping an external *IP address* from the PI faultlessly.

I can't ping an external IP address from a wifi connected client consistntly
I CAN ping an internal *IP address* from a wifi connected client flawlessly.

  /etc/dhcpcd is the place to start.

No, it isn't., Its not involved

Also use NM to
  look at all those device defs. Tweaking those things
  fixed MY internet problems. Just ONE number mal-typed,
  ONE mistaken, number is enough to screw up everything.

Done all that already. That's why I published the nm files. So you could check.

E,g. here are some ping results
This is from the Pi itself ...

root@Coriolanus:~# ping vps.templar.co.uk
PING vps.templar.co.uk (185.113.128.151) 56(84) bytes of data.
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=1 ttl=59
time=21.0 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=2 ttl=59
time=21.0 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=3 ttl=59
time=21.3 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=4 ttl=59
time=21.3 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=5 ttl=59
time=21.3 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=6 ttl=59
time=20.8 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=7 ttl=59
time=20.9 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=8 ttl=59
time=21.0 ms
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=9 ttl=59
time=21.3 ms
^C
--- vps.templar.co.uk ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8010ms
rtt min/avg/max/mdev = 20.788/21.093/21.302/0.192 ms

Now from a laptop connctred vuas the pi as a wifi access point


root@Prospero:~# ping vps.templar.co.uk
PING vps.templar.co.uk (185.113.128.151) 56(84) bytes of data.
64 bytes from vps.templar.co.uk (185.113.128.151): icmp_seq=3 ttl=59
time=112 ms
^C
--- vps.templar.co.uk ping statistics ---
14 packets transmitted, 1 received, 92.8571% packet loss, time 13351ms
rtt min/avg/max/mdev = 111.730/111.730/111.730/0.000 ms

But pinging the main server on the LAN is this

root@Prospero:~# ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
64 bytes from 192.168.0.100: icmp_seq=1 ttl=64 time=12.4 ms
64 bytes from 192.168.0.100: icmp_seq=2 ttl=64 time=9.96 ms
64 bytes from 192.168.0.100: icmp_seq=3 ttl=64 time=11.3 ms
64 bytes from 192.168.0.100: icmp_seq=4 ttl=64 time=8.69 ms
64 bytes from 192.168.0.100: icmp_s

On 14/01/2026 21:00, The Natural Philosopher wrote:

If you recall I was after a configuration that would allow a Pi 4 or 5
to act in addition to its generic operation as a server on the network,
to also act as a wifi access point.

I have *sort of* succeeded.

Have you read this? (Probably you have)

https://wiki.debian.org/BridgeNetworkConnections


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 16/01/2026 12:11, mm0fmf wrote:

On 14/01/2026 21:00, The Natural Philosopher wrote:

If you recall I was after a configuration that would allow a Pi 4 or 5
to act in addition to its generic operation as a server on the
network, to also act as a wifi access point.

I have *sort of* succeeded.

Have you read this? (Probably you have)

https://wiki.debian.org/BridgeNetworkConnections

It applies to a debian configuration that is not what I have. I have no
brctl for example.
And it says *how* to set up a bridge,m but that I have already done.

It has no info on using network manager for example,

I am chasing a performance issue now - and a strange one at that.

Unless you can conclusively state that the bridge set up by brctl is
markedly different from the one set up by Network manager, that 'how to'
is not relevant, sadly.

The 'magic spell' I ended up using is pretty much this one

https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097

What is happening is that the bridge seems perfectly stable from
Ethernet to the bridge host machine, but is very variable on the Wi-Fi interface, and that gets worse if
- the incoming packet is via the inbound router from the internet...
- inbound traffic to the host is heavy.

I get between 48% and 988% packet loss to external machines on the
Internet. Mostly OK access to the rest of the LAN using the Wi-Fi interface.

Somewhere the bridge is dropping stuff and I don't know why. After
struggling with journalctl there is nothing relevant in the logs that I
found.

neither CPU nor ram on the Pi are especially overloaded.

In short according to the logs etc. everything is working as it should,
but packets are being mangled somewhere.

I included my network manager files in case someone with a pi 4 or 5
might care to try and duplicate the setup and see if its shit for them
as well...


--
I was brought up to believe that you should never give offence if you
can avoid it; the new culture tells us you should always take offence if
you can. There are now experts in the art of taking offence, indeed
whole academic subjects, such as 'gender studies', devoted to it.

Sir Roger Scruton


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/16/26 23:39, Lawrence D?Oliveiro wrote:

Maybe you need to find a mafician ...

A wave of the mand ?


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Maybe you need to find a mafician ...

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-14, c186282 <c186282@nnada.net> wrote:

I've set up Pi2s3s4s as 'servers' before, it was
never THIS complex however. A PI is just a very
small Linux box. Alas if you need multiple net
ports you may need to think of USB dongles.

What he describes is the normal way to set up bridging between multiple
network devices (in this case ethernet and wifi) under Linux. A WIFI access point usually works as a bridge, so this *is* required.

Net/USB/WiFi speed ratings for PIs are almost always
"best case" ... actually they're kinda LIES. The P4
was much better, P5s even better, but it's not gonna
be like a PCI card plugged into your Big Box.

Also, there is a difference between "client" WIFI chips and "accespoint"
wifi chips, regarding features and performance. Most client cards nowadays
have some kind of limited access point mode, but is limited compared to a
real access point (number of streams, number of simultaneous client and
other WIFI features).

I believe the raspberry pi wifi devices are more in the "client" category.

However, while the observed performance may be due to hardware limits, I
would expect better stability with only one client attached.

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 18/01/2026 11:06, Michael Schwingen wrote:

On 2026-01-16, The Natural Philosopher <tnp@invalid.invalid> wrote:

What is happening is that the bridge seems perfectly stable from
Ethernet to the bridge host machine, but is very variable on the Wi-Fi
interface, and that gets worse if
- the incoming packet is via the inbound router from the internet...
- inbound traffic to the host is heavy.

I get between 48% and 988% packet loss to external machines on the
Internet. Mostly OK access to the rest of the LAN using the Wi-Fi interface.

Could this be caused by WIFI power management? You might try disabling that.

iw wlan0 set power_save off

already done.


--
?But what a weak barrier is truth when it stands in the way of an
hypothesis!?

Mary Wollstonecraft


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-16, The Natural Philosopher <tnp@invalid.invalid> wrote:

What is happening is that the bridge seems perfectly stable from
Ethernet to the bridge host machine, but is very variable on the Wi-Fi interface, and that gets worse if
- the incoming packet is via the inbound router from the internet...
- inbound traffic to the host is heavy.

I get between 48% and 988% packet loss to external machines on the
Internet. Mostly OK access to the rest of the LAN using the Wi-Fi interface.

Could this be caused by WIFI power management? You might try disabling that.

iw wlan0 set power_save off

or

https://gist.github.com/jcberthon/ea8cfe278998968ba7c5a95344bc8b55

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)