A quick and dirty way to recycle an older computer with a wifi adapter.
Adapted from original HowTo (Thanks Matt!) at :
http://mcbridematt.dhs.org/blog/2010/11/21/HOWTO%3A%20HostAP%20%28Master%29%20mode%20for%20Ralink%20rt73%20USB%20wifi
Other sources :
http://en.wikipedia.org/wiki/Bridging_%28networking%29
http://wiki.debian.org/BridgeNetworkConnections
http://linuxwireless.org/en/users/Documentation/hostapd
System requirements
– any computer capable of running Linux Debian 6.0 in console mode
– 1 Ethernet Network Adapter (eth0)
– 1 Wireless Network Adapter (wlan0)
This howto was tested using a USB 54g Wireless Ralink RT25xx based adapter (Belkin F5D7050B)
(Linux driver rt73usb)
See here for compatibility lists :
http://linux-wless.passys.nl/
http://linuxwireless.org/en/users/Devices
http://wiki.debian.org/WiFi
In this howto, we assume that your internet gateway (DSL modem/router and DHCP server) has the following IP address: 192.168.1.1
The clients accessing our Access Point will be offered dynamic IPs by the gateway.
Install your Debian 6.0 system
- openssh server (if you need remote SSH access)
- base system
After installation is finished, upon system reboot :
Enable the non-free repository to install this particular wifi adapter’s firmware
# nano /etc/apt/sources.list
append “contrib” and “non-free” to the repos :
deb http://ftp.fr.debian.org/debian/ squeeze main contrib non-free deb-src http://ftp.fr.debian.org/debian/ squeeze main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free deb-src http://security.debian.org/ squeeze/updates main contrib non-free # squeeze-updates, previously known as 'volatile' deb http://ftp.fr.debian.org/debian/ squeeze-updates main deb-src http://ftp.fr.debian.org/debian/ squeeze-updates main
# apt-get update
(depending on your wireless adapter, you may need another firmware package)
# apt-get install firmware-ralink
Next, install wireless tools, hostapd and bridge-utils
# apt-get install wireless-tools hostapd bridge-utils
Creating the network bridge
We are bridging the eth0 and wlan0 network interfaces, to create the br0 bridge.
We do not assign an IP address to eth0 and wlan0, but only to br0.
Modify network interfaces configuration (make a backup of your old config file first)
# nano /etc/network/interfaces
Note : here I am using static IP for the br0 interface. But you can use dhcp instead.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). auto lo br0 iface lo inet loopback allow-hotplug eth0 iface eth0 inet manual allow-hotplug wlan0 iface wlan0 inet manual # Bridge setup # for dhcp address #iface br0 inet dhcp # bridge_ports eth0 wlan0 # for static ip iface br0 inet static bridge_ports eth0 wlan0 # adapt with your network settings address 192.168.1.250 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 192.168.1.1 dns-search localdomain
Then reboot.
Wireless Access Point with hostapd
We will be using WPA2 authentication for the best security.
Create hostapd config file :
# nano /etc/hostapd/hostapd.conf
interface=wlan0 driver=nl80211 # YOUR BRIDGE NAME bridge=br0 # YOUR COUNTRY HERE country_code=FR ieee80211d=1 # MODIFY YOUR SSID HERE ssid=MY_AP # CHANGE MODE HERE IF NEEDED hw_mode=g # CHANGE CHANNEL EVENTUALLY channel=6 wme_enabled=0 macaddr_acl=0 auth_algs=1 # WE USE WPA2 wpa=2 # MODIFY YOUR PASSPHRASE HERE wpa_passphrase=mypassphrase12345678 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Launch hostapd in non-daemon mode, and go try to associate to your newly created AP with another computer
# hostapd -dd /etc/hostapd/hostapd.conf
If everything works ok, make sure hostapd starts as a daemon upon reboot
# nano /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Secure the configuration file a bit since it contains the WPA passphrase
# chmod 600 /etc/hostapd/hostapd.conf
Have a view at the daemon log to see when a station accesses the AP
# more /var/log/daemon.log | grep hostapd
To see a more complete configuration example for hostapd
$ zmore /usr/share/doc/hostapd/examples/hostapd.conf.gz
SECURITY NOTES
- In this setup, the Access Point is in the LAN. Anybody who connects to this AP will have access to your LAN ressources.
- For professional cases, it’s better to have it in another, separated network.
- To improve security, you can use MAC filtering with hostapd.
- As always, use strong passwords for your Linux box. Disable SSH root login, etc.
- If you need firewalling on your bridge, look at ebtables ( http://www.debian-tutorials.com/general/using-ebtables-ethernet-bridge-frame-table-administration-in-debian-squeeze )
SUGGESTIONS
- Instead of using an old computer, it is possible to use a plug-computer (Sheevaplug, Seagate Dockstar, etc) for lower energy consumption.
- Implement a www interface (with php/cgi scripts) to manage our AP’s settings (like in commercial wireless APs).
Agent OSS 
Pingback: How to make my linux laptop a deticated wifi "adapter" (send all lan to wifi)
Pingback: how can I turn my linux laptop into a wifi hotspot?
tried so hard to get this to work. Tested my RT3070 in ‘normal’ mode and works. Had to black list 2800. But now when I: hostapd -dd /etc/hostapd/hostapd.conf , I get:- nl80211 not found driver initiailasion failed. Is this a driver issue I’m having? Thanks
Hi, make sure you’re using a distro with a very recent kernel (for Debian, seek a 3.x kernel from the backports, or use the Debian Testing distro) and a recent hostapd with nl80211 support.
Have tried this on a machine intended to be dedicated to this in a work environment, basically internet comes into the shop on eth0, and eth1, eth2 and wlan0 (+) are used for the client machines.
However, when I use “bridge_ports eth0 wlan0” I lose all connectivity to the outside network and while DHCP still works fine (including getting the (openDNS) DNS server address, even the internal pages served from this machine disappear if I use the URL (going via IP works).
ssh also fails to this machine from a machine connecting via eth0, but clients can connect to eth1 or 2.
I haven’t yet configured hostapd. Wanted to make sure my net was still working as I suspected that bridging eth0 might kill it – it did.
Running Debian Squeeze, shorewall etc.
Any helpful hints? Thanks in advance – and of course thanks for the document.
Hi, you have to follow the steps carefully for your bridge to work!
Hey, thanks for your work! I tried exactly on debian wheezy, but all I got was
root:~# hostapd -dd /etc/hostapd/hostapd.conf
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
Line 2: invalid/unknown driver ‘nl80211 ‘
Hi, I haven’t tried it under Wheezy yet. Maybe it’s your wifi adapter (try modprobe nl80211)
Also please look at hostapd’s docs/man 🙂
Wow, you are right, module nl80211 does not exist. I don’t have a wifi adapter, just a built-in module, might that be the reason? To be honest I don’t really know what I should do. man hostapd doesn’t really help… 😦
What is your adapter?
# lspci -v
03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)
Subsystem: Intel Corporation Centrino Ultimate-N 6300 3×3 AGN
Flags: bus master, fast devsel, latency 0, IRQ 42
Memory at f2400000 (64-bit, non-prefetchable) [size=8K]
Capabilities:
Kernel driver in use: iwlwifi
The guy above me is the same as I am.
Weird, I though I posted that with another account, but it does not turn up…
03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)
Subsystem: Intel Corporation Centrino Ultimate-N 6300 3×3 AGN
Flags: bus master, fast devsel, latency 0, IRQ 42
Memory at f2400000 (64-bit, non-prefetchable) [size=8K]
Capabilities:
Kernel driver in use: iwlwifi
From the hostapd page : http://linuxwireless.org/en/users/Documentation/hostapd
Looks like the hostapd shipped with Debian 6.0 may be too old for your wireless adapter. Follow instructions there to install a newer hostapd version, or install Debian 7.0 Wheezy!
Well, but I already have Wheezy installed…
Ah yes, sorry
Can’t help you much I’m afraid…
The last time I checked, the iwlwifi driver didn’t support master mode, nor was it planned by the Intel maintainers. They mentioned there to be a need for changes in the firmware which they didn’t think were worth it so it is unlikely we’ll see support for master mode in the Linux drivers for Intel wireless cards.
Pingback: Access point con Debian 6 |
Pingback: Creating a bridge interface eth0 to wlan0
Dude! Legendary tutorial. This really helped me out a lot and has made my life so much easier.
This is awesome, but…
…every time I try to associate another comp/device to the AP, said comp/device throws an authentication error.
I’ve checked and rechecked my work, but it’s always exactly the same (not counting immaterial differences such as channel, AP name, country, passphrase, etc.) as what you’ve written up. It got me to wondering, is there a way to use a password instead of a passphrase? AFAIK they’re not the same thing.
If, in the context of the hostapd.conf file, they ARE the same, then…I dunno. My brain hurts, right now. Any help in identifying my error would be majorly appreciated.
Thanks in advance,
Solcintra Jack
….Never mind, I should have guessed the bridge name was, in fact, NOT immaterial.
Thanks anyway,
Solcintra Jack
Nice article, well done. Ta
Hi,
I want to setup WiFi Soft Access Point at my home. I’m using Cable Internet: I’m connected to my ISP through a Cable Modem, so I have no router. I have a headless power pc box connected to the Cable Modem. That headless box ( called Bubba2 ) is my home server. Bubba2 is connected to the Cable Modem with ethernet card ( eth0 ). Bubba2 get it’s IP address from my ISP DHCP server. Bubba2 has another ethernet connection to my home LAN ( eth1 ). This setup works fine sofar. On Bubba2 I’m running Debian GNU/Linux Wheezy operating system. Bubba2 has two USB ports too. I have ZyXEL NWD2205 USB WiFi adapter that I want to use as a soft Access Point. I have builded a custom kernel 2.6.39.4-13 with compiled rtl8192cu module. iwconfig shows wlan0 when I plug in the wifi adapter. How can I setup in this situation the bridge: et0 – wlan0? And mybe there is another issue with this out there. It seemes that that my kernel doesn’t use the approppriate module, but want to uses some p80211 instead. What can I do to solve these problems?
Moreover, I’m trying to test it with hostapd ( installed as Debian Wheezy package ).
I have a hostapd-test.conf file:
interface=wlan0
driver=nl80211
ssid=test
channel=1
When I run:
hostapd hostapd-test.conf
I get:
Configuration file: hostapd-test.conf
rfkill: Cannot open RFKILL control device
Could not set interface mon.wlan0 flags: No such device
nl80211: Failed to set interface wlan0 into AP mode
nl80211 driver initialization failed.
What is the problem here? How can I solve this problem?
Great guideline.. { I need a way to bridge ppp0 with wlan0 } This works awesome with Debian wheezy at my office, there I have eth0 and wlan0 so it’s cool, but at home I use a 3g dongle..!!! I’ve tried the same @home my tab connects to wifi but no internet access, bridging might be the problem or any other..!!! please help asap .. Thank you… 🙂
You can use iptables in order to forward packets between both interfaces, instead of setting up a bridge.
please how to do it now without any harm to the existing settings … help me please.. 🙂
Thanks AgentOss! Great tutorial.
This work on my Wheezy but I can connect only one client on my hotspot. When I connect a other client, the first connected client is automatically disconnected. I use two differents static IP for my clients.
Any ideas ?