+- RPi -------+
+---+ 192.168.1.2 | +- Laptop ----+
| | WLAN AP +-))) (((-+ WLAN Client |
| | 192.168.3.1 | | 192.168.3.2 |
| +-------------+ +-------------+
+- Router ----+ |
| Firewall | | +- PC#1 ------+
(Internet)---WAN-+ DHCP server +-LAN-+---+ 192.168.1.3 |
| 192.168.1.1 | | +-------------+
+-------------+ |
| +- PC#2 ------+
+---+ 192.168.1.4 |
+-------------+
Dependencies
$ sudo apt install -y hostapd dnsmasq \
netfilter-persistent iptables-persistent
$ sudo systemctl unmask hostapd
$ sudo systemctl enable hostapd
$ sudo systemctl enable dnsmasq
Configure wireless interface
With wlan0 is your wireless interface, open /etc/dhcpcd.conf and set:
interface wlan0
static ip_address=192.168.3.1/24
nohook wpa_supplicant
Enable ip forward
Create file /etc/sysctl.d/routed-ap.conf with content:
net.ipv4.ip_forward=1
Add firewall rule
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
$ sudo iptables -A INPUT -j ACCEPT
$ sudo iptables -A OUTPUT -j ACCEPT
Save the current rules to load them at boot:
$ sudo netfilter-persistent save
Configure DHCP and DNS
Edit /etc/dnsmasq.conf:
interface=wlan0
dhcp-range=192.168.3.2,192.168.3.10,255.255.255.0,24h
domain=wlan
address=/gw.wlan/192.168.3.1
Configure hostap
Edit /etc/hostapd/hostapd.conf:
country_code=US
interface=wlan0
ssid=HOTSPOTNAME
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=SECRETPASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Set your hotspot name and password for other to access at line ssid= and wpa_passphrase=.
Reboot
$ sudo reboot
References
- https://www.raspberrypi.com/documentation/computers/configuration.html#setting-up-a-routed-wireless-access-point
- https://superuser.com/questions/616642/how-to-use-nat-iptables-rules-for-hostapd