Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Simple Wifi AP without NAT

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
vanbynight
Posts: 4
Joined: 2018-03-30 17:10

Simple Wifi AP without NAT

#1 Post by vanbynight »

I just spent about an hour googling how to do this but I can't find a simple answer.

What I'm trying to accomplish is a layer 2 bridge between my wired and wireless interfaces so I can have clients connect to my wireless AP running on this box (let's call it APnode). I specifically don't want to run a DHCP and DNS forwarder on APnode and all I want it to do is have it act as an access point for my preexisting network that already has DHCP DNS NAT etc working.

I'd like to accomplish this using

Code: Select all

 /etc/network/interfaces
but I don't know how to configure the wireless in access point mode.

Is there an option that would look similar to this? The names are just for reference and I'd probably use a vlan interface for management on eth0

Code: Select all

auto eth0
iface eth0 inet manual

#management interface
auto eth0.10
iface eth0.10 inet dhcp
vlan-raw-device eth0

#pass wireless traffic to this interface
auto eth0.20
iface eth0.20 inet manual
vlan-raw-device eth0

#Wireless interface in Access Point Mode
auto wlan0
iface wlan0 inet manual
#not sure how to set a wireless interface to act as an access point
WPA-ACCESS-POINT-SSID "My access Point"
WPA-ACCESS-POINT-PASSWORD "secret"
WPA-ACCESS-POINT-MODE "anything other than client mode"

#the bridge that pushes traffic from wlan0 to the ethernet interface
auto br0
iface br0 inet manual
bridge-ports wlan0 eth0.20
I don't want to have a DHCP server running on APnode and I'd prefer that it didn't do any layer 3 routing.

If using /etc/network/interfaces isn't an option I'd like to make a bash script that I can run from /etc/rc.local that adds the wireless interface to the bridge. I also posted this on the ubuntu forums but then I realized that this would probably get more attention on the Debian forum because you guys are just so great :)

**Bonus points if you know how to make this work with multiple access point SSID's running on the same hardware for a guest-network**

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Simple Wifi AP without NAT

#2 Post by p.H »

You must use hostapd to configure the wireless interface in master (access point) mode. I haven't done this for a long time. Only after it is set in master mode you can add it to a bridge. The kernel bridge code won't allow bridging a wireless interface in managed (infrastructure, the default) mode or adhoc mode.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: Simple Wifi AP without NAT

#3 Post by bw123 »

yeah what p.H said. try searching for hostapd+dnsmasq

I haven't set one up in a long while either, there may be other ways to do it now, but this is pretty simple, IF the wireless device actually support AP mode like a router.
...I just spent about an hour googling...
Okay sorry, this is funny. When I did one of these it took a couple weeks to tweak it. it's been running for 4 yrs now, so do a lot more googling!
resigned by AI ChatGPT

vanbynight
Posts: 4
Joined: 2018-03-30 17:10

Re: Simple Wifi AP without NAT

#4 Post by vanbynight »

This doesn't use Layer 3 because I specifically stated I am trying to keep everything at Layer 2. This is a simple solution that doesn't involve NAT, DNSmasq or DHCP running on the access point and just pushes traffic from the wireless interface to the ethernet interface.

Here's the working config for now it doesn't do wireless N in Master mode so I'm stuck at G speeds. Also I haven't setup a dedicated vlan yet so it's just passing wireless traffic to the untagged interface and is managed on vlan 10.

here's my /etc/network/interfaces

Code: Select all

auto lo
iface lo inet loopback


auto enp2s0
iface enp2s0 inet manual

auto enp2s0.10
iface enp2s0.10 inet dhcp
vlan-raw-device enp2s0

auto enp2s0.30
iface enp2s0.30 inet manual
vlan-raw-device enp2s0

auto br0
iface br0 inet manual
bridge-ports enp2s0

and the /etc/hostapd/hostapd.conf file

Code: Select all

#change wlan0 to your wireless device
interface=wlp4s0
bridge=br0
driver=nl80211
ssid=wifissid
channel=0
ieee80211n=1
wme_enabled=1
hw_mode=g
#macaddr_acl=1
#accept_mac_file=hostapd.accept
#deny_mac_file=hostapd.deny


##Security

macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=secretpasswd
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
and /etc/rc.local because I don't know how to autostart this as a service and this was the easiest way to do it

Code: Select all


#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/usr/sbin/hostapd /etc/hostapd/hostapd.conf -B
exit 0

To do this I needed to install the following packages

Code: Select all

ifenslave bridge-utils vlan hostapd
I'd recommend changing the permissions of /etc/network/interfaces to 0600 so regular users can't change or view the password


I also modified the /etc/default/grub file so that I get a serial console on boot instead of needing to plug in monitor etc. It's not really necessary but I like having a serial port on most headless machines in the event that their networking dies.

Code: Select all


GRUB_DEFAULT=0
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS1,115200n8"
GRUB_CMDLINE_LINUX=""

GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

Post Reply