Template:HOSTAPD ACCESS POINT: Difference between revisions

From Variscite Wiki
No edit summary
No edit summary
Line 53: Line 53:
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT
# iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT
# iptables-save > /etc/iptables/iptables.rules
</pre>
</pre>


and allow ip forwarding by appending /etc/sysctl.conf:
# /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Now, devices connecting to the access point on uap0 will have network access through eth0.
</noinclude>
</noinclude>

Revision as of 23:54, 10 January 2024

Configuring WiFi Access Point with hostapd

hostapd is a versatile tool for setting up a WiFi Access Point and generally offers more options and flexibility compared to NetworkManager. For instance, hostapd enables the creation of a WiFi 6 Access Point, which is not currently possible with NetworkManager.

While NetworkManager facilitates complete automation of WiFi, DHCP server, and NAT configuration, hostapd provides more granular control over these settings, making it a preferred choice for advanced configurations.

dnsmasq is a suitable option for providing DHCP and DNS services alongside hostapd. It's a lightweight DNS forwarder and DHCP server that can be easily integrated with hostapd.

hostapd: Make sure interface is not managed by NetworkManager

Before starting with hostapd, it's important that NetworkManager is not managing the access point interface (uap0). If NetworkManager is running, make sure uap0 is unmanaged:

# /etc/NetworkManager/conf.d/99-iw61x-unmanaged-devices.conf
[keyfile]
unmanaged-devices=interface-name:uap0;

hostapd: Create /etc/hostapd.conf

The next step is to create /etc/hostapd.conf. The following table shows how to configure 802.11bgn, 802.11ac, and 802.11ax access points:

Wi-Fi 2.4GHz (802.11bgn)
/etc/hostapd.conf
Wi-Fi 5 (802.11ac)
/etc/hostapd.conf
Wi-Fi 6 (802.11ax)
/etc/hostapd.conf
# /etc/hostapd.conf for 2.4 GHz (802.11b/g/n)
# AP Net Interface
interface=uap0

# 2.4 GHz
hw_mode=g

# Enable 802.11n (Wi-Fi 4) standard
ieee80211n=1
wmm_enabled=1

# Demo was run in the US
country_code=US

# Our SSID
ssid=Var_AP_2G

# Automatically select the best channel
# Notes about the LWB/LWB5 modules:
#  - For AP+STA, the channel must match the STA channel
#  - The LWB does not support auto channel selection.
#    We recommend using channel 1
channel=0
# /etc/hostapd.conf for Wi-Fi 5 (802.11ac)​
# AP Net Interface​
interface=uap0​

# 5 GHz​
hw_mode=a​
​
# Enable 802.11ac (Wi-Fi 5) standard​
ieee80211ac=1​
wmm_enabled=1​

# Demo was run in the US​
country_code=US​

# Our SSID​
ssid=Var_AP_Wifi5

# Automatically select the best channel​
# Notes about the LWB/LWB5 modules:
#  - For AP+STA, the channel must match the STA channel
#  - The LWB5 does not support auto channel selection.
#    For LWB5, we recommend using channel 36.
channel=0​
# /etc/hostapd.conf for Wi-Fi 6 (802.11ax)​
# AP Net Interface​
interface=uap0​

# 5 GHz​
hw_mode=a​
​
# Enable 802.11ax (Wi-Fi 6) standard​
ieee80211ax=1
wmm_enabled=1​

# Demo was run in the US​
country_code=US​
                                                       
# Our SSID​
ssid=Var_AP_Wifi6

# Automatically select the best channel​
channel=0​




Then, configure dnsmasq:

# /etc/dnsmasq.conf
interface=uap0              # Use the interface uap0 for DHCP
no-dhcp-interface=eth0      # Disable DHCP on eth0
no-dhcp-interface=wlan0     # Disable DHCP on wlan0
no-dhcp-interface=wfd0      # Disable DHCP on wfd0
dhcp-range=192.168.10.10,192.168.10.100,12h  # Set the DHCP range and lease time

Then, start hostapd and dnsmasq:

# systemctl restart hostapd
# systemctl restart dnsmasq

Optionally, configure a NAT between uap0 and eth0:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT

and allow ip forwarding by appending /etc/sysctl.conf:

# /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1 

Now, devices connecting to the access point on uap0 will have network access through eth0.