Tag Archives: nat

Raspberry Pi as Wifi Access Point

Have your own Linux router / access point, provide guests with wireless network access.

Obviously using a Pi model with a RJ45 lan port and a usb wifi adapter. When soursing the latter, make sure it is compatible and won’t require a powered usb hub. I purchased one from.
www.thepihut.com

Your Pi will need to be connected to wired LAN, with internet access. It will NAT to it’s ethernet address and use a lightweight DHCP server to give wireless clients IP addresses.

Assuming the pi is already running Raspbian, SD card image has been expanded, default password changed, networking with internet access working. Sudo to root to run following commands.

Install software.
sudo apt-get install hostapd isc-dhcp-server

Configure DHCP server information for our new wifi subnet.

Using example network. 192.168.2.0/24. With the first 10 addresses reserved for static asignment.

nano /etc/dhcp/dhcpd.conf

Comment out the following lines, thus.

#option domain-name “example.org”;
#option domain-name-servers ns1.example.org, ns2.example.org;

Uncomment authoritative in the below line.

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

Ad the following lines at the bottom.

subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.2.253;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name “local”;
option domain-name-servers 8.8.8.8, 8.8.4.4;
.}

Save and exit.

The wifi adapter will likely show up as wlan0. To check do.

ifconfig

Or

iwconfig.

You can use the below command to see if your usb adapter is recognised.

lsusb

Shut it down whilst we configure DHCP.

ifdown wlan0

Now edit the main configuration file for DHCP server.
/etc/default/isc-dhcp-server
Add our wifi interface in.

interfaces =”wlan0″

Save and exit.

Configure wlan0.

nano /etc/network/interfaces

Comment out any config lines already present for wlan0 by prepending a #.

Then add

iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0

Save and exit.

Configuring the hostapd access point daemon.
In order to get the RTL8187CUS driver working, it was necessary to use this replacement for hostapd below.
wget http://www.daveconroy.com/wp3/wp-content/uploads/2013/07/hostapd.zip

Replace the name of the wifi adapter driver listed in the config with yours if different. Check with.

lsusb

Create the config file and add the below lines.

nano /etc/hostapd/hostapd.conf

interface=wlan0
driver=rtl871xdrv
ssid=my_ssid
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=passphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Save and exit. Then edit the main hostapd config file to point it to the above setup config.

nano /etc/default/hostapd

DAEMON_CONF=”/etc/hostapd/hostapd.conf”
Save and exit.

Because our pi will be acting as a router, forwarding from wlan0 to eth0, we need to enable IP forwarding in the kernel. To enable this at boot edit.

nano /etc/sysctl.conf

Scroll to the bottom and add

net.ipv4.ip_forward=1
on a new line. Save and exit.

To enable IP forwarding immediately do.

sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”

Now configure NAT so our wifi users get access to the rest of the network using the pi’s eth0 address.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
To enable this at boot, you can save the rules to a file called nat-rules, for example, and have them read back in. Do

iptables-save nat-rules

In the file, /etc/network/interfaces under the wlan0 config, add the line.

post-up iptables-restore nat-rules

Bring up wlan0 with.

ifup wlan0

To test the access point run it with.

/usr/sbin/hostapd /etc/hostapd/hostapd.conf

Assuming the ap it’s working, to have hostapd and dhcp-server run at boot, do.

update-rc.d hostapd enable
update-rc.d isc-dhcp-server enable

Check status with.

service hostapd status
service isc-dhcp-server status
update-rc.d hostapd enable

Depending on your distro, you may need to remove WPASupplicant. Do so by running this command:

sudo mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service ~/

And then rebooting.
That’s it. :)