Skip to content

Configure Wifi AP

Jump to bottom
Aesalon edited this page Aug 24, 2019 · 1 revision

Configure a Wifi AP in Falcongate

Before you can turn your Falcongate box into a Wifi router you must have an AP compatible wifi network card. This guide assumes that Falcongate was installed in "router" mode.

  • Connect your card if you will configure and external USB network card or use a compatible built-in card

  • List the available network interfaces to confirm that the wifi interface is available to the system

$ ip -br a | awk '{print $1}'
lo
enp1s0
enp2s0
wlo1

This tutorial will use the wifi interface wlo1 as an example but your wifi interface may be named differently in your system

  • Confirm that the wifi interface is AP compatible
$ iw list
...
Supported interface modes:
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point

In the output of the command above, "AP" must be listed as one of the modes.

  • Install required software packages
$ sudo apt-get install ifupdown bridge-utils hostapd -y
  • Remove netplan to restore support for /etc/network/interfaces
$ sudo systemctl stop networkd-dispatcher
$ sudo systemctl disable networkd-dispatcher
$ sudo systemctl mask networkd-dispatcher
$ sudo apt-get purge nplan netplan.io
  • Edit the /etc/network/interfaces file in your favorite editor and append the lines below
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

# WAN interface
auto enp1s0
iface enp1s0 inet dhcp
# Bridge (LAN)
auto br0 
iface br0 inet static
    address 192.168.100.1
    network 192.168.1.0
    netmask 255.255.255.0
    broadcast 192.168.1.255 
    bridge_ports enp2s0
    post-up /usr/sbin/hostapd \
              -P /var/run/hostapd.$IFACE.pid \
              -B /etc/hostapd/hostapd-simple.conf

Update the values of the WAN and LAN interfaces according to the names of your own interfaces.

  • Update iptables rules

Delete the rules below:

$ sudo iptables -D INPUT -i enp1s0 -j ACCEPT
$ sudo iptables -D FORWARD -i enp1s0 -o enp2s0 -j ACCEPT
$ sudo iptables -D FORWARD -i enp2s0 -o enp1s0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Configure the new rules needed:

$ sudo iptables -A INPUT -i br0 -j ACCEPT
$ sudo iptables -A FORWARD -i br0 -o enp1s0 -j ACCEPT
$ sudo iptables -A FORWARD -i enp1s0 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  • Edit the /etc/dnsmasq.conf file and replace the listening interface with the newly created interface "br0" in the lines below
interface=br0
dhcp-range=br0,192.168.100.100,192.168.100.200,7d
  • Edit the file /opt/zeek/etc/node.cfg and replace the value of the listening interface with "br0"
interface=br0
  • Remove NetworkManager because it's not needed anymore
$ sudo nmcli radio wifi off && sudo rfkill unblock wlan
$ sudo apt-get remove network-manager
  • Create the file /etc/hostapd/hostapd-simple.conf and append the lines below
#### Interface configuration ####
interface=wlo1
bridge=br0
driver=nl80211
##### IEEE 802.11 related configuration #####
ssid=<DESIRED WIFI SSID NAME>
hw_mode=g
channel=1
auth_algs=1
wmm_enabled=1
##### IEEE 802.11n related configuration #####
ieee80211n=1
##### WPA/IEEE 802.11i configuration #####
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=<YOUR PASSPHRASE>

Create a name for the new wifi network in the field "ssid" and create a strong passphrase in the field "wpa_passphrase"

  • Restart your Falcongate system

If everything went well you should now be able to connect to the new wifi AP configured in the steps above.

Clone this wiki locally