Updated September 17, 2014 : updated, improved and should be working! (Use at your own risk!). Thanks to AL for pointing errors!
# Wireless Repeater/Range extender script
# Last changes:
# - 20/Apr/2014 : added ad filtering (uses an additional hosts file)
# - 12/Apr/2013 : adapted for Debian (tested under 7.0 Wheezy)
# thanks to : http://www.aerospacesoftware.com/howtos/Laptop-NAT-Howto.html (link dead now)
# hardware requirements : 2 wireless NICs
# software requirements : iptables, wpa_supplicant, hostapd, dnsmasq, dhcpcd (or dhclient)
# This is a standalone script, it will not use your existing configuration files
# Both wireless interfaces will use WPA/WPA2 encryption.
# BEFORE STARTING THIS SCRIPT :
# - you must have root rights
# - stop your wireless connection manager (networkmanager, wicd, etc...)
# - disable your firewall
# - disable power management (prevent the computer to go into suspend mode when unused)
# This script has been tested on OpenSUSE 12.2, Debian 7.0
# but should work on other Linux systems with minor adaptations.
# USE AT YOUR OWN RISK!
# TODO : repeater with 1 wireless NIC + 1 ethernet NIC
# this is the wireless interface we use to connect to our existing Access Point
# enter here your existing SSID and WPA passphrase
# this is the wireless interface we use to create our new AP (the "repeater" AP)
# your new AP's SSID (change the name eventually)
# Be sure to use different channels for the 2 AP's for best performance
# we can use the same passphrase (or not)
# temp files (will contain passphrases in clear text, so make sure they are not world readable)
# URL and filename to download for the ad filter hosts file
# Thanks to winhelp2002.mvps.org
# just comment the two variables if you don't want to use ad filtering
# log file for dnsmasq
# Path for used commands (adapt to your system)
#for Debian we use dhclient (installed by default)
USAGE="Usage : `basename $0` \
\n\nWireless repeater/extender script."
MSG_STOP="Repeater has been stopped."
xmessage -center -timeout $2 "$1"
# Main program
if [[ "$#" -ne 1 || "$1" == "help" ]]; then
# show program help
echo -e "$USAGE"
# check if we are root
if [ $EUID -ne 0 ]; then
echo `basename $0` ": this script must be run as root!" 1>&2
# check for software we need
if [ ! -x $DHCPCD ]; then
echo "FATAL: $DHCPCD not found!"; exit 1
if [ ! -x $HOSTAPD ]; then
echo "FATAL: $HOSTAPD not found!"; exit 1
if [ ! -x $WPASUPPLICANT ]; then
echo "FATAL: $WPASUPPLICANT not found!"; exit 1
if [ ! -x $DNSMASQ ]; then
echo "FATAL: $DNSMASQ not found!"; exit 1
if [ ! -x $IPTABLES ]; then
echo "FATAL: $IPTABLES not found!"; exit 1
# check for wireless interfaces
ifconfig $WLAN_STA 1>&2>/dev/null
if [[ $? -ne 0 ]]; then
echo "FATAL: Wireless interface $WLAN_STA unavailable!"; exit 1
ifconfig $WLAN_AP 1>&2>/dev/null
if [[ $? -ne 0 ]]; then
echo "FATAL: Wireless interface $WLAN_AP unavailable!"; exit 1
# stop the repeater?
if [ "$1" == "stop" ]; then
# be sure the repeater is already running
if [ -f "$PIDFILE" ]; then
# kill existing wireless connections from previous execution of this script
echo -n -e "Stopping... "
$DHCPCD -x $WLAN_STA 2>/dev/null
$DHCPCD -x $WLAN_AP 2>/dev/null
killall wpa_supplicant 2>/dev/null
# kill running hostapd daemon if it exists
killall hostapd 2>/dev/null
# kill dnsmasq dhcp
killall dnsmasq 2>/dev/null
# empty existing temp.conf files, for security
# restore firewall rules
echo -n -e "Restoring firewall... "
service wicd stop 2>/dev/null
# create temp wpa_supplicant.conf file for our STA interface
cat >$WPASUPPLICANT_TEMP_CONF <$HOSTAP_TEMP_CONF <"$IPTABLES_SAVE_FILE" && echo "OK"
# enable packet forwarding and add firewall rules to allow forwarding packets
# between our 2 network interfaces.
sysctl -w net.ipv4.ip_forward=1
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $IF_IN -j MASQUERADE
$IPTABLES -A FORWARD -i $IF_IN -o $IF_OUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $IF_OUT -o $IF_IN -j ACCEPT
# create pid file
echo $$ >"$PIDFILE"
echo -e "\nWireless repeater access point \"$WLAN_AP_SSID\" is *up* and running!\n"
echo -e "To stop it : `basename $0` stop"
show_notification "Wireless repeater access point \"$WLAN_AP_SSID\" is *up* and running!" 3
# optional : open a new xterm which displays the DNS log in realtime
xterm -e "tail -f $DNSMASQ_LOG" &
# unknown command, show usage
echo -e "$USAGE"
Note: my model only has a digitizer (tablet PC model), no touchscreen (dual mode version)
Debian stable to the rescue
First I wanted to install Arch Linux on this system, but soon I encountered a severe setback : the Wacom stylus would not work. Then I tried Ubuntu 12.04 (Precise), everything worked out of the box, except the stylus!
Explanation : it seems the support for this older, serial Wacom tablet has been removed from the X.Org Wacom input drivers, since the 0.10.6 version and up.
(more info can be found here : http://ubuntuforums.org/showthread.php?t=1780154 )
Fortunately Debian Squeeze still uses a working 0.10.5 driver version!