Bluetooth Network

This page has information about setting up a Bluetooth Personal Area Network (PAN) with BlueZ. Having a Bluetooth network is helpful for providing network access to low power embedded devices.

Background
Information on piconets can be found on Wikipedia Basic information on BlueZ PAN support can be found here:

Limitations
A PAN network is limited to 7 clients and provides substantially less bandwidth (~700Kbit/s) than other WiFi networks.

Requirements
To setup a home piconet, you'll need: These instructions are based on a Debian/Sid system, but the setup should be similar for other distributions.
 * A Bluetooth device, such as a USB dongle, preferably Class 1 for range purposes.
 * A kernel that supports the Bluez stack including BNEP.
 * bluez-utils (testing with 3.36).
 * Kernel ethernet bridging support.
 * bridge-utils (tested with 1.4).

Setup /etc/bluetooth/hcid.conf
hcid.conf(5) Your piconet server should advertise itself appropriately. Modify the class parameter within the device section so that the host presents itself as a network access point device offering network service: class 0x020300; Change your piconet server to prefer master role on incoming connections: lm master; Make your piconet server permanently discoverable: discovto 0;
 * 1) Local device class

Daemon Configuration
pand(1) Setup the command line options for the pand daemon. Within Debian, this is done through the file /etc/default/bluetooth. The command lines for the pand daemon should be: --listen --role NAP -u /etc/bluetooth/pan/dev-up -o /etc/bluetooth/pan/dev-down

End Result (When host is connected)
ifconfig bnep0 bnep0    Link encap:Ethernet  HWaddr 00:11:f6:05:79:95 inet6 addr: fe80::211:f6ff:fe05:7995/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1 RX packets:23661 errors:0 dropped:0 overruns:0 frame:0 TX packets:29381 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2976646 (2.8 MiB) TX bytes:27249215 (25.9 MiB) hcitool con Connections: > ACL 00:1B:DC:0F:A8:AE handle 8 state 1 lm MASTER

Bridge Configuration
The kernel only provides an Ethernet device when at least one PAN client has connected. This means that there will be no associated device when no devices are connected. This can be very inconvenient when providing services such as DHCP. By utilizing Ethernet Bridging, a permanent pan0 device can be created.

Setup /etc/network/interfaces
interfaces(5) bridge-utils-interfaces(5) On Debian systems, network interfaces are configured through this file. An example configuration would be: auto pan0 iface pan0 inet static address 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 bridge_ports none bridge_fd 0 bridge_stp off Alternatively, the pan0 interface can be configured manually: brctl addbr pan0 brctl setfd pan0 0 brctl stp pan0 off ifconfig pan0 10.1.0.1 netmask 255.255.255.0

Setup /etc/bluetooth/pan/dev-{up|down}
The dev up/down files add and remove the bnep0 device from the pan0 bridge interface as the first device enters the network, and as the last device leaves the network.

/etc/bluetooth/pan/dev-up ifconfig $1 up brctl addif pan0 $1
 * 1) !/bin/sh

/etc/bluetooth/pan/dev-down brctl delif pan0 $1 ifconfig $1 down
 * 1) !/bin/sh

End Result (When host is connected)
brctl show bridge name	bridge id		STP enabled	interfaces pan0		8000.0011f6057995	no		bnep0 ifconfig pan0 pan0     Link encap:Ethernet  HWaddr 00:11:f6:05:79:95 inet addr:10.1.0.1 Bcast:10.1.0.255  Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1 RX packets:30706 errors:0 dropped:0 overruns:0 frame:0 TX packets:40037 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3681538 (3.5 MiB) TX bytes:34573855 (32.9 MiB)

Setup DHCP
Unless avahi zeroconf will be used to assign address, a DHCP server will be required.

Setup /etc/dhcpd.conf
Basic configuration: option domain-name-servers, , ;

default-lease-time 864000; max-lease-time 864000;

subnet 10.1.0.0 netmask 255.255.255.0 { option domain-name "blue"; range 10.1.0.100 10.1.0.200; option routers 10.1.0.1; }

Daemon Configuration
Setup the command line options for the dhcpd daemon. Within Debian, this is done through the file /etc/default/dhcp. Tho command lines for the dhcpd daemon should be: pan0

Setup Network
If your piconet server is not the machine you intend to access your piconet devices from and/or your piconet devices need to access hosts other than your piconet server, routing and/or NAT will need to be configured

Shorewall
Adding your piconet to an existing Shorewall configuration is by far the easiest method.

params
BLUE_IF=pan0

interfaces
blue	$BLUE_IF	detect		tcpflags,dhcp,detectnets,nosmurfs
 * 1) ZONE  INTERFACE       BROADCAST       OPTIONS

zones
blue	ipv4
 * 1) ZONE	TYPE		OPTIONS		IN			OUT
 * 2) 					OPTIONS			OPTIONS

policy
Allow piconet to access Internet: blue           net             ACCEPT A rule like the following would allow the local network to access the piconet: loc            all             ACCEPT The last line of the policy file should of course contain an all/all DROP rule.
 * 1) SOURCE        DEST            POLICY          LOG             LIMIT:BURST
 * 2)                                               LEVEL
 * 1) SOURCE        DEST            POLICY          LOG             LIMIT:BURST

masq
Allow local network to access piconet masquerading as piconet server: $BLUE_IF		$LOC_IF Masquerade piconet network access to Internet $NET_IF			$BLUE_IF
 * 1) INTERFACE             SUBNET          ADDRESS         PROTO   PORT(S) IPSEC
 * 1) INTERFACE             SUBNET          ADDRESS         PROTO   PORT(S) IPSEC

rules
Not allowing your open piconet to do things like Spam and/or access your Cable modem is probably a good thing. SMTP/REJECT    blue    net DROP  blue    net:10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 * 1) ACTION        SOURCE  DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
 * 2)                                               PORT    PORT(S)         DEST            LIMIT           GROUP

Netfilter
A very basic Netfilter setup, assuming that eth1 connects to the Internet, and eth0 connects to the local network. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -i eth0 -o pan0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
 * 1) Enable masquerading access to the Internet (rule may already exists)
 * 1) Enable masquerading access to the piconet from the local net
 * 1) Enable routing (may already exist)

Network Manager 0.7
Network Manager provides connection sharing functionality. From the "Edit Connections" dialog, select "Add". Name the connection bnep0 and enter the Bluetooth device's MAC address into the Wired tab. Select "Shared to other computers" on the "IPv4 Settings" tab.

Client Device
Embedded devices should execute the command: pand --connect --persist -u ifup -o ifdown Upon boot, alternatively, the following command can be used: pand --search --persist -u ifup -o ifdown

/etc/network/interfaces file
This step applies to Debian and Debian like (Angstrom/OE) distributions. Modification will be required for other distributions: allow-hotplug bnep0 iface bnep0 inet dhcp
 * 1) Bluetooth networking

End result
ifconfig bnep0 bnep0    Link encap:Ethernet  HWaddr 00:1B:DC:0F:A8:AE inet addr:10.1.0.100 Bcast:10.1.0.255  Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1 RX packets:29272 errors:0 dropped:0 overruns:0 frame:0 TX packets:23598 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27242050 (25.9 MiB) TX bytes:2964918 (2.8 MiB) route -n Kernel IP routing table Destination    Gateway         Genmask         Flags Metric Ref    Use Iface 10.1.0.0       0.0.0.0         255.255.255.0   U     0      0        0 bnep0 0.0.0.0        10.1.0.1        0.0.0.0         UG    0      0        0 bnep0 hcitool con Connections: < ACL 00:11:F6:05:79:95 handle 42 state 1 lm SLAVE