Wireless is everywhere, though have you ever thought about building your own wireless access point.?Well, if you’ve got capable enough wireless NIC and of course bit of understanding in Linux, that’s what it takes to get the job done.!
On this article, I will stick to CentOS7 system and as well following applications to work on the goal;
- hostapd => a daemon that will control how these wireless protocols should behave
- dhcpd => a daemon that taking care of handing over IP address allocation for external clients
- FirewallD => the native firewall daemon on Centos7 platforms that helps to perform NAT functionality while client internet requests traverse via wireless AP.
- I also assume that the system that we are gonna build our Access Point has wireless NIC plus another medium of access to reach the internet, for example, having a wired NIC with ISP connectivity.
01. Finding out whether your wireless nic support access-point mode:
iw list
02. Second, let make sure no blocking behavior occured on our selected wireless NIC.
rfkill list
As in the figure, both Soft & Hard blocked should say “no”, otherwise, the system won’t allow Hostapd to setup wireless on top of the selected NIC. If unfortunately blocked are in “yes”, you can work on following command to mark them as “no”
rfkill unblock wlan
03. Let install “epel-release” package which will then setup a new repository that hosts this “hostapd” package.
yum -y install epel-release
yum install hostapd dhcp
04. Once the installation completes, let’s move to hostapd specific configuration =>Â /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 driver=nl80211 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP wpa_passphrase=yourpassword interface=wlp01 bridge=br-AP hw_mode=g channel=6 ssid=CentOSAir
interface => on which interface that setup this wireless access point
bridge => a virtual “type => bridge” interface that manage the IP address space for the hosting access point
ssid => the name that client see as your wireless AP
05. Next step should be implement a “br-AP” virtual bridge interface that we defined while configuring hostapd.
nmcli con add con-name br-AP type bridge ifname br-AP autoconnect yes stp no ip4 192.168.10.1/24
06. To let handing over IP address leases over to clients, DHCP is a must =>Â /etc/dhcpd/dhcpd.conf
option domain-name-servers 192.168.5.49;
default-lease-time 600;
max-lease-time 7200;
#
# this DHCP server to be declared valid
authoritative;
#
# specify network address and subnet mask
subnet 192.168.10.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.10.200 192.168.10.220;
option broadcast-address 192.168.10.255;
option domain-name-servers 192.168.10.1;
option domain-name "example.org";
option routers 192.168.10.1;
}
Note that IP address range should be same on both Bridge interface as well as IP address pool managed by DHCP.
07. While Linux system boots up and yet wireless NIC might not initialized as required. In such cases you might experience a service failure on “hostapd.service”. Then the tick should ask the respective initialization unit file to restart the fail service, if found. To do this, you might need to reflect default hostapd.service file to the following context => vim /etc/systemd/system/hostapd.service
[Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator After=network.target [Service] Type=forking PIDFile=/run/hostapd.pid ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target
Note following key parameters:
Restart=on-failure
RestartSec=10
08. Further, I even personally experience a failure in DHCP initialization due to early forking while our Bridge interface hasn’t completed it’s own initialization. This is a must because DHCP strictly looking for a system IP address for which it’s pool of address defined in its configuration. So, lets implement another trick by creating a systemD timer and ask it to fork the dhcpd.service with a bit of delay => vim /etc/systemd/system/dhcpd.timer
[Unit] Description=make dhcp starts after 60sec of boot [Timer] OnBootSec=1min Unit=dhcpd.service [Install] WantedBy=multi-user.target
What this unit does is that, even the main service of “dhcpd.service” is in disable mode at startup, this force the initialization of the dhcpd process after 60 seconds of delay.
09. Finally, reload the systemD unit files, stop DHCP service at boot process and finally start DHCP timer as well as hostapd daemon.
systemctl daemon-reload systemctl disable dhcpd.service systemctl enable dhcpd.timer systemctl enable hostapd.service
10. Reboot the system and after 1 minutes of delay, check the status of;
systemctl status hostapd.service systemctl status dhcpd.service
If they are running, then well done, you done it. But, if unfortunately a failure in hostapd.service, try to restart it again by first, disabling WIFI from NetworkManager.
nmcli radio wifi off
11. When external client traffic moving out on via our system’s public interface(or the NIC which holding your ISP connection), they should subjected to a NAT functionality, otherwise these outgoing traffic would simply never be route back to our system to complete its communication. To setup the NAT process, lets configure firewallD.
firewall-cmd --zone=public --add-masquerade --permanent firewall-cmd --zone=public --add-masquerade firewall-cmd --zone=public --add-port=80/tcp firewall-cmd --zone=public --add-port=443/tcp firewall-cmd --zone=public --add-service=dns
Be mindful to add more rules, if required, to allow certain outgoing tcp/udp protocols.
“I hope this has been informative for you”
-bash: iwlist: command not found
where does one get it?