Using Hostapd with dnsmasq to create Virtual Wifi Access Point in Linux

NOTE: This is an alternative branch off from my previous Hostapd guide, which I really recommend going through before this.

In my previous hostapd guide, I used dhcpd to assign IP addresses to the clients connecting to the access point. While this works fine for most scenarios, it is an overkill to use dhcpd for such situations where normally the number of clients is 2-3, or around 20 at max. For such cases, dnsmasq is a better option.


Install dnsmasq from somewhere

# Arch Linux
sudo pacman -S dnsmasq
# Ubuntu
sudo apt-get install dnsmasq

Configuring dnsmasq

The main reason I am recommending dnsmasq over dhcpd is the ease in configuring it. Less hassle in configuration means less problems and better troubleshooting. Most of the problems users faced in my previous guide was dhcpd related.

The default /etc/dnsmasq.conf explains all its configuration options pretty well, so I will jump straight to what your /etc/dnsmasq.conf should look like.

Just append the following to the /etc/dnsmasq.conf

# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
# Interface to bind to
# Specify starting_range,end_range,lease_time
# dns addresses to send to the clients

Simple, isn’t it?

Final Steps

The final steps involves enabling NAT to share internet in one network interface  with the clients connected through hostapd.
I have included all the steps to configure wlan interface, enable NAT, start dnsmasq and hostapd in the BASH script below
Let the name of this file be initSoftAP
Copy the content below to the file initSoftAP  (Perform changes if required)

#Initial wifi interface configuration
ifconfig $1 up netmask
sleep 2

###########Start dnsmasq, modify if required##########
if [ -z "$(ps -e | grep dnsmasq)" ]

#Enable NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE
iptables --append FORWARD --in-interface $1 -j ACCEPT

#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

sysctl -w net.ipv4.ip_forward=1

#start hostapd
hostapd /etc/hostapd/hostapd.conf 1> /dev/null
killall dnsmasq

It might be more convenient to use hostapd -B /etc/hostapd/hostapd.conf which runs hostapd in background, but take care of the ‘killall dnsmasq’ if you choose this option. (Thanks to Enda for pointing out)

Make this file executable, and run it. The syntax for executing it is

./initSoftAP wifi_card_interface interface_with_internet

chmod +x initSoftAP
./initSoftAP wlan0 eth0  # And there you go

The “wifi_card_interface” will be wlan0 most of the cases. For “interface_with_internet“, since I want to share internet from my ethernet network interface, I used eth0. If I ever want to share internet from my 3g modem, I use ppp0. (These values need not be same for everyone)
You may see available network interfaces by

ifconfig -a

That’s all folks!
Problems, Errors, Feedback or any alternatives? Feel free to reply.


62 thoughts on “Using Hostapd with dnsmasq to create Virtual Wifi Access Point in Linux

  1. Pingback: Kako od Debian Linux-a napraviti ruter | sigurnost na mrezi

  2. Kres

    I have 2 Wifi cards (Call it wlan1 and wlan2) and want to create 2 APs (call it AP-1 and AP-2) with it.

    I then created two hostapd config files — hostapd.conf and hostapd2.conf.
    Following that, I created 2 initSoftAP files.

    using ./initSoftAP wlan1 eth0, I could create AP1 with it. And I could connect successfully to it.
    I open up another terminal and type ./initSoftAP2 wlan2 eth0, I could also create AP2 with it. When my phone connects to it, it is stuck at “Obtaining IP address” part.

    Any idea how I can resolve this?

    Please advise.

    Many thanks!

  3. Jimmy McCann

    hi, I’m working on getting this running on a raspberry pi 3. I’m able to get hostapd started from the command line, but from the initSoftAP script I get “Could not set interface wlan1 flags (DOWN): Operations are not permitted”. This looks like the same error as if I run hostapd from the command line without sudo. I am running the initSoftAP script as sudo, so I’m not sure what is going on here. Do you have any ideas or advice? Thanks

  4. Cesar Sanabria

    I’m running in a problem when running the script. The error I’m getting is:
    random: Only 15/20 bytes of strong random data available from /dev/random
    random: Not enough entropy pool available for secure operations
    WPA: Not enough entropy in random pool for secure operations – update keys later when the first station connects
    wlp4s0: interface state UNINITIALIZED->ENABLED
    wlp4s0: AP-ENABLED
    wlp4s0: STA c0:38:96:6f:fa:b9 IEEE 802.11: authenticated
    wlp4s0: STA c0:38:96:6f:fa:b9 IEEE 802.11: authenticated
    wlp4s0: STA c0:38:96:6f:fa:b9 IEEE 802.11: authenticated
    wlp4s0: STA c0:38:96:6f:fa:b9 IEEE 802.11: authenticated
    wlp4s0: STA c0:38:96:6f:fa:b9 IEEE 802.11: associated (aid 1)
    WPA: wpa_sm_step() called recursively

    and at the end the connection fail. I’m running hostapd on ubuntu 16.04, trying to connect with windows windows 7


How did you feel about this post? Push in your reply!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s