Using Hostapd with dnsmasq to create Virtual Wifi Access Point in Linux

NOTE: This is an alternative branch off from my previous Hostapd guide, which I really recommend going through before this.

In my previous hostapd guide, I used dhcpd to assign IP addresses to the clients connecting to the access point. While this works fine for most scenarios, it is an overkill to use dhcpd for such situations where normally the number of clients is 2-3, or around 20 at max. For such cases, dnsmasq is a better option.

Installing

Install dnsmasq from somewhere

# Arch Linux
sudo pacman -S dnsmasq
# Ubuntu
sudo apt-get install dnsmasq

Configuring dnsmasq

The main reason I am recommending dnsmasq over dhcpd is the ease in configuring it. Less hassle in configuration means less problems and better troubleshooting. Most of the problems users faced in my previous guide was dhcpd related.

The default /etc/dnsmasq.conf explains all its configuration options pretty well, so I will jump straight to what your /etc/dnsmasq.conf should look like.

Just append the following to the /etc/dnsmasq.conf

# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4

Simple, isn’t it?

Final Steps

The final steps involves enabling NAT to share internet in one network interface  with the clients connected through hostapd.
I have included all the steps to configure wlan interface, enable NAT, start dnsmasq and hostapd in the BASH script below
Let the name of this file be initSoftAP
Copy the content below to the file initSoftAP  (Perform changes if required)

#!/bin/bash
#Initial wifi interface configuration
ifconfig $1 up 10.0.0.1 netmask 255.255.255.0
sleep 2

###########Start dnsmasq, modify if required##########
if [ -z "$(ps -e | grep dnsmasq)" ]
then
 dnsmasq
fi
###########

#Enable NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE
iptables --append FORWARD --in-interface $1 -j ACCEPT

#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

sysctl -w net.ipv4.ip_forward=1

#start hostapd
hostapd /etc/hostapd/hostapd.conf 1> /dev/null
killall dnsmasq

It might be more convenient to use hostapd -B /etc/hostapd/hostapd.conf which runs hostapd in background, but take care of the ‘killall dnsmasq’ if you choose this option. (Thanks to Enda for pointing out)

Make this file executable, and run it. The syntax for executing it is

./initSoftAP wifi_card_interface interface_with_internet

chmod +x initSoftAP
./initSoftAP wlan0 eth0  # And there you go

The “wifi_card_interface” will be wlan0 most of the cases. For “interface_with_internet“, since I want to share internet from my ethernet network interface, I used eth0. If I ever want to share internet from my 3g modem, I use ppp0. (These values need not be same for everyone)
You may see available network interfaces by

ifconfig -a

That’s all folks!
Problems, Errors, Feedback or any alternatives? Feel free to reply.

Advertisements

64 thoughts on “Using Hostapd with dnsmasq to create Virtual Wifi Access Point in Linux

  1. Pingback: Reproducing KoreK’s ChopChop attack is a pain in the ass | printf(" SaltwaterC ");

  2. Iasonas

    Thank you for your tutorial! I have a question: I don’t want to share the internet connection just create a wi-fi network for file transfer. What should I change?

    Reply
      1. iasonas

        Ok I will try that thanks. But it is important that I don’t share the internet connection. What should I change in the above bash script so as to just let clients connect but without sharing internet?

  3. erwanl

    Hi nims, thanks a lot for this post, it got me farther than any other tutorial I tried to follow.
    I am however running into an issue somewhere that I haven’t ben able to solve.
    I’m running this on a brand new ubuntu machine (both hardware and install are fresh).

    I’ve had to modify the script slightly in order to get hostapd to start (apparently a bug in recent ubuntu), I also “hard coded” the variables:
    ——————————————————————
    #!/bin/bash

    echo “Turning off wifi”
    sudo nmcli nm wifi off
    echo “Unblocking wlan0 (rfkill)”
    sudo rfkill unblock wlan

    sleep 1
    echo “Stopping hostapd”
    sudo service hostapd stop

    #Initial wifi interface configuration
    ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0
    sleep 2
    ###########Start dnsmasq, modify if required##########
    if [ -z “$(ps -e | grep dnsmasq)” ]
    then
    dnsmasq
    fi
    ###########

    #Enable NAT
    iptables –flush
    iptables –table nat –flush
    iptables –delete-chain
    iptables –table nat –delete-chain
    iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
    iptables –append FORWARD –in-interface wlan0 -j ACCEPT

    #Thanks to lorenzo
    #Uncomment the line below if facing problems while sharing PPPoE, see lorenzo’s comment for more details
    #iptables -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu

    sysctl -w net.ipv4.ip_forward=1

    #start hostapd
    echo “Starting hostapd”
    sudo service hostapd start
    killall dnsmasq
    ———————————————————————-

    When I run the script, I am able to connect to my AP on my windows 8 laptop.
    However, it shows “unidentified network” and has no internet access.
    All the rest is basically taken straight from your post (hostapd.conf, dnsmasq.conf).
    I tired to make the script bootable with no success so far, while this one was starting hosapd fine at startup (still, without IPtables so not so useful):
    ——————————
    #!/bin/bash
    echo “Turning off wifi”
    sudo nmcli nm wifi off
    echo “Unblocking wlan0 (rfkill)”
    sudo rfkill unblock wlan
    sleep 1
    echo “Restarting hostapd”
    sudo service hostapd restart
    ——————————-

    Any idea what to look at next?

    Thanks a lot!
    Erwan

    Reply
    1. nims11 Post author

      making the script bootable shouldn’t change much. I feel some problem with dnsmasq. Is your windows 8 getting an IP? If not, try setting it static (ip: 10.0.0.5, subnet: 255.255.255.0, gateway: 10.0.0.1)

      Reply
      1. dagrunzpal

        i have the same problem. the connection is established successfully with the client, but no internet. the client gets an IP by the way.

  4. Chris Butters

    ./initSoftAP wlan0 eth0
    SIOCSIFFLAGS: Operation not permitted
    SIOCSIFADDR: Operation not permitted
    SIOCSIFFLAGS: Operation not permitted
    SIOCSIFNETMASK: Operation not permitted
    ./initSoftAP: line 5: 聽: command not found
    ./initSoftAP: line 12: 聽: command not found
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    modprobe: ERROR: could not insert ‘ip_tables’: Operation not permitted
    iptables v1.4.21: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    ./initSoftAP: line 20: 聽: command not found
    ./initSoftAP: line 24: 聽: command not found
    sysctl: permission denied on key ‘net.ipv4.ip_forward’
    ./initSoftAP: line 26: 聽: command not found
    dnsmasq(3952): Operation not permitted
    dnsmasq: no process found

    Setting it up on Mint linux 17.1 had same problem under dhcpd

    Can you help me please.
    also I need to turn of Networkmanager to get to Wifi card Ath9k

    Reply
  5. Chris Butters

    tried using the unbuntu script by erwini got this after running initSoftAP
    “Turning off wifi”

    ** (process:4516): WARNING **: Could not initialize NMClient /org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was not provided by any .service files
    ./initSoftAP: line 5: syntax error near unexpected token `(‘
    ./initSoftAP: line 5: `echo “Unblocking wlan0 (rfkill)”’

    I’m really in the dark on this stuff now.

    Reply
  6. Pingback: Create a VPN Wireless Router with Raspberry Pi and Pidora | Canto Geek

  7. Amritha

    You have mentioned that we can connect upto 20 devices. but with the address range you have mentioned i’m able to connect upto 7 devices only. Even if i increase the range , i couldn’t connect to more than 7 devices at a time. Kindly help!

    Reply
  8. Victor Hugo

    Muito obrigrado. As instruções que voc forneceu foram o que eu precisava para entender o hostadp.Usando o dnsmasqd é muito mais simples as configuração do dhcp. Muito obrigado mais uma vez.
    ======================================================================
    Very obrigrado . The instructions you gave were what I needed to understand hostadp .
    Using dnsmasqd is much simpler the dhcp configuration. Thank you so much again.

    Reply

How did you feel about this post? Push in your reply!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s