Template:HOSTAPD ACCESS POINT: Difference between revisions
No edit summary |
No edit summary |
||
Line 53: | Line 53: | ||
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
# iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT | # iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT | ||
</pre> | </pre> | ||
and allow ip forwarding by appending /etc/sysctl.conf: | |||
# /etc/sysctl.conf | |||
net.ipv4.ip_forward=1 | |||
net.ipv6.conf.all.forwarding=1 | |||
Now, devices connecting to the access point on uap0 will have network access through eth0. | |||
</noinclude> | </noinclude> |
Revision as of 23:54, 10 January 2024
Configuring WiFi Access Point with hostapd
hostapd is a versatile tool for setting up a WiFi Access Point and generally offers more options and flexibility compared to NetworkManager. For instance, hostapd enables the creation of a WiFi 6 Access Point, which is not currently possible with NetworkManager.
While NetworkManager facilitates complete automation of WiFi, DHCP server, and NAT configuration, hostapd provides more granular control over these settings, making it a preferred choice for advanced configurations.
dnsmasq is a suitable option for providing DHCP and DNS services alongside hostapd. It's a lightweight DNS forwarder and DHCP server that can be easily integrated with hostapd.
hostapd: Make sure interface is not managed by NetworkManager
Before starting with hostapd, it's important that NetworkManager is not managing the access point interface (uap0). If NetworkManager is running, make sure uap0 is unmanaged:
# /etc/NetworkManager/conf.d/99-iw61x-unmanaged-devices.conf [keyfile] unmanaged-devices=interface-name:uap0;
hostapd: Create /etc/hostapd.conf
The next step is to create /etc/hostapd.conf. The following table shows how to configure 802.11bgn, 802.11ac, and 802.11ax access points:
Wi-Fi 2.4GHz (802.11bgn) /etc/hostapd.conf |
Wi-Fi 5 (802.11ac) /etc/hostapd.conf |
Wi-Fi 6 (802.11ax) /etc/hostapd.conf |
---|---|---|
# /etc/hostapd.conf for 2.4 GHz (802.11b/g/n) # AP Net Interface interface=uap0 # 2.4 GHz hw_mode=g # Enable 802.11n (Wi-Fi 4) standard ieee80211n=1 wmm_enabled=1 # Demo was run in the US country_code=US # Our SSID ssid=Var_AP_2G # Automatically select the best channel # Notes about the LWB/LWB5 modules: # - For AP+STA, the channel must match the STA channel # - The LWB does not support auto channel selection. # We recommend using channel 1 channel=0 |
# /etc/hostapd.conf for Wi-Fi 5 (802.11ac) # AP Net Interface interface=uap0 # 5 GHz hw_mode=a # Enable 802.11ac (Wi-Fi 5) standard ieee80211ac=1 wmm_enabled=1 # Demo was run in the US country_code=US # Our SSID ssid=Var_AP_Wifi5 # Automatically select the best channel # Notes about the LWB/LWB5 modules: # - For AP+STA, the channel must match the STA channel # - The LWB5 does not support auto channel selection. # For LWB5, we recommend using channel 36. channel=0 |
# /etc/hostapd.conf for Wi-Fi 6 (802.11ax) # AP Net Interface interface=uap0 # 5 GHz hw_mode=a # Enable 802.11ax (Wi-Fi 6) standard ieee80211ax=1 wmm_enabled=1 # Demo was run in the US country_code=US # Our SSID ssid=Var_AP_Wifi6 # Automatically select the best channel channel=0 |
Then, configure dnsmasq:
# /etc/dnsmasq.conf interface=uap0 # Use the interface uap0 for DHCP no-dhcp-interface=eth0 # Disable DHCP on eth0 no-dhcp-interface=wlan0 # Disable DHCP on wlan0 no-dhcp-interface=wfd0 # Disable DHCP on wfd0 dhcp-range=192.168.10.10,192.168.10.100,12h # Set the DHCP range and lease time
Then, start hostapd and dnsmasq:
# systemctl restart hostapd # systemctl restart dnsmasq
Optionally, configure a NAT between uap0 and eth0:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT
and allow ip forwarding by appending /etc/sysctl.conf:
# /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
Now, devices connecting to the access point on uap0 will have network access through eth0.