Setting up a Wireless Access Point - NAT Method (internet over wireless interface)

Setting up a Wireless Access Point - NAT Method (internet over wireless interface)

In this tutorial we will show you how to setup your Raspberry Pi as a WiFi Access Point and how to NAT the access point to your wireless internet connection. If you are looking to connect your access point to the internet over a wired internet connection then check out this tutorial here.

We recommend you run through this tutorial with a wired Ethernet connection to make sure you keep an internet connection for installing required packages.

This tutorial will use our Ultra Long Range High Gain WiFi Dongle as an Access Point, and will use the on-board WiFi on the Raspberry Pi 3B+ to connect to the internet. If you have an older Pi, that doesn’t have built in WiFi, you can simply use two USB WiFi dongles.

Let’s start by making sure our Raspbian installation is fully up-to-date

sudo apt-get update
sudo apt-get upgrade

Then we can install the software required for this tutorial, hostapd and dnsmasq

sudo apt-get install dnsmasq hostapd

Now we can check to see the names of our WiFi interfaces, as we will need them later on.

ifconfig

You should see a list of network interfaces, including the WiFi interfaces. They will probably be called wlan0 and wlan1

First thing to do, is to setup our internet WiFi connection. To do this, we need to know the SSID and password.

Edit the wpa_supplicant.conf file:

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

and add the following snippet, replacing the details with your own:

network={
    ssid="YOUR_NETWORK_SSID"
    psk="WIFI_PASSWORD"
}

Now we can setup our access point. First thing to do, is to give the AP a static IP address.

Edit the dhcpcd.conf file:

sudo nano /etc/dhcpcd.conf

and add the following:

interface wlan1
    static ip_address=192.168.10.1/24
    nohook wpa_supplicant

Next, we need to configure dnsmasq to provide the correct ip address to connections over the AP.

Edit the dnsmasq.conf file:

sudo nano /etc/dnsmasq.conf

and add the following:

interface=wlan1
    dhcp-range=192.168.10.2,192.168.10.50,255.255.255.0,24h

server=8.8.8.8
listen-address=127.0.0.1
listen-address=192.168.10.1

Now we need to configure the access point settings.

Edit the hostapd.conf file:

sudo nano /etc/hostapd/hostapd.conf

and add the following:

interface=wlan1 
driver=nl80211
ssid=RPi_AP
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=SecurePassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Change the following lines as required:

ssid= - This is the name of the network you see when searching for WiFi networks

wpa_passphrase= - This is the password required to connect to the WiFi network (please note, quotes should NOT be used around the password and must be longer than 8 characters, but less than 64)

Once you’ve added that configuration, we need to tell hostapd to use it by default. To do this we need to edit the hostapd defaults file:

sudo nano /etc/default/hostapd

Update the line #DAEMON_CONF to:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Take note that the # has been removed!

Final step is to set hostapd to start up at boot:

sudo systemctl unmask hostapd
sudo systemctl enable hostapd

With the AP configuration done, the final steps are to allow traffic to be passed between the two WiFi interfaces.

First, make sure ipv4 ip forwarding is enabled.

Edit the sysctl.conf file:

sudo nano /etc/sysctl.conf

Find the line that reads:

# net.ipv4.ip_forward=1

And uncommend it, by deleting the # symbol

net.ipv4.ip_forward=1

Now we can add an iptable rule:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Save the rules to a file so that we can automatically load the rule on boot:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

To load the file on boot, edit the rc.local file:

sudo nano /etc/rc.local

just before:

exit 0

add:

iptables-restore < /etc/iptables.ipv4.nat

That’s it! Reboot your Raspberry Pi and you should now be able to see a Wireless network called RPi_AP. Connect to it and you should have internet access (assuming the Pi has connected to your main WiFi network)

Leave a comment

All comments are moderated before being published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.