Do you want to make a computer function as a WLAN base station, so that other computers can use as it as their wifi access point? This can easily be done using the open source software Hostapd and compatible wifi hardware.
This is a useful thing to do if computer acting as a firewall or as a server in the local network, and you want to avoid adding new appliances that all require their own space and cables in you already crowded server closet. Hostapd enables you to have full control of your WLAN access point and also enhances security. By using Hostapd the system will be completely in your control, every line of code can be audited and the source of all software can be verified and all software can be updated easily. It is quite common that active network devices like wifi access points are initially fairly secure small appliances with Linux inside, but over time their vendors don’t provide timely security updates and local administrators don’t care to install them via some clumsy firmware upgrade mechanism. With a proper Linux server admins can easily SSH into it and run upgrades using the familiar and trusted upgrade channels that Linux server distributions provide.
The first step in creating wireless base station with Hostapd is to make sure the WLAN hardware supports running in access point mode. Examples are listed in the hostapd documentation. A good place to shop for WLAN cards with excellent Linux drivers is thinkpenguin.com and in their product descriptions the WLAN card supported operation modes are nicely listed.
The next step is to install the software called Hostapd by Jouni Malinen and others. This is a very widely used software and it most likely is available in your Linux distribution by default. Many of the WLAN router appliances available actually are small Linux computers running hostapd inside, so by running hostapd on a proper Linux computer will give you at least all the features available in the WIFI routers, including advanced authentication and logging.
Our example commands are for Ubuntu 14.04. You need to have access to install hostapd and dnsmasq Dnsmasq is a small DNS/DHCP server which we’ll use in this setup. To start simply run:
sudo apt-get install hostapd dnsmasq
After that you need to create and edit the configuration file:
zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz | sudo tee -a /etc/hostapd/hostapd.conf
The configuration file
/etc/hostapd/hostapd.conf is filled with configuration examples and documentation in comments. The relevant parts for a simple WPA2 protected 802.11g network with the SSID ‘Example-WLAN‘ and password ‘PASS‘ are:
interface=wlan0 ssid=Example-WLAN hw_mode=g wpa=2 wpa_passphrase=PASS wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
Next you need to edit the network interfaces configuration to force the WLAN card to only run in the access point mode. Assuming that the access point network will use the address space 192.168.8.* the file
/etc/network/interfaces should look something like this:
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static hostapd /etc/hostapd/hostapd.conf address 192.168.8.1 netmask 255.255.255.0
Then we need to have a DNS relay and DHCP server on our wlan0 interface so the clients actually get a working Internet connection, and this can be accomplished by configuring dnsmasq. Like hostapd it also has a very verbose configuration file
/etc/dnsmasq.conf, but the relevant parts look like this:
interface=lo,wlan0 no-dhcp-interface=lo dhcp-range=192.168.8.20,192.168.8.254,255.255.255.0,12h
Next we need to make sure that the Linux kernel forwards traffic from our wireless network onto other destination networks. For that you need to edit the file
/etc/sysctl.conf and make sure it has lines like this:
We need to activate NAT in the built-in firewall of Linux to make sure the traffic going out uses the external address as its source address and thus can be routed back. It can be done for example by appending the following line to the file
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 ! -d 192.168.8.0/24 -j MASQUERADE
Some WLAN card hardware might have a virtual on/off switch. If you have such hardware you might need to also run rfkill to enable the hardware using a command like
rfkill unblock 0.
The same computer also runs Network Manager (as for example Ubuntu does by default) you need to edit it’s settings so that if won’t interfere with the new wifi access point. Make sure file
/etc/NetworkManager/NetworkManager.conf looks like this:
[main] plugins=ifupdown,keyfile,ofono dns=dnsmasq [ifupdown] managed=false
Now all configuration should be done. To be sure all changes take effect, finish by rebooting the computer.
If everything is working, a new WLAN network should be detected by other devices.
On the WLAN-server you’ll see similar output from these commands:
$ iw wlan0 info Interface wlan0 ifindex 3 type AP wiphy 0 $ iwconfig wlan0 IEEE 802.11bgn Mode:Master Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off $ ifconfig wlan0 Link encap:Ethernet HWaddr f4:ec:38:de:c8:d2 inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0 inet6 addr: fe80::f6ec:38ff:fede:c8d2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5463040 errors:0 dropped:0 overruns:0 frame:0 TX packets:8166528 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:861148382 (861.1 MB) TX bytes:9489973056 (9.4 GB)