CentOS 7 HOSTAPD Routing mode configuration

This is another way to implement the wireless access point AP mode using HOSTAPD under Linux: HOSTAPD routing mode configuration.

For the basic configuration of hardware and software and HOSTAPD installation in the "CentOS 7 HOSTAPD AP Mode Configuration" in the first half of the content, you can look at that article, and then read this article.

HOSTAPD AP mode configuration requires a wired network card and wireless network card for bridging, the route mode configuration is mainly the wireless network card data through the wired network card to disguise, forward two aspects, it is no longer necessary to bridge the wired and wireless network card.

Configure this route pattern is similar to a normal wireless router, the cable network port is equivalent to the ordinary wireless router WAN interface, wireless network card is responsible for sending radio signal for mobile phone, laptop wireless device access to achieve network access.

But the difference is that compared with ordinary wireless routers, this implementation method does not have four ordinary LAN interface, not for other desktops and other wired connection.

In fact, Linux as a network-based operating system can also be connected, but need switches and other equipment, will be more complex. My configuration here is considered to be a normal wireless router with no four LAN interfaces.

hostapd.conf Configuration

Here is just a minimal configuration:

# /etc/hostapd/hostapd.conf minimized configuration
interface = wlp2s0
# bridge = br0 #Bridge is no longer needed, just comment this line
driver = nl80211
ssid = test
hw_mode = g
channel = 1
auth_algs = 3
ignore_broadcast_ssid = 0 # broadcast, 0 broadcast
wpa = 3
wpa_passphrase = 12345678 # wireless connection password

The configuration is similar to the AP mode profile, as long as the BRIDGE=BR0 option is commented out.

Wired Interface Configuration

First, we need to properly configure the Wired interface and can surf the internet properly. The simplest way is to get the IP address, gateway, DNS automatically from the router. If you do not have a router, then you need to manually set up the Wired interface, such as the usual PPPoE mode, static IP address mode, dynamic access to IP address and so on. Anyway, it's easiest to get the IP address dynamically.

Wireless interface settings using the IP addr add command

Use the IP addr add command to set the IP address of the wireless card, which will expire after a reboot. For example, 172.16.0.1/24 or other private addresses, and you should not be in the same network segment as a wired network card. The IP address that the general wired network card obtains from the router is the 192.168.1.0/24 network segment address.

IP addr Add 172.16.0.1/24 dev Wlp2s0

Pit tip : CentOS 7 is currently using the NetworkManager suite as the network Configuration tool by default. A problem here is that the NetworkManager suite provides a NMCLI command that does not support setting a static IP address for the wireless card, which requires the IP addr add command to manually set the IP address of the wireless card or the/etc/sysconfig/netwo The rk-scripts/folder creates a new configuration file, which is an older and more classic interface configuration.

Using a network configuration file

If you want to save the settings, you can create a new file/etc/sysconfig/network-scripts/ifcfg-static-wlp2s0, with a ifcfg prefix for the filename.

Vi/etc/sysconfig/network-scripts/ifcfg-static-wlp2s0

[[email protected] ~] # vi / etc / sysconfig / network-scripts / ifcfg-static-wlp2s0
# TYPE = Ethernet
# BOOTPROTO = none
# DEFROUTE = yes
# IPV4_FAILURE_FATAL = no
# IPV6INIT = yes
# IPV6_AUTOCONF = yes
# IPV6_DEFROUTE = yes
# IPV6_FAILURE_FATAL = no
# NAME = static-wlp2s0
# UUID = a036678e-8fdf-48f3-8693-961bb6326i744
DEVICE = wlp2s0 #Specify the interface of the wireless network card
ONBOOT = yes #Set it at boot
IPADDR = 172.16.0.1 #Specify IP address
PREFIX = 24 #Specify mask length
# GATEWAY = 192.168.10.254 #Others do not need to comment out
# DNS1 = 127.0.0.1
# DNS2 = 192.168.10.254
# IPV6_PEERDNS = yes
# IPV6_PEERROUTES = yes

After saving need to stop the Networkmanager.service service, it is best not to start the boot, or there will be problems. The main performance is the boot Network.service cannot start.

Prohibit Networkmanager.service service from booting

Systemctl Disable Networkmanager.service

Stop Networkmanager.service Service

Systemctl Stop Networkmanager.service

Want to see if it takes effect you can restart the Network.service service or restart the system directly.

Systemctl Restart Network.service

enabling forwarding and configuring interface spoofing
Enable forwarding

Fails after restarting with sysctl-w

Sysctl-w net.ipv4.ip_forward=1

[Email protected] ~]# sysctl-w Net.ipv4.ip_forward=1net.ipv4.ip_forward = 1

Do not fail after enabling IP forwarding restarts use the following method, which automatically loads the settings under the/etc/sysctl.d/folder when the system restarts.

Vi/etc/sysctl.d/ip_forward.conf

[Email protected] ~]# vi/etc/sysctl.d/ip_forward.conf Net.ipv4.ip_forward = 1

Configuring Interface Spoofing

The Firewalld and iptables in CentOS 7 can be used to disguise the interface. The Firewalld.service service is enabled by default in CentOS 7. The Iptables service conflicts with the FIREWALLD service and only one of them can be enabled.

Configuring interface spoofing with FIREWALLD

If you can use the graphical interface configuration is more straightforward, here only using the Firewalld-cmd command mode configuration.

If the Firewalld.service service is not started, you need to start the Firewalld.service service first.

Systemctl Start Firewalld.service

Add the wireless interface to the trust zone and save the configuration. By default, all interfaces are in the public area, and connection restrictions are strict, resulting in the inability to connect.

Firewall-cmd--zone=trusted--add-interface=wlp2s0--permanent

[Email protected] ~]# firewall-cmd--zone=trusted--add-interface=wlp2s0--permanent Success

Enable spoofing on the zone where the Wired interface resides, and save the configuration by default, the Wired interface belongs to the public zone.

Firewall-cmd--zone=public--add-masquerade--permanent

[Email protected] ~]# firewall-cmd--zone=public--add-masquerade--permanent Success

Restart FIREWALLD Service

Systemctl Restart Firewalld.service

Configuring interface spoofing with Iptables

If you are accustomed to using iptables, you need to install iptables-services this package, which contains the Iptables.service and Ip6tables.service services, respectively, for IPv4 and IPv6.

To use iptables, you need to stop and disable the Firewalld.service service first

Systemctl Stop Firewalld.service

Systemctl Disable Firewalld.service

Enable the Iptables.service service again, because it is still mainly used IPv4 so only iptables.service can be enabled. If using iptables also need to set up boot Iptables.service service.

Systemctl Enable Iptables.service

Start the Iptables.service service

Systemctl Start Iptables.service

Interface Spoofing

Iptables-t nat-a postrouting-o P2p1-j Masquerade

In general, the above command can be configured, if the firewall settings are more stringent need to add the Allow forwarding wireless NIC interface Wlp2s0.

Iptables-t filter-a forward-i wlp2s0-j ACCEPT

DNSMASQ Configuring DNSMASQ Software Installation

DNSMASQ is primarily responsible for assigning client IP addresses and DNS resolution services.

Install DNSMASQ software if not installed

Yum Install DNSMASQ

Set boot auto-start DNSMASQ service

Systemctl Enable Dnsmasq.service

dnsmasq.conf Configuration

Vi/etc/dmsmasq.conf

[[email protected] ~] # vi /etc/dnsmasq.conf
# Specify the interface, and specify the lo interface at the same time. You can use the ‘*’ wildcard
interface = wlp2s0
# Binding interface
bind-interfaces
# DHCP address pool from 172.16.0.100 to 172.16.0.200
dhcp-range = 172.16.0.100, 172.16.0.200, 255.255.255.0, 1h 

Starting the DNSMANSQ service requires that the wireless network card has the IP address set correctly. DNSMASQ automatically sets the current wireless card address 172.16.0.1 to the client's gateway address and DNS address.

Systemctl Start Dnsmasq.service

Finally restart the HOSTAPD service

Systemctl Restart Hostapd.service

This article is from "Lao Ding's Linux" blog, please be sure to keep this source http://laoding.blog.51cto.com/980622/1697788

CentOS 7 HOSTAPD Routing mode configuration