Simple Wifi AP without NAT

Kernels & Hardware, configuring network, installing services

Simple Wifi AP without NAT

Postby vanbynight » 2018-03-30 17:13

I just spent about an hour googling how to do this but I can't find a simple answer.

What I'm trying to accomplish is a layer 2 bridge between my wired and wireless interfaces so I can have clients connect to my wireless AP running on this box (let's call it APnode). I specifically don't want to run a DHCP and DNS forwarder on APnode and all I want it to do is have it act as an access point for my preexisting network that already has DHCP DNS NAT etc working.

I'd like to accomplish this using
Code: Select all

but I don't know how to configure the wireless in access point mode.

Is there an option that would look similar to this? The names are just for reference and I'd probably use a vlan interface for management on eth0

Code: Select all
auto eth0
iface eth0 inet manual

#management interface
auto eth0.10
iface eth0.10 inet dhcp
vlan-raw-device eth0

#pass wireless traffic to this interface
auto eth0.20
iface eth0.20 inet manual
vlan-raw-device eth0

#Wireless interface in Access Point Mode
auto wlan0
iface wlan0 inet manual
#not sure how to set a wireless interface to act as an access point
WPA-ACCESS-POINT-MODE "anything other than client mode"

#the bridge that pushes traffic from wlan0 to the ethernet interface
auto br0
iface br0 inet manual
bridge-ports wlan0 eth0.20

I don't want to have a DHCP server running on APnode and I'd prefer that it didn't do any layer 3 routing.

If using /etc/network/interfaces isn't an option I'd like to make a bash script that I can run from /etc/rc.local that adds the wireless interface to the bridge. I also posted this on the ubuntu forums but then I realized that this would probably get more attention on the Debian forum because you guys are just so great :)

**Bonus points if you know how to make this work with multiple access point SSID's running on the same hardware for a guest-network**
Posts: 4
Joined: 2018-03-30 17:10

Re: Simple Wifi AP without NAT

Postby p.H » 2018-03-30 17:35

You must use hostapd to configure the wireless interface in master (access point) mode. I haven't done this for a long time. Only after it is set in master mode you can add it to a bridge. The kernel bridge code won't allow bridging a wireless interface in managed (infrastructure, the default) mode or adhoc mode.
Posts: 645
Joined: 2017-09-17 07:12

Re: Simple Wifi AP without NAT

Postby bw123 » 2018-03-30 18:10

yeah what p.H said. try searching for hostapd+dnsmasq

I haven't set one up in a long while either, there may be other ways to do it now, but this is pretty simple, IF the wireless device actually support AP mode like a router.

...I just spent about an hour googling...

Okay sorry, this is funny. When I did one of these it took a couple weeks to tweak it. it's been running for 4 yrs now, so do a lot more googling!
User avatar
Posts: 3572
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Simple Wifi AP without NAT

Postby vanbynight » 2018-04-02 13:40

This doesn't use Layer 3 because I specifically stated I am trying to keep everything at Layer 2. This is a simple solution that doesn't involve NAT, DNSmasq or DHCP running on the access point and just pushes traffic from the wireless interface to the ethernet interface.

Here's the working config for now it doesn't do wireless N in Master mode so I'm stuck at G speeds. Also I haven't setup a dedicated vlan yet so it's just passing wireless traffic to the untagged interface and is managed on vlan 10.

here's my /etc/network/interfaces

Code: Select all
auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet manual

auto enp2s0.10
iface enp2s0.10 inet dhcp
vlan-raw-device enp2s0

auto enp2s0.30
iface enp2s0.30 inet manual
vlan-raw-device enp2s0

auto br0
iface br0 inet manual
bridge-ports enp2s0

and the /etc/hostapd/hostapd.conf file

Code: Select all
#change wlan0 to your wireless device



and /etc/rc.local because I don't know how to autostart this as a service and this was the easiest way to do it

Code: Select all

#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.
/usr/sbin/hostapd /etc/hostapd/hostapd.conf -B
exit 0

To do this I needed to install the following packages

Code: Select all
ifenslave bridge-utils vlan hostapd

I'd recommend changing the permissions of /etc/network/interfaces to 0600 so regular users can't change or view the password

I also modified the /etc/default/grub file so that I get a serial console on boot instead of needing to plug in monitor etc. It's not really necessary but I like having a serial port on most headless machines in the event that their networking dies.

Code: Select all

GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS1,115200n8"

GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
Posts: 4
Joined: 2018-03-30 17:10

Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests