how to create a wifi access point using hostapd

enable network forwarding from the local lan to the wifi network

for the rest of this document, assume linux interface is wlan0, openbsd interface is run0.

  • caveat!! * these firewall rules only provide NAT, they are WIDE OPEN. appropriate security rules are not incorporated here.


sysctl net.ipv4.ip_forward=1
/sbin/iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
/sbin/iptables -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $LANIF -o $WANIF -j ACCEPT


  • * sysctl net.inet.ip.forwarding=1 *


# egress (internet) interface wan = em0 # hostap wireless interface wifi = run0

scrub in all nat on $wan from !($wan) to any → $(wan)

configure dhcp for the wifi network

  • /etc/dhcpd.conf.wifi

subnet netmask { range; option routers; }

note that we specify alternate files so we don't conflict with any other
instances of dhcpd. the lease file location may vary between distro's.

touch /var/cache/dhcp/dhcpd-wlan0.leases dhcpd \ -cf /etc/dhcpd.conf.wifi \ -lf /var/cache/dhcp/dhcpd-wlan0.leases \ -pf /var/run/ \ wlan0

== assign an ip to the wireless interface

* linux: + * ifconfig wlan0 netmask up * +
* obsd: + * ifconfig run0 up * +

== configure and launch hostapd

* /etc/hostapd.conf

ctrl_interface=/var/run/hostapd ctrl_interface_group=root macaddr_acl=0 auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP wpa_passphrase=thisismysecretkey interface=run0 # or: interface=wlan0 driver=nl80211 hw_mode=g # or, eg: hw_mode=n channel=11 ssid=mywifinetwork

  • * hostapd /etc/hostapd.conf *