-
-
Notifications
You must be signed in to change notification settings - Fork 59
Configure Wifi AP
Before you can turn your Falcongate box into a Wifi router you must have an AP compatible wifi network card. This guide assumes that Falcongate was installed in "router" mode.
-
Connect your card if you will configure and external USB network card or use a compatible built-in card
-
List the available network interfaces to confirm that the wifi interface is available to the system
$ ip -br a | awk '{print $1}'
lo
enp1s0
enp2s0
wlo1
This tutorial will use the wifi interface wlo1 as an example but your wifi interface may be named differently in your system
- Confirm that the wifi interface is AP compatible
$ iw list
...
Supported interface modes:
* managed
* AP
* AP/VLAN
* monitor
* mesh point
In the output of the command above, "AP" must be listed as one of the modes.
- Install required software packages
$ sudo apt-get install ifupdown bridge-utils hostapd -y
- Remove netplan to restore support for /etc/network/interfaces
$ sudo systemctl stop networkd-dispatcher
$ sudo systemctl disable networkd-dispatcher
$ sudo systemctl mask networkd-dispatcher
$ sudo apt-get purge nplan netplan.io
- Edit the /etc/network/interfaces file in your favorite editor and append the lines below
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
# WAN interface
auto enp1s0
iface enp1s0 inet dhcp
# Bridge (LAN)
auto br0
iface br0 inet static
address 192.168.100.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
bridge_ports enp2s0
post-up /usr/sbin/hostapd \
-P /var/run/hostapd.$IFACE.pid \
-B /etc/hostapd/hostapd-simple.conf
Update the values of the WAN and LAN interfaces according to the names of your own interfaces.
- Update iptables rules
Delete the rules below:
$ sudo iptables -D INPUT -i enp1s0 -j ACCEPT
$ sudo iptables -D FORWARD -i enp1s0 -o enp2s0 -j ACCEPT
$ sudo iptables -D FORWARD -i enp2s0 -o enp1s0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Configure the new rules needed:
$ sudo iptables -A INPUT -i br0 -j ACCEPT
$ sudo iptables -A FORWARD -i br0 -o enp1s0 -j ACCEPT
$ sudo iptables -A FORWARD -i enp1s0 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- Edit the /etc/dnsmasq.conf file and replace the listening interface with the newly created interface "br0" in the lines below
interface=br0
dhcp-range=br0,192.168.100.100,192.168.100.200,7d
- Edit the file /opt/zeek/etc/node.cfg and replace the value of the listening interface with "br0"
interface=br0
- Remove NetworkManager because it's not needed anymore
$ sudo nmcli radio wifi off && sudo rfkill unblock wlan
$ sudo apt-get remove network-manager
- Create the file /etc/hostapd/hostapd-simple.conf and append the lines below
#### Interface configuration ####
interface=wlo1
bridge=br0
driver=nl80211
##### IEEE 802.11 related configuration #####
ssid=<DESIRED WIFI SSID NAME>
hw_mode=g
channel=1
auth_algs=1
wmm_enabled=1
##### IEEE 802.11n related configuration #####
ieee80211n=1
##### WPA/IEEE 802.11i configuration #####
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=<YOUR PASSPHRASE>
Create a name for the new wifi network in the field "ssid" and create a strong passphrase in the field "wpa_passphrase"
- Restart your Falcongate system
If everything went well you should now be able to connect to the new wifi AP configured in the steps above.