HOWTO Set up a Bluetooth Access Server

In Fedora Core 3

Here's a quick and dirty HOWTO for providing a Pocket PC with internet access via Bluetooth. The Pocket PC side is not covered, simply because there are umpteen ways to do it depending on your version, firmware release, etc. On my iPAQ 2215 it's a matter of following a trivial wizard.

Get BlueZ

Pick your package manager (yum or apt), and install BlueZ:

# yum install bluez

This installs everything you need, except for any specific drivers you might need (I'm using a Conceptronic dongle I had lying around).

Edit the default config

The files you need are to edit are mostly in /etc/bluetooth:

# echo "1234" > /etc/bluetooth/pin

Make sure you pick something less obvious for a PIN, and check if your HCI configuration looks like this:

# cat /etc/bluetooth/hcid.conf

# HCI daemon configuration file.
# $Id: hcid.conf,v 1.4 2004/04/29 20:14:21 holtmann Exp $

# HCId options
options {
        # Automatically initialize new devices
        autoinit yes;

        # Security Manager mode
        #   none - Security manager disabled
        #   auto - Use local PIN for incoming connections
        #   user - Always ask user for a PIN
        security auto;

        # Pairing mode
        #   none  - Pairing disabled
        #   multi - Allow pairing with already paired devices
        #   once  - Pair once and deny successive attempts
        pairing multi;

        # PIN helper
        pin_helper /usr/bin/bluepin;

        # D-Bus PIN helper

# Default settings for HCI devices
device {
        # Local device name
        #   %d - device id
        #   %h - host name
        # name "%h-%d";
        name "Gateway";

        # Local device class
        class 0x120104;

        # Default packet type
        #pkt_type DH1,DM1,HV1;

        # Inquiry and Page scan
        iscan enable; pscan enable;

        # Default link mode
        #   none   - no specific policy
        #   accept - always accept incoming connections
        #   master - become master on incoming connections,
        #            deny role switch on outgoing connections
        #lm accept,master;
        lm accept;

        # Default link policy
        #   none    - no specific policy
        #   rswitch - allow role switch
        #   hold    - allow hold mode
        #   sniff   - allow sniff mode
        #   park    - allow park mode
        #lp hold,sniff;
        lp rswitch,hold,sniff,park;

        # Authentication and Encryption
        auth enable;
        encrypt enable;

Now let's prepare the RFCOMM side of things. This one needs to be edited to contain something like:

# cat /etc/bluetooth/rfcomm.conf

rfcomm0 {
# Automatically bind the device at startup
bind yes;
# RFCOMM channel for the connection
channel 1;

This takes care of the base BlueZ daemons and enables the serial interface you'll need for the PPP connection. However, we still need to set up the dial-up networking daemon (dund):

# cat /etc/sysconfig/dund

#DUNDARGS='--search --persist'
DUNDARGS='--listen --msdun --channel 1'

That's mostly it.

Enabling Routing

If you want to do a quick test, the usual incantations apply:

# sysctl -w net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i ppp0 -j ACCEPT
# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

The above assumes that ppp0 will be the interface dund will bind to (which might not be the case if you have an ADSL modem, for instance) and that eth0 is the interface with Internet connectivity.

However, there's a slightly better way to do it.

Making Changes Persistent

To permanently enable routing, edit /etc/sysctl.conf and make it look like this:

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

To enable the Bluetooth services upon startup, do this:

# chkconfig --level 345 bluetooth on
# chkconfig --level 345 dund on

As to the iptables settings, it's trivial. Just type:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i ppp0 -j ACCEPT
# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# service iptables save

...and everything will be added to /etc/sysconfig/iptables. No need to add iptables invocations to startup scripts manually, no mucking around with wierd extra scripts (this is one of the reasons I like Fedora).

And that's it. Just do:

# service bluetooth start
# service dund start

...and it should work. Take the time to make a note of testing it upon your next reboot, in case you missed something.