2. Configure hostapd
Sample configuration given below. Change interface, ssid and wpa_passphrase according to your requirement.
$ cat /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ap_max_inactivity=2400
3. Create a start/stop script
This script will start, stop, restart the required services and set the required iptables rules. Please change the IP address and interface name if required.
$ cat /opt/ap.sh
#!/bin/bash
function start(){
echo "Starting hostapd"
hostapd -B /etc/hostapd/hostapd.conf
sleep 1
echo "Setting 10.42.0.1 to wlan0"
ifconfig wlan0 10.42.0.1 netmask 255.255.255.0
echo "Starting dnsmasq..."
dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.100,60m --dhcp-option=option:router,10.42.0.1 --dhcp-lease-max=50 --pid-file=/var/run/nm-dnsmasq-wlan0.pid&
iptables -A FORWARD -d 10.42.0.0/24 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.42.0.0/24 -i wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
}
function stop(){
echo "Stopping hostapd..."
pkill hostapd
echo "Turn down wlan0..."
ifconfig wlan0 down
echo "stoping dnsmasq..."
pkill -f dnsmasq.*10.42.0.1*
iptables -D FORWARD -d 10.42.0.0/24 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -s 10.42.0.0/24 -i wlan0 -j ACCEPT
iptables -D FORWARD -i wlan0 -o wlan0 -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
echo 0 > /proc/sys/net/ipv4/ip_forward
}
function status(){
if [[ $(pgrep -f dnsmasq.*10.42.0.1*) != '' ]]
then
echo "dnsmasq running..."
else
echo "dnsmasq not running..."
fi
if [[ $(pgrep hostapd) != '' ]]
then
echo "hostapd running..."
else
echo "hostapd not running..."
fi
echo "ip_forward is set to:"$( cat /proc/sys/net/ipv4/ip_forward)
echo "Related iptable rules:"
sudo iptables -nL -t nat | grep 10.42;
sudo iptables -nL | grep 10.42
}
case "$1" in
start)
if [[ $(pgrep -f dnsmasq.*10.42.0.1*) == '' && $(pgrep hostapd) == '' ]]
then
start
else
status
fi
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0" \
"{start|stop|status}"
exit 1
;;
esac
echo "Starting hostapd"
hostapd -B /etc/hostapd/hostapd.conf
sleep 1
echo "Setting 10.42.0.1 to wlan0"
ifconfig wlan0 10.42.0.1 netmask 255.255.255.0
echo "Starting dnsmasq..."
dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.100,60m --dhcp-option=option:router,10.42.0.1 --dhcp-lease-max=50 --pid-file=/var/run/nm-dnsmasq-wlan0.pid&
iptables -A FORWARD -d 10.42.0.0/24 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.42.0.0/24 -i wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
}
function stop(){
echo "Stopping hostapd..."
pkill hostapd
echo "Turn down wlan0..."
ifconfig wlan0 down
echo "stoping dnsmasq..."
pkill -f dnsmasq.*10.42.0.1*
iptables -D FORWARD -d 10.42.0.0/24 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -s 10.42.0.0/24 -i wlan0 -j ACCEPT
iptables -D FORWARD -i wlan0 -o wlan0 -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
echo 0 > /proc/sys/net/ipv4/ip_forward
}
function status(){
if [[ $(pgrep -f dnsmasq.*10.42.0.1*) != '' ]]
then
echo "dnsmasq running..."
else
echo "dnsmasq not running..."
fi
if [[ $(pgrep hostapd) != '' ]]
then
echo "hostapd running..."
else
echo "hostapd not running..."
fi
echo "ip_forward is set to:"$( cat /proc/sys/net/ipv4/ip_forward)
echo "Related iptable rules:"
sudo iptables -nL -t nat | grep 10.42;
sudo iptables -nL | grep 10.42
}
case "$1" in
start)
if [[ $(pgrep -f dnsmasq.*10.42.0.1*) == '' && $(pgrep hostapd) == '' ]]
then
start
else
status
fi
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0" \
"{start|stop|status}"
exit 1
;;
esac
4. That's all. Now you can start, stop and check the status of the access point using this script.
/opt/ap.sh start
/opt/ap.sh stop
/opt/ap.sh restart
/opt/ap.sh status
/opt/ap.sh start
/opt/ap.sh stop
/opt/ap.sh restart
/opt/ap.sh status
No comments:
Post a Comment