how to create a wifi access point using hostapd

enable network forwarding from the local lan to the wifi network

for the rest of this document, assume linux interface is wlan0, openbsd interface is run0.

  • caveat!! * these firewall rules only provide NAT, they are WIDE OPEN. appropriate security rules are not incorporated here.

linux:

sysctl net.ipv4.ip_forward=1
/sbin/iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
/sbin/iptables -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $LANIF -o $WANIF -j ACCEPT

obsd:

  • * sysctl net.inet.ip.forwarding=1 *

/etc/pf.conf:

# egress (internet) interface wan = em0 # hostap wireless interface wifi = run0

scrub in all nat on $wan from !($wan) to any → $(wan)

configure dhcp for the wifi network

  • /etc/dhcpd.conf.wifi

subnet 192.168.5.0 netmask 255.255.255.0 { range 192.168.5.100 192.168.5.200; option routers 192.168.5.1; }

note that we specify alternate files so we don't conflict with any other
instances of dhcpd. the lease file location may vary between distro's.

touch /var/cache/dhcp/dhcpd-wlan0.leases dhcpd \ -cf /etc/dhcpd.conf.wifi \ -lf /var/cache/dhcp/dhcpd-wlan0.leases \ -pf /var/run/dhcpd-wlan0.pid \ wlan0

== assign an ip to the wireless interface

* linux: + * ifconfig wlan0 192.168.5.1 netmask 255.255.255.0 up * +
* obsd: + * ifconfig run0 192.168.5.1 255.255.255.0 up * +

== configure and launch hostapd

* /etc/hostapd.conf

ctrl_interface=/var/run/hostapd ctrl_interface_group=root macaddr_acl=0 auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP wpa_passphrase=thisismysecretkey interface=run0 # or: interface=wlan0 driver=nl80211 hw_mode=g # or, eg: hw_mode=n channel=11 ssid=mywifinetwork

  • * hostapd /etc/hostapd.conf *