If you follow the steps in this document, and read carefully, the end result will be a fully functioning highly customizable raspberry-pi access point that you can use for a myriad of entertaining and useful tasks.
If you've ever wanted to see what a computer was doing while connected to an access point, or see how different applications behave in slow or overcrowded networks, this document, and the related commands in other files in this project can show you how to have an entire WIFI test suite at your disposal.
- Install docutils:
sudo apt-get install python-docutils - Build to HTML:
rst2html howto.txt howto.html --stylesheet-path=docutils.css
| Note: | If rst2html isn't present try: rst2html.py |
|---|
192.168.1.xxx range.10.0.10.xxx range.192.168.1.1 and you want the Raspberry PI to use10.x.x.x range, you should switch around the commands as you see fit.| Note: | I will eventually add some scripts to help build the configs automatically. |
|---|
Raspbian is the default and best linux distribution currently available to use with your raspberry pi. Our raspberry pi came with a bootable memory card with a program called NOOBS on it. You can use NOOBS to install Raspbian (it gives you several other options).
- Plug in your keyboard and monitor (hdmi)
- Plug in the USB power cable
- The Raspberry PI will begin booting (you'll see lights on the board lit) A list of the different operating systems will appear. Tick the box next to Raspbian and select
install.- The install process wil begin (this will take awhile)
raspi-configis automatically started when install finishes. You can set the region time, date, etc from this menu.
- Insert the memory card into a memory card reader and connect it to your linux desktop.
- Use
ddcommand line tool to copy your disk image to the raspberry pi.- You're done.
When connected directly to the raspberry pi or over ssh you can use default credentials.
Note: you won't see any characters appear when you're typing (this is a security feature of linux)
Default Credentials:
username: pi password: raspberry
Login:
ssh pi@10.0.10.48
Configuration files we'll be creating or editing.
Copies of some of these are located in the configs directory within the github repository containing this code based on exactly the configurations detailed here.
- /etc/sysctl.conf
- /etc/default/hostapd
- /etc/dnsmasq.conf
- /etc/hostapd/hostapd.conf
- /etc/network/interfaces
We need the wireless hardware interface setup and configured in such a way that it can act as an access point. To do this we'll need to do a few things.
Edit
/etc/network/interfacesComment out these lines:
#allow-hotplug wlan0 #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf #iface default inet dhcp
Add these lines (editing the
iface wlan0interface if it's already there):iface wlan0 inet static address 192.168.1.1 netmask 255.255.255.0
hostapd will act as the actual access point software. It will manage the wireless device and broadcast the wireless network.
WIFI Adapter Note:
Many Raspberry PI use Wifi Adapter Realtek 8188CU (same chip used by the Edimax EW-7811Un) This ADAPTER is Not supported and will not run in AP mode!
There are mentions of a patch to
hostapdthat allows this chip to work, but it was unsuccessful for me.
- Verify AP Support:Verify by
sudo apt-get install iwand executingiw list.If you seenl80211 not found.your device doesn't support AP mode.At SpotOn we purchased Panda Mid-Range Wireless N USB Adapter's - these worked great. sudo apt-get install hostapd- Edit the file
/etc/default/hostapdedit and uncomment the existing line in the file so you end up with...DAEMON_CONF="/etc/hostapd/hostapd.conf" Create/Edit the file
/etc/hostapd/hostapd.confChange/Add the line
driver=nl80211to the hostapd.conf file.- Add the following configuration options to hostapd.confchange
ssidto a reasonable nameandwpa-passphraseto something unique.Changewlan0to the name of your wireless interface.driver=nl80211 interface=wlan0 country_code=US #ctrl_interface=eth0 #ctrl_interface_group=0 ssid=rpi1-at-10-0-10-48 hw_mode=g channel=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=password wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP beacon_int=100 auth_algs=3 macaddr_acl=0 wmm_enabled=1 eap_reauth_period=360000000 logger_stdout=1 logger_stdout_level=0 logger_syslog=-1 logger_syslog_level=0
- Start hostapd
sudo service hostapd start... (or)sudo hostapd /etc/hostapd/hostapd.confto run interactively (view errors) - optional stepAdd the line
ifconfig wlan0 192.168.1.1to the file/etc/init.d/hostapdimmediately before the exit 0 at the bottom.Whenhostapdis restarted, the IP address on the WIFI (wlan0) interface is lost.Now the commandservice hostapd restartwill function properly.
sudo apt-get install dnsmasq/etc/dnsmasq.confuncomment and setinterface=wlan0uncomment and setdhcp-range=192.168.1.50,192.168.1.150,255.255.255.0,12huncomment and setdhcp-authoritative
Assumptions:
- You have a wired connection to a private network behind a router as interface
eth0.- You have a wireless connection configured as
wlan0.
IpTables Note:
You can check iptablets and the current ruleset with the command
sudo iptables -nvLYou can flush and reset iptables (to defaults) with these commands:
iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t raw -F iptables -t raw -X iptables -t security -F iptables -t security -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
Enable NETWORK ADDRESS TRANSLATION (NAT) to share the internet on eth0 with wlan0...:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Persist NAT after boot - Edit
/etc/sysctl.confadding this line at the bottom:net.ipv4.ip_forward=1
Enable NAT/forwarding in the kernel:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Persist the changes to iptables:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
- Now edit the file
/etc/network/interfacesand add the following line at the bottomThis will cause iptables to be restored from config when the interface comes up::up iptables-restore < /etc/iptables.ipv4.nat
We want hostapd, and dnsmasq to start with the device by default.:
sudo update-rc.d hostapd enable sudo update-rc.d dnsmasq enable
- See the file
tc.rstfor poor network quality simulation options (packet loss, out-of-order, etc) - See the file
iptables.rstfor network failure simulation commands. - See the file
dnsredirection.rstfor controlling how DNS requests for specific domains are handled.
The most Relevant tutorial specifically for RPI and using dnsmasq and hostap
Other stuff
- http://elinux.org/RPI-Wireless-Hotspot
- http://www.daveconroy.com/turn-your-raspberry-pi-into-a-wifi-hotspot-with-edimax-nano-usb-ew-7811un-rtl8188cus-chipset/
- http://blog.sip2serve.com/post/48420162196/howto-setup-rtl8188cus-on-rpi-as-an-access-point
- https://github.com/previ/coderbot/wiki/Realtek-8188-Wi-Fi-adapter
- http://www.raspberrypi.org/forums/viewtopic.php?p=462982#p462982
- http://www.andybev.com/index.php/Using_iptables_and_PHP_to_create_a_captive_portal
- http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/external/bsd/wpa/dist/hostapd/hostapd.conf
forwarding between networks
The best article on configuring NAT with dnsmasq and access point.