Foo, Bar and Foobar

A blog with a meaningless title

Using Hostapd with dnsmasq to create Virtual Wi Access Point in Linux

NOTE: This is an alternative branch o from my previous Hostapd guide, which I really recommend going through before this.

In my previous hostapd guide, I used dhcpd to assign IP addresses to the clients connecting to the access point. While
this works ne for most scenarios, it is an overkill to use dhcpd for such situations where normally the number of
clients is 2-3, or around 20 at max. For such cases, dnsmasq is a better option.

Installing
Install dnsmasq from somewhere
1
2
3
4

# Arch Linux
sudo pacman -S dnsmasq
# Ubuntu
sudo apt-get install dnsmasq

Con guring dnsmasq

The main reason I am recommending dnsmasq over dhcpd is the ease in con guring it. Less hassle in con guration
means less problems and better troubleshooting. Most of the problems users faced in my previous guide was dhcpd related.
The default /etc/dnsmasq.conf explains all its con guration options pretty well, so I will jump straight to what your
/etc/dnsmasq.conf should look like.
Just append the following to the /etc/dnsmasq.conf
1
2
3
4
5
6
7
8
9

# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4

Simple, isnt it?

Final Steps
The nal steps involves enabling NAT to share internet in one network interface with the clients connected through
hostapd.
I have included all the steps to con gure wlan interface, enable NAT, start dnsmasq and hostapd in the BASH script below
Let the name of this le be initSoftAP
Copy the content below to the le initSoftAP (Perform changes if required)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/bin/bash
#Initial wifi interface configuration
ifconfig $1 up 10.0.0.1 netmask 255.255.255.0
sleep 2
###########Start dnsmasq, modify if required##########
if [ -z "$(ps -e | grep dnsmasq)" ]
then
dnsmasq
fi
###########
#Enable NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE
iptables --append FORWARD --in-interface $1 -j ACCEPT

#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more d
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sysctl -w net.ipv4.ip_forward=1
#start hostapd
hostapd /etc/hostapd/hostapd.conf 1> /dev/null
killall dnsmasq

It might be more convenient to use hostapd -B /etc/hostapd/hostapd.conf which runs hostapd in background, but take care
of the killall dnsmasq if you choose this option. (Thanks to Enda for pointing out)
Make this le executable, and run it. The syntax for executing it is

./initSoftAP wi _card_interface interface_with_internet

1
2

chmod +x initSoftAP
./initSoftAP wlan0 eth0

# And there you go

The wi _card_interface will be wlan0 most of the cases. For interface_with_internet, since I want to share internet from
my ethernet network interface, I used eth0. If I ever want to share internet from my 3g modem, I use ppp0. (These values need not be same for everyone)
You may see available network interfaces by
1

ifconfig -a

Thats all folks!

Problems, Errors, Feedback or any alternatives? Feel free to reply.

This entry was posted in Linux and FLOSS and tagged dhcp, dnsmasq, hostapd, hotspot, Linux, wi on May 22, 2013
[http://nims11.wordpress.com/2013/05/22/using-hostapd-with-dnsmasq-to-create-virtual-wi -access-point-in-linux/] .

47 thoughts on Using Hostapd with dnsmasq to create Virtual Wi Access Point in Linux

Pingback: Reproducing KoreKs ChopChop attack is a pain in the ass | printf(" SaltwaterC ");

Iasonas
November 3, 2014 at 9:26 pm

Thank you for your tutorial! I have a question: I dont want to share the internet connection just create a wi- network
for le transfer. What should I change?

nims11

Post author

November 5, 2014 at 1:48 am

you can just create a http/ftp server and they will be accessible to clients connected via wi .

iasonas
November 5, 2014 at 5:52 pm

Ok I will try that thanks. But it is important that I dont share the internet connection. What should I change in the above
bash script so as to just let clients connect but without sharing internet?

VIK
November 22, 2014 at 12:13 am

I didnt understand this part here. The nal step, can you explain a bit. Im a new bie