• Login
  • Register
Sunday, July 19, 2026
Generate QR Codes
Free PDF Tools
Free Web Audit 360
TechSansar.com
  • Services
  • Top Posts
  • Nepali IT
  • Startups
  • Tech News
  • Categories
    • News
      • Tech
No Result
View All Result
TechSansar.com
  • Services
  • Top Posts
  • Nepali IT
  • Startups
  • Tech News
  • Categories
    • News
      • Tech
No Result
View All Result
TechSansar.com

How to turn Linux machine into a wifi Access Point

ts by ts
December 18, 2013
in How To
A A
0

Related Post

6 things you can do to speed up your Windows 11 computer

Speed up your Windows 11 computer by reducing startup time, here is how to

How to reduce background noise during Microsoft Teams or Zoom meetings

6 simple yet effect ways to speed up your Windows 10 computer

Few weeks ago I stumbled upon the challenge of creating a wifi access-point on my ubuntu 12.04 linux machine. Whilst I knew about ubuntu’s built-in wifi hotspot feature that works in adhoc mode, it was pretty much useless to connect to my new Android smartphone since it did not support the ad-hoc wifi mode. Most phones these days only support the infrastructure mode (a.k.a access-point mode), and in fact, they won’t even detect devices running on ad-hoc mode. After doing some research, I gathered this simple (though a bit lengthy) set of steps to turn your linux machine into a wifi access-point:
Wifi Access Point in Linux
Pre-requsites:

  1. Ability of your wireless card to support infrastructure mode. To find out:
    (i) Find your kernel driver module in use by issuing the below command:
    lspci -k | grep -A 3 -i “network”
    (In my case, the driver in use was ath9k)
    (ii) Now, use the below command to find out your wifi capabilities (replace ath9k by your kernel driver):
    modinfo ath9k | grep ‘depend’
    (iii) If the above output includes “mac80211” then it means your wifi card will support the AP mode.
  2. Hostapd software: Hostapd is the standard linux daemon that will be used to create your access-point.
  3. Dhcp software: Even after hostapd creates the AP and your device detects it, you will still need a  dhcp server to assign a dynamic ip-address to your AP client. (unless you are assigning static address to each device)
  4. Iptables: In order to share internet on your AP clients through wifi (a.k.a reverse-tethering), you will have to setup a NAT (Network Address Translation), so that your linux machine, acting as a middleman transfers the internet packets to and from your AP client and the internet modem card (typically ppp0).

EDIT: As of 06-Jul-2013, I’ve developed a python program with GTK+ front end called ‘pyforward’ which automates the below procedure for you. You can find it here:https://sourceforge.net/projects/pyforward/
Procedure:

  1. Install the hostapd package. On ubuntu:
    sudo apt-get install hostapd
  2. Install Dhcp server. On ubuntu:
    sudo apt-get install dhcp3-server
  3. Make sure that packet forwarding is turned on. This means that your computer is able to forward request of connected clients to other devices, which in my case happened to be from wlan0 to ppp0. (forwarding is different than sending and receiving packets). To enable packet forwarding, issue the following linux command:
    sysctl -w net.ipv4.ip_forward=1
    To make the change permanent, make sure that the below line is uncommented in your /etc/sysctl.conf file. If not, change it and restart your machine:
    net.ipv4.ip_forward=1
  4. The next step is to set up your dhcp. First, decide the subnet and ip-address range in which your virtual AP will sit and your clients will be automatically assigned using dhcp. In my case, I used the subnet 192.168.5.0. My virtual AP is assigned 192.168.5.1 and each connecting wifi device gets an IP in range of 192.168.5.3-45. In order to set the rule, add this block to your /etc/dhcp/dhcpd.conf:
    subnet 
    192.168.5.0 netmask 255.255.255.0 { 
    interface “wlan0″; 
    # — default gateway 
    option routers 
    192.168.5.1; 
    # — Netmask 
    option subnet-mask 
    255.255.255.0; 
    # — Broadcast Address 
    option broadcast-address 
    192.168.5.255; 
    # — Domain name servers, tells the clients which DNS servers to use. 
    #option domain-name-servers 
    #10.0.0.1, 8.8.8.8, 8.8.4.4; 
    option time-offset 
    0; 
    #range 10.0.0.3 10.0.0.13; 
    range 192.168.5.3 192.168.5.45; 
    default-lease-time 1209600; 
    max-lease-time 1814400; 
    }
  5. Now that packet forwarding and dhcp are set up, we have to create a NAT (Network Address Translation) table using iptables. Please note that if you are using any other controlling software on top of iptables such as ufw firewall or firestarter, then you have to manage the NAT yourself. In that case, there is no need to follow this step:
    Create a file called iptables_start in your home folder using gedit or nano and add the below contents to it:
    #!/bin/bash 
                #First, delete all existing rules 
    iptables –flush 
    iptables –delete-chain 
    iptables –table nat –delete-chain 
    iptables –table nat -F 
    iptables –table nat -X#Allow incoming – already established connections: 
    iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT#Allow outgoing on tcp80, tcp443, udp53 
    iptables -A OUTPUT -p tcp –dport 80 -j ACCEPT 
    iptables -A OUTPUT -p tcp –dport 443 -j ACCEPT 
    iptables -A OUTPUT -p udp –dport 53 -j ACCEPT#NAT Forwarding for wifi access point 
    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE 
    iptables -A FORWARD -i ppp0 -o wlan0 -j ACCEPT -m state –state RELATED,ESTABLISHED 
    iptables -A FORWARD -i wlan0 -o ppp0 -j ACCEPT#Block all incoming & outgoing traffic after that
    iptables -A INPUT -j DROP 
    iptables -A OUTPUT -j DROP

Please note that some of the above rules are customized according to my particular requirement. For eg: I’m allowing outgoing traffic on only tcp80, tcp443 & udp53 ports. Your requirements may be different. Only the NAT forwarding part is what you should be concerned about. Also note that here ppp0 refers to the interface that connects to the internet using modem, and wlan0 is your wifi AP interface that connects to client devices that need internet access.
Your particular interfaces might have different names. You may query all interfaces by using ifconfig command to be sure of them.
Once you create the above file, make it executable using a command like:
sudo chmod +x /home/user_xyz/iptables_start
Now run it by issuing “sudo ./iptables_start” in your home folder. Each time you have to make any changes to your firewall, you may edit and run this file. To test your new iptables rules, issue the command “sudo iptables –list”. It will list your newly added rules.
Once you run this however, the iptables rules are set, but they are not stored permanently. To start these rules each time your computer starts, do the following:

  1. Save existing rules to a file using “sudo iptables-save > /home/user_xyz/iptables.rules”.
  2. Copy the iptables.rules file to your /etc folder.
  3. Now, in order for your computer to load rules from iptables.rules when your network interfaces turn up, create a file called /etc/network/if-pre-up.d/iptablesload and add below script to it:
    #!/bin/sh 
    iptables-restore < /etc/iptables.rules 
    exit 0
  4.  Make the above file executable by running “sudo chmod +x /etc/network/if-pre-up.d/iptablesload”
  5. Test these settings by restarting your computer and issuing “sudo iptables –list”. This will list your current firewall rules.
  6. Now that all hard work is done, you are ready to start your virtual AP. First, create a configuration file for the hostapd called hostapd.conf. It can be located in either /etc or your home folder:
    #sets the wifi interface to use, is wlan0 in most cases 
    interface=wlan0 
    #driver to use, nl80211 works in most cases 
    driver=nl80211 
    #sets the ssid of the virtual wifi access point 
    ssid=YourAPName 
    #sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Setting to g ensures backward compatiblity. 
    hw_mode=g 
    #sets the channel for your wifi 
    channel=6 
    #macaddr_acl sets options for mac address filtering. 0 means “accept unless in deny list” 
    macaddr_acl=0 
    #setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid 
    ignore_broadcast_ssid=0 
    #Sets authentication algorithm 
    #1 – only open system authentication 
    #2 – both open system authentication and shared key authentication 
    auth_algs=1 
    #####Sets WPA and WPA2 authentication##### 
    #wpa option sets which wpa implementation to use 
    #1 – wpa only 
    #2 – wpa2 only 
    #3 – both 
    wpa=3 
    #sets wpa passphrase required by the clients to authenticate themselves on the network 
    wpa_passphrase=your_passphrase
    #sets wpa key management 
    wpa_key_mgmt=WPA-PSK 
    #sets encryption used by WPA 
    wpa_pairwise=TKIP 
    #sets encryption used by WPA2 
    rsn_pairwise=CCMP 
    ################################# 
    #####Sets WEP authentication##### 
    #WEP is not recommended as it can be easily broken into 
    #wep_default_key=0 
    #wep_key0=qwert    #5,13, or 16 characters 
    #optionally you may also define wep_key2, wep_key3, and wep_key4 
    ################################# 
    #For No encryption, you don’t need to set any optionsIn above script, replace YourAPName with ssid of your AP. This will be detected when you run a scan on your device. Similarly, replace your_passphrase with the actual password you wish to set up.
  7. The last and final step is to create an AP script and run it. Create a file called AccessPoint in your home folder:#!/bin/bash 
    ifconfig wlan0 up 192.168.5.1 netmask 255.255.255.0 
    sleep 5 
    ###########Start DHCP, comment out / add relevant section########## 
    #Doesn’t try to run dhcpd when already running 
    if [ “$(ps -e | grep dhcpd)” == “” ]; then 
    dhcpd wlan0 & 
    fi 
    ########### 
    #start hostapd 
    sleep 2 
    hostapd ~/hostapd.conf 1>/dev/null 
    killall dhcpd
  8. Make above file by issuing “sudo chmod +x ~/AccessPoint”. Now execute this script in the terminal by “./AccessPoint” and keep it running. If all goes well, your devices should now be able to scan and connect to your new virtual AP.

References:
If for some reasons, all doesn’t go well, then here are some links that can help you:
Hostapd:
http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/
http://ubuntuforums.org/showthread.php?t=151781
Iptables basics:
https://help.ubuntu.com/community/IptablesHowTo
NAT and port forwarding:
http://www.howtoforge.com/nat-gateway-iptables-port-forwarding-dns-and-dhcp-setup-ubuntu-8.10-server

Tags: LinuxWi-Fi
Share212Tweet133Send
Previous Post

All NEW Google Translate in and from Nepali

Next Post

Understanding Nepal Telecom's Self-care Customer Care Service Interface for ADSL & WiMAX Broadband Services

Related Posts

CPU utilization in Windows 11
Computing

6 things you can do to speed up your Windows 11 computer

Got a that resourceful computer with a decent amount of memory, SSD storage and latest generation of that Intel chipsets;...

by tsGeek
July 24, 2024
Speedup your Windows 11 Computer
How To

Speed up your Windows 11 computer by reducing startup time, here is how to

Startup times vary and depend on how many apps you have installed, the speed of your processor, and the kind...

by tsGeek
July 24, 2024

Recent News

Gen Z Protest Kathmandu 2025

July 4, 2026
The Launch That Moved Syuchatar: YetiCloud.AI and the Night Nepal’s Compute Policy Went Public

The Launch That Moved Syuchatar: YetiCloud.AI and the Night Nepal’s Compute Policy Went Public

July 4, 2026
Illustrating Sovereign AI Compute in Nepal Syuchatar with circuitary

Syuchatar in Regional Context: A Policy Commentary on Sovereign AI Compute

May 31, 2026
Technical explainer on Nepal's announced Sovereign AI Compute Center at Syuchatar. What Budget 2083/84 specified, what it didn't, and the four design questions that decide its outcome.

Nepal’s Sovereign AI Compute Center at Syuchatar: A Technical Explainer

May 30, 2026
Hostinger
  • News
  • Tech
  • Event
Generate free QR Codes with QRSansar

TechSansar.com, ICT For Media Pvt Ltd, Regd #249079/077/078, VAT #609868175.
By continuing to use this site, you agree to our cookies and privacy policies.
Here is our Do Not Track (DNT) Guide. Hosted on a VPS and uses this free PDF tool. You can also subscribe to our newsletter.
Creating tech contents for the b̶o̶t̶s̶ humans since 2009 • Team TechSansar • ICT4M with ❤ from Nepal

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home page
  • Shop peripherals
  • Buy software
  • Featured articles
  • My account

TechSansar.com, ICT For Media Pvt Ltd, Regd #249079/077/078, VAT #609868175.
By continuing to use this site, you agree to our cookies and privacy policies.
Here is our Do Not Track (DNT) Guide. Hosted on a VPS and uses this free PDF tool. You can also subscribe to our newsletter.
Creating tech contents for the b̶o̶t̶s̶ humans since 2009 • Team TechSansar • ICT4M with ❤ from Nepal