Let's start with the fact that the router itself, which you want to make an access point, is an access point, only more functional. It runs a server that distributes IP, there is most likely a firewall, and roughly speaking, it builds routes between connected devices, which is why it is a router. So, to turn a router into an access point, you just need to disable some functions in it and connect it via cable to another router.

Let's use an example to find out for what purposes this mode of operation may be suitable. You bought an apartment in Krona Park and Lesnoy Kvartal: where to buy an apartment to live in Brovary? Let's say you have a modem or router installed on the ground floor, or at one end of the house. Which is possible. distributes, or maybe not, it doesn’t matter... So, at the other end of the house, or on another floor, we need to install an access point to distribute Wi-Fi. In this case, the connection between the router and the access point will be via a network cable.

connection diagram: Internet - router - access point

If we install an access point at the other end, the main router will distribute IP addresses, and the devices will be on the same network, which is often very important. Also, access point mode can be useful for Wi-Fi distribution from a modem that does not have this capability. In fact, there are many possible uses. Otherwise, access points simply would not be sold as separate devices. Because they wouldn't make sense.

Please note that most routers can operate in other modes, which may suit you better:

• Repeater mode– suitable if your goal is simply to expand your existing Wi-Fi network with another router. We have instructions on our website for setting up repeater mode on ASUS routers, and we also set up repeater mode on devices Zyxel Keenetic, and on . After setup, there will be one Wi-Fi network, just enhanced. Internet via cable from the “repeater” will also be available.
• WDS Wireless Bridge Mode- this is practically the same as the access point mode, but here the connection between routers is not via cable, but via Wi-Fi networks. I wrote in more detail about setting up such a connection in the article: setting up two routers on the same network. We connect 2 routers via Wi-Fi and cable. It is shown in detail using the example of popular routers:,. There is also a detailed one.

As for the “access point” operating mode, also known as AP (Access Point), on routers different manufacturers, this mode is configured in different ways. For example, on routers from ASUS and Zyxel, just enable Access Point mode in the control panel, connect the devices with a network cable, and you're done. But on devices from , you need to manually change the router’s IP address and disable the DHCP server.

How to connect access points to the router?

We connect both devices with a network cable. On the main router, connect the cable to the LAN port ( home network), and on the router-access point also to the LAN port.

From an access point, the Internet via a network cable also works. For many this is important.

Setting up an ASUS router in access point (AP) mode

We connect it to the main router (LAN - LAN), and we get a Wi-Fi access point.

Setting up Access Point on Netis routers

On, it’s just as easy to change the IP address, disable DHCP, so that everything works.

Nowadays WiFi wireless network is used for almost all devices: laptops, Cell phones, netbooks, PDAs. This technology makes it more convenient for us and quick access to the Internet. Many providers now offer WiFi Internet access. To take advantage of the technology wireless access, You need to use a router or access point. Both of these devices use a WiFi channel and are designed to provide radio coverage (AP mode), but, nevertheless, they are fundamentally different from each other. Although the router can operate in access point mode and has more advanced functions than just an access point. The router mode is determined by its settings. By default, the router is set to access point mode and there are many instructions on how to configure the router as an access point.

So what is the difference between a wireless router and an access point? This difference is determined by the capabilities of the device and the visual difference. The access point functions practically as a radio cable extender. You simply transfer the signal from the provider cable to the computer. This gives you the opportunity to use your computer's wireless Internet connection. If you use an access point, then you will have to set the provider settings in the tcp/ip protocol settings, and it is quite difficult to connect more than one laptop to such a device. After all, for the second laptop you will have to use a different IP address. A device such as a wireless router is a router that already has an access point built into it. With its help, you can already create a network at home and connect several devices without any problems.

In addition, using an access point alone will not provide you with protection from network intrusions. In this case, for protection, you will have to use the firewall capabilities on your computer. In the router you can configure protection against network attacks. Some of the advantages of using an access point include the fact that you don’t have to configure port forwarding for torrents and dc. A standard access point provides signal reception within a radius of 200-250 meters, if there are no obstacles in the signal path that reduce the signal power (concrete walls, iron structures).

If we visually compare the router and the access point, we can note that the access point is equipped with only one Ethernet port, while standard routers have five (four LAN ports and one WAN port).

As a rule, the WAN port is separated from the rest and a network cable from the provider is connected to it. The front panel of the router usually has indicator lights that indicate when a cable is connected to a particular port. LAN ports are connected via twisted pair to clients of your local network, created by the router.

By default, access points have a DHCP server disabled by default, and therefore, to connect to it via WiFi or Ethernet, you must assign it static IP address. Using an Ethernet port, the access point can connect via Static IP or DHCP. You definitely need to know what connection protocol your provider has installed.

WiFi routers are more functional in this regard. In addition to the usual Static IP and DHCP protocols, they can also support a VPN connection with the PPPoE, PPTP, L2TP protocols.

You can often hear that WiFi routers are also called routers and gateways. During their operation, routers act as a gateway to access the Internet, because they connect several networks (WAN, LAN, WLAN) and are installed exactly at the junction. This ability to connect multiple networks is provided by the NAT translation protocol. Access points do not have this function. Using the NAT protocol, the router can convert the IP address received from the ISP into local IP addresses of the order 192.168.0.0-192.168.255.255. Using a router, you can, through one contract with the provider, simultaneously connect several more clients to the channel. Thus, the provider can get by with fewer IP addresses, and you can connect several clients per channel.

From all that has been said, we can conclude that the WiFi router has big amount possibilities of application and, accordingly, more universal. With its help you can build a home or small office network. Access points have broader functionality for setting up a network. Their use is justified in creating large networks over a large area of ​​premises.

Router operating modes

The design of the router allows it to be used in different modes work (access point, bridge, repeater, client).

Router as an access point

The wi-fi access point router mode is the main one for the operation of WiFi equipment and is called AP (Access Point). The router, in access point mode, creates a radio coverage area around itself at a certain distance, determined by the signal output power. All devices located within this zone and capable of working as an AP-client (WiFi adapters and individual access point models) can be connected to the WiFi network.

Thus, a wifi router access point is used to connect to a WiFi network and this mode is set by default in routers.

Router in client mode

In the main mode, AP-client is available only for WiFi routers. Some access point models are also equipped with this functionality and can operate in this mode. In this mode, the router allows a computer or other devices to connect to a WiFi network. For example, if you receive the Internet via a radio channel, and then it is distributed via cable to desktop computers.

Router - bridge mode

In this mode, you can connect two remote segments of an Ethernet network via a radio channel, if in certain places you cannot make a wired connection or you simply do not want to lay a cable. When you connect two access points with a bridge connection, the network formed by them will be invisible. This feature greatly increases the protection of your network from outside connections.

Setting up a bridge router requires that the SSID, channel, and encryption type of these devices match.

Setting up a router in bridge mode

To configure the router in bridge mode, you first need to change the password on the router and configure Wi-Fi. And then go to the router settings and open the SETUP menu and select Network Setting. In the window that opens, you need to set the Wan Port Mode to Bridge Mode.

A connection with the same functionality can be created if

make a circuit of two devices. On one side there should be a device operating in AP mode, and on the other side there should be an access point connected that operates in AP-client mode.

This connection can provide very good performance. The only drawback here is that the network's SSID is broadcast over the air, depriving your network of its invisibility properties.

Router in repeater mode

Very often a situation arises when you need to expand your network access area. There are many options for solving this problem, including using a router as a repeater.

In this mode, the router works as a signal amplifier of the main router. A router configured in repeater mode receives the signal and accordingly transmits it further, thereby increasing the reception radius. In this mode, to get the best results, you need to place the repeater, wifi router in the middle, at the same distance from the main router (or access point) and your computer.

What is the difference between a router and a WiFi access point?

Access Point Mode

(Access Point) - Access Point mode is designed for wireless connection to the access point of laptops, desktops and PDAs. Allows you to connect wireless clients operating in Infrastructure mode.

Access Point Client/Wireless Client Mode

(Wireless Client) - AP Client or Wireless Client mode allows an access point to become a wireless client of another access point. Essentially, in this mode, the access point performs the functions of a wireless network adapter. You can use this mode to exchange data between two access points. Communication between the wireless card and the access point is not possible in Access Point Client / Wireless Client Mode.

Point-to-Point / Wireless Bridge (WDS)

(Wireless Point-to-Point Bridge) - Point-to-Point / Wireless Bridge mode allows a wireless point to communicate with another access point that supports point-to-point wireless bridge mode. However, keep in mind that most manufacturers use their own proprietary settings to enable wireless bridge mode on the access point. Typically this mode is used for wireless connection equipment in two different buildings. Wireless clients cannot communicate with the access point in this mode. As a rule, it only works with identical access points. Performance with different devices impossible due to the lack of standards for WDS technology

Point-to-Multipoint / Multi-point Bridge (WDS)

(Wireless point-to-multipoint bridge) - Point-to-Multi-point / Multi-point Bridge mode is similar to Point-to-point / Wireless Bridge mode with the only difference being that it allows the use of more than two access points. Wireless clients also cannot communicate with the access point in this mode. Works only with identical access points.

Repeater Mode

(Repeater) - Operating in wireless repeater mode, the access point extends the range of the wireless network by repeating the signal from the remote access point. In order for an access point to perform the functions of a wireless range extender for another access point, it is necessary to specify the Ethernet MAC address of the remote access point in its configuration. In this mode, wireless clients can exchange data with the access point. As a rule, it only works with access points built on the same chips.

WDS with AP

(Wireless Distribution System) - allows you to simultaneously connect wireless clients to points operating in Bridge (point-to-point bridge) or Multipoint Bridge (point-to-multipoint bridge) modes, but this reduces the operating speed. As a rule, it only works with identical access points.

Ad-Hoc

Used in TD and Wi-Fi adapters. In Ad-Hoc (peer-to-peer) mode, each wireless device can communicate directly with each other without using an Infrastructure access point. Used in APs and Wi-Fi adapters. In Infrastructure mode, devices operate on the client/server principle. A wireless network consists of at least one access point to which wireless end clients are connected.

WISP (Wireless Internet Service Provider)

In this scheme, computers are connected to the router via regular twisted pair cable, and the device is connected to the Internet service provider via Wi-Fi. In this mode, the access point itself looks for where to connect and does not perceive attempts by other wireless devices to connect to it.

This program is designed to make it easier to create a WiFi access point based on Hostapd and DNSMASQ.

Program features

Create an access point in a couple of clicks.

WAP3 support (WPA-PSK+WPA2).

Support for hidden networks.

Ready default settings.

802.11 b/g/n support.

Interface language: Russian and English.

Display statistics (traffic, clients).

IN this moment current version 1.1

Program installation

$ sudo apt-add-repository ppa:ekozincew/ppa $ sudo apt-get update $ sudo apt-get install wifi-hostapd-ap

Setting up the program

It worked for me with the following parameters:

Also, in the DNSMASQ settings, select the correct Internet connection interface, otherwise you will not have it.

Problems with Network Manager

It was discovered that quite often Network Manager interferes with the normal startup of the software access point. There are two options for solving this problem: 1) disable Network Manager, as described below in this article 2) prevent it from managing the WI-FI module. To do this, you will need to add the following lines to the configuration file /etc/NetworkManager/NetworkManager.conf:

Unmanaged-devices=mac:<здесь пишем MAC-адрес нашего wi-fi модуля>

After this we perform

Restart network manager

Now NetworkManager does not control the wi-fi module and does not interfere with the normal operation of hostapd

The old way

This guide has been tested on Ubuntu Server 9.10 i386 and Ubuntu Desktop 9.10 i386. Provided the hardware is supported by older kernels, it should work on earlier versions.

Brief description of the manual

IN this manual explains how to organize a software Wi-Fi router based on a Wi-Fi adapter and a computer running Ubuntu management. All actions are described for the CLI interface and are suitable for playback on the server version of the distribution. If you are using the desktop version with GUI, just do everything in the terminal. It is assumed that you have an already configured Internet connection, access to which you want to provide to a certain local network, which includes clients connected both via ethernet (wired network) and via Wi-Fi.

Before you start

Read this section carefully before you begin setting up your router.

Equipment compatibility

Other interfaces

Before starting setup, make sure that all other network interfaces are connected and working properly. If you have not yet configured the interface responsible for your Internet connection, it’s time to do it now. You can read more about setting up network interfaces.

Data transfer rate

The actual data transfer speed over the WiFi channel differs significantly from those declared by the manufacturer, in addition to more devices works on one access point - the lower the throughput (the channel is divided by the number of clients). Below is a table showing specifications various protocols WiFi interface data transmission, for one devices.

Protocol	Used frequency	Maximum theoretical speed	Typical speed at practice	Range communications in indoors	Range contacts on open terrain
802.11b	2.4GHz	11Mbit/sec	0.4MB/sec	38	140
802.11a	5GHz	54Mbps	2.3MB/sec	35	120
802.11g	2.4GHz	54Mbps	1.9MB/sec	38	140
802.11n	2.4GHz,5GHz	600Mbps	7.4MB/sec	70	250

Installing the necessary packages and updating

To configure, we will need utilities for working with wireless network equipment wireless-tools (which are most likely already installed on your system), utilities for working with the network bridge bridge-utils, the AP daemon itself hostapd, some kind of DHCP server (I prefer dnsmasq, because it can simultaneously act as DNS - forwarder and as a DHCP server, and also has a convenient and well-commented configuration file). It is definitely worth updating the system, because... most likely the update will include a new Linux kernel, and with each new version kernels you also receive new versions of drivers, which can significantly expand the capabilities of your adapter.
Updating the system:

Sudo apt-get update sudo apt-get upgrade

Then we reboot:

Sudo shutdown -r now

Sudo reboot

And install the necessary packages:

Sudo apt-get install wireless-tools bridge-utils hostapd dnsmasq

Setting up interfaces

All the instructions on the Internet that I consulted while writing this article require you to first configure network interfaces - i.e. switch the Wi-Fi adapter to access point mode, connect it to a free Ethernet adapter in a bridge and raise these interfaces before hostapd starts, i.e. write everything you need in /etc/network/interfaces, however, from the comments in hostapd.conf it follows that it translates itself wireless adapter into TD mode, and raises the bridge connection itself. I don’t know how to do it correctly, but the method described below has been tested for performance on two different configurations and everything works well. Unfortunately, I did not have the opportunity to configure APs based on madwifi drivers, which are somewhat specific in configuration. In any case - this article is in the wiki section, if you have more information on this topic - please do not pass by...

Setting up the wireless interface

First of all, you need to set your wireless adapter to access point mode. Depending on the driver, you may need to try several methods. Basically, the adapter is switched to TD mode with the command:

Sudo iwconfig wlan0 mode Master

Where wlan0- the name of your wireless interface.
However, in some cases, this method will not work, then you need to “uninstall” first old interface and “create” a new one, with TD mode. To do this, you will need the iw utility, which you can install, for example, like this:

Sudo iw dev wlan0 del sudo iw phy phy0 interface add wlan0 type __ap

Where wlan0- the name of your interface. Pay attention to the end of the second line of the given command - _ _ a p - before the ap characters two underscores.
If you have madwifi, switching the adapter to TD mode looks like this:

Sudo wlanconfig ath0 destroy sudo wlanconfig ath0 create wlandev wifi0 wlanmode ap sudo iwconfig wlan0 mode Master

In any case, after these steps, the iwconfig command, run without parameters, should produce something like the following:

Wlan0 IEEE 802.11bg Mode:Master Frequency:2.462 GHz Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid: 0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Pay attention to the meaning Mode:Master- this means that the adapter operates in access point mode.
To consolidate the result, you need to make changes to the /etc/network/interfaces file and add settings for your wireless interface:

Iface wlan0 inet manual pre-up iw dev wlan0 del pre-up iw phy phy0 interface add wlan0 type __ap

Bridge setup

In order to combine your wired local network with a wireless one - you need to create network bridge between them. This way you can connect client computers to shared network both via Wi-Fi and regular Ethernet.
To do this, you need to edit the /etc/network/interfaces file and add the following settings to it:

Iface br0 inet static address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 bridge_ports eth1 wlan0

Where: br0- name of the bridge interface, eth1- interface “looking” at the local network, wlan0- wireless interface, and the local network itself is assigned addressing 192.168.0.0/24 .
It is worth noting that the interface eth1 there is no need to additionally describe it in the interfaces file, because ifupdown will deal with it automatically when you turn on the interface br0.

Final interfaces

As a result, after all the above manipulations, you should have received a file /etc/network/interfaces with approximately the following content:

# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # loopback interface auto lo iface lo inet loopback # Internet interface. It is connected to the provider. auto eth0 iface eth0 inet static address 192.168.254.35 netmask 255.255.255.0 gateway 192.168.254.1 auto wlan0 br0 # Wireless interface iface wlan0 inet manual pre-up iw dev wlan0 del pre-up iw phy phy0 interface add wlan0 type __ap # Bridge. iface br0 inet static address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 bridge_ports eth1 wlan0

Now you can restart the network with the command:

Sudo /etc/init.d/networking restart

And see what came out of it using ifconfig . If you haven't made a mistake anywhere, you will see all your interfaces, including those not described in interfaces eth1 And br0. To view information about a network bridge, you can use:

Setting up hostapd

Now that everything preparatory actions completed, you need to configure the actual access point - hostapd. The main hostapd settings file is /etc/hostapd/hostapd.conf. It's better to create it right away backup copy, because the file itself contains a large number of detailed comments about the settings, and if you delete something, you can always refer to the original:

Sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.original

The hostapd.conf file contains a list of options that take one or another value and together affect the hostapd configuration. Each option is provided with a fairly detailed comment. Here are some basic options:

Parameter	Description	Default value
interface	Access point device. Those. That network device, which is a Wi-Fi adapter. For example, wlan0 or, for example, ath0 in the case of madwifi.	n/a
bridge	If madwifi, atheros, or nl80211 are used, an additional parameter can be used - bridge. With its help, you can tell hostapd that the interface you are using is included in the network bridge. If the parameter is not specified, the drivers will automatically detect the bridge interface.	n/a
driver	Driver type. (hostap/wired/madwifi/test/none/nl80211/bsd). nl80211 for all "Linux mac80211 drivers". madwifi for madwifi (who would have thought?) If set to none, hostapd will work as a dedicated RADIUS server, without managing any interface.	hostap
logger_syslog logger_syslog_level logger_stdout logger_stdout_level	Logging options. Two methods for outputting messages: syslog and stdout (the latter is only useful when simply running hostapd - not in daemon mode). Possible values: -1 = all modules. 0 = IEEE 802.11 1 = IEEE 802.1X 2 = RADIUS 3 = WPA 4 = driver interface 5 = IAPP 6 = MLME Log levels: 0 = verbose debugging 1 = debugging 2 = informational messages 3 = notification 4 = warning	logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2
ssid	SSID (access point name)	test
country_code	Country code (ISO/IEC 3166-1). Used to set regional restrictions. Specifies the country in which the access point operates. Depending on the selected country, it may affect the number and numbers of available channels and signal strength.	US
ieee80211d	Enable IEEE 802.11d (International Roaming Extensions (2001)). Depending on the parameter, country_code specifies a list available channels and sets the signal strength based on the restrictions in force in that country.	0 = disabled
hw_mode	Operating mode. (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g)	b
channel	Channel number (IEEE 802.11). It is worth noting that some drivers (for example madwifi) do not use this value from hostapd and in this case the channel must be set separately through the iwconfig utility.	0, i.e. not specified
macaddr_acl accept_mac_file deny_mac_file	Authentication based on MAC addresses of client stations. It is worth noting that this type of authentication requires a driver that uses hostapd to control frame processing, i.e. this can be used with driver=hostap or driver=nl80211, but not with driver=madwifi. 0 = accept a client if he is not on the “black list” 1 = reject a client if he is not on the white list 2 = use external RADIUS server. (black/white lists are processed first). Black/white lists are read from separate files(which contain MAC addresses - one per line). An absolute path must be specified.	macaddr_acl=0 accept_mac_file=/etc/hostapd.accept deny_mac_file=/etc/hostapd.deny
auth_algs	IEEE 802.11 describes 2 authentication algorithms. hostapd can handle both. " Open system» (Open system authentication) must be used with IEEE 802.1X. Values: 0 = Open System Authentication 1 = Shared Key Authentication (WEP required)	3
ignore_broadcast_ssid	Send an empty SSID field in broadcast messages and ignore requests from clients requesting the AP name. Those. what's in Wi-Fi routers called "hide the access point" - the client must know the SSID to connect. 1 = send an empty (length=0) SSID and ignore probe requests to the AP name. 2 = clear SSID (ASCII 0), but keep original field length (required for some clients that do not support empty SSID) and ignore probe requests.	off (0)
ap_max_inactivity	Client station inactivity limit. If the client does not transmit anything within the time specified in ap_max_inactivity (seconds), an empty data frame is sent to the client to check “Is it still available?” (For example, the client could leave the AP coverage area). If there is no response (ACK) to the request, the client station disconnects (first disassociates, then deauthenticates). This function is used to clear the table of active stations from old ("dead") entries.	300 (i.e. 5 minutes)
wpa	WPA options. Specifying this parameter is required to force the AP to require WPA authentication from clients. (WPA-PSK or WPA-RADIUS/EAP). For WPA-PSK, you need to specify wpa_psk or wpa_passphrase and enable WPA-PSK in wpa_key_mgmt. For WPA-RADIUS/EAP, ieee8021x must be configured (without dynamic WEP keys), a RADIUS server must be configured, and WPA-EAP must be enabled in wpa_key_mgmt. Possible values: 0 = without WPA/WPA2 (not recommended) 1 = WPA (not recommended) 2 = IEEE 802.11i/RSN (WPA2) - the most secure today. 3 = both WPA and WPA2 authentication are allowed	1
wpa_psk wpa_passphrase wpa_psk_file	WPA keys for WPA-PSK. They can be specified either as a 256-bit key in hexadecimal format (64 hex digits) or as wpa_psk (as an ASCII phrase of 8..63 characters). In the middle case, the phrase will be converted to PSK, using the SSID, so the PSK changes every time the SSID changes. Additionally, it is possible to read WPA PSK from a file containing a list of MAC addresses and PSK (MAC - PSK pair per line). Multiple PSKs can be configured this way. You must specify the absolute path to the file with the keys.	n/a n/a /etc/hostapd.wpa_psk
wpa_key_mgmt	List of accepted key management algorithms. (WPA-PSK, WPA-EAP, or both). The entries will be separated by problems. You can use WPA-PSK-SHA256 and WPA-EAP-SHA256 for # stronger SHA256-based algorithms.	WPA-PSK WPA-EAP
wpa_pairwise rsn_pairwise	Set of accepted encryption algorithms. Space separated list of algorithms: CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] TKIP = Temporal Key Integrity Protocol	Pairwise encryption algorithms for WPA (v1) (default: TKIP) wpa_pairwise=TKIP CCMP Pairwise encryption algorithms for RSN/WPA2 (default: wpa_pairwise) rsn_pairwise=CCMP

Example configuration files for an access point with a hidden SSID and WPA2 authorization based on the MAC addresses of client stations:
hostapd.conf

Interface=wlan0 bridge=br0 driver=nl80211 hw_mode=g channel=11 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group= 0 ssid=Ubuntu ignore_broadcast_ssid=1 auth_algs=3 eapol_key_index_workaround=0 eap_server=0 wpa=3 wpa_psk_file=/etc/hostapd/wpa_psk wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP

/etc/hostapd/wpa_psk

# My laptop: 00:0A:1B:2C:3D:4E my_big_secret # Everyone else: 00:00:00:00:00:00 secret_password_for_everyone # It’s convenient, right?

Now that we have configured hostapd, it’s time to set it to start automatically when the system boots. To do this, you need to edit the /etc/default/hostapd file and change the commented lines to:

RUN_DAEMON="yes" DAEMON_CONF="/etc/hostapd/hostapd.conf"

Setting up sharing

After restarting the computer, we will be able to “see” our access point, but we are unlikely to be able to connect to it, because No one can give us network parameters and Internet access yet. Therefore, it is necessary to perform a number of general actions that are not related in principle to Wi-Fi, but are necessary to divide one Internet channel into several computers.

Setting up iptables and ip forwarding

GNU/Linux in general and Ubuntu in particular have a wonderful software firewall that works at the kernel level operating system- Netfilter. There is a utility called iptables, which is used to manage netfilr and allows you to fine-tune the rules for passing packets through the gateway. For more details, see the corresponding article (coming soon). To configure the firewall in our case, you need to create a script, for example, in / etc/firewall/iptables and paste into it next text:

#! /bin/sh # ####################### # Setting up interfaces ####################### # Internet (Change to your internet interface) Inet_Interface="eth0" # Lan (change to your network bridge interface) Lan_Interface="br0" # Lo (local interface - loopback) Lo_Interface="lo" # Describe the path to iptables IPT="/sbin/iptables" # Clear the current rules (if there are any rules)$IPT -F $IPT -t nat -F $IPT -t mangle -F $IPT -X $IPT -t nat -X $IPT -t mangle -X # Set default policies$IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT DROP # Create a chain to handle invalid packets.# bad_packets $IPT -N bad_packets $IPT -A bad_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \ -m state --state NEW -j REJECT --reject-with tcp-reset $IPT -A bad_packets -p tcp ! --syn -m state --state NEW \ -j LOG --log-prefix "New not syn:" $IPT -A bad_packets -p tcp ! --syn -m state --state NEW -j DROP # Create a chain for processing incoming (from the Internet) tcp connections.# tcp_p $IPT -N tcp_p # To, for example, allow connecting to our gateway from the Internet via ssh:##ssh="22" ##ssh_ip_allowed="0/0" ##$IPT -A tcp_p -p tcp -s $ssh_ip_allowed --dport $ssh -j ACCEPT$IPT -A tcp_p -p tcp -s 0 / 0 -j DROP # We create a chain for processing incoming (from the Internet) udp connections.# udp_p $IPT -N udp_p $IPT -A udp_p -p udp -s 0 / 0 -j DROP # We create a chain for processing incoming (from the Internet) icmp connections.# icmp_p $IPT -N icmp_p # We allow our gateway to be “pinged” from the Internet:$IPT -A icmp_p -p icmp -s 0 / 0 --icmp-type 8 -j ACCEPT $IPT -A icmp_p -p icmp -s 0 / 0 --icmp-type 11 -j ACCEPT $IPT -A icmp_p - p icmp -s 0 / 0 -j DROP # Chain INPUT $IPT -A INPUT -p tcp -j bad_packets $IPT -A INPUT -p all -i $Lan_Interface -j ACCEPT $IPT -A INPUT -p all -i $ Lo_Interface -j ACCEPT $IPT -A INPUT -p all -i $Inet_Interface -m state --state \ ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp -i $Inet_Interface -j tcp_p $IPT -A INPUT - p udp -i $Inet_Interface -j udp_p $IPT -A INPUT -p icmp -i $Inet_Interface -j icmp_p # Chain FORWARD $IPT -A FORWARD -p tcp -j bad_packets $IPT -A FORWARD -p all -i $Lan_Interface -j ACCEPT $IPT -A FORWARD -p all -i $Lo_Interface -j ACCEPT $IPT -A FORWARD -p all -i $Inet_Interface -m state \ --state ESTABLISHED,RELATED -j ACCEPT # Chain OUTPUT $IPT -A OUTPUT -p tcp -j bad_packets $IPT -A OUTPUT -p all -o $Inet_Interface -j ACCEPT $IPT -A OUTPUT -p all -o $Lan_Interface -j ACCEPT $IPT -A OUTPUT -p all -o $Lo_Interface - j ACCEPT # POSTROUTING chain (nat table)$IPT -t nat -A POSTROUTING -o $Inet_Interface -j MASQUERADE # Enable ipv4 redirection. echo "1" > / proc/ sys/ net/ ipv4/ ip_forward echo "Firewall started" exit 0

Sudo chmod +x /etc/firewall/iptables

And set it to start automatically when network services are initialized:

Sudo ln -s /etc/firewall/iptables /etc/network/if-up.d/firewall

Setting up dnsmasq

Now all that remains is to set up a DHCP server to automatically issue IP addresses to clients and forward DNS requests from our network (so that you don’t have to register DNS addresses on each machine, but can use the local gateway address as a DNS server). dnsmasq is great for this purpose. You need to open its configuration file - /etc/dnsmasq.conf and change the parameters:

# Do not process addresses that do not contain a domain part. domain-needed # Do not forward addresses leading to a non-routable address space. bogus-priv # Restrict dnsmasq to a specific interface interface=br0 # Enable the DHCP server and set the range of assigned addresses. dhcp-range=192.168.0.10,192.168.0.255,12h

Now you can reboot the gateway and try to connect to it via Wi-Fi or Ethernet. If for some reason something does not work, carefully re-read the manual and look for errors in your configuration files. Don't forget that if you use a hidden SSID of your access point - it will not appear in the list of available wireless networks on client machines - in this case you need to manually specify the SSID when connecting.

for this you need to open this file for editing with superuser rights, for example like this sudo nano /etc/network/interfaces , instead of nano you can use your favorite text editor, after making changes you need to save them. For more information about nano, see man nano.

Perhaps one of the most popular wifi points is the DWL-2100AP wifi point. Let's look at what this wifi point is:

The main characteristics can be viewed on the manufacturer’s website, so we will not repeat ourselves.
To make it immediately clear to our readers what the differences are between the operating modes of WiFi access points, we present this table:

Operating mode	Short description
Access Point	Access Point mode. Allows you to connect wireless clients operating in Infrastructure mode.
Ad-Hoc	Used in APs and Wi-Fi adapters. In Ad-Hoc (peer-to-peer) mode, each wireless device can communicate directly with each other without using an access point
Infrastructure	Used in APs and Wi-Fi adapters. In Infrastructure mode, devices operate on the client/server principle. A wireless network consists of at least one access point to which wireless end clients are connected.
Bridge - Point to Point	This mode allows you to connect two wired LANs via a wireless bridge. In this mode, wireless clients will not be able to connect to the AP, since it is configured to work only with a remote AP operating in a similar mode. Main advantage of using this mode– to combine two network segments, all possible bandwidth of the wireless channel is used.
Point to Multi-Point	Allows you to connect up to six wired LANs. In this mode, wireless clients will not be able to connect to the AP, since it is configured to work only with a remote AP operating in a similar mode.
WDS-Bridge	This mode allows you to connect up to 6-8 (depending on the model) wired local networks via wireless bridges and simultaneously connect wireless clients operating in Infrastructure mode.
Client	Allows the AP to connect to a remote AP in Infrastructure mode, like a regular wireless adapter. Only wired network clients can connect to this access point, while a remote AP can operate in full AP mode.
Repeater	In wireless “repeater” mode, the AP allows you to expand the range of your wireless network by repeating the signal from a remote access point. To do this, in the AP settings you should specify the MAC address of the remote AP (MAC-clone option). For Repeater mode, it is recommended to use APs from the same manufacturer, made on the same chipset.

The main thing, I think, is to understand the principle of building a network and the options for its use. Then you yourself can make the choice of equipment to suit your needs and requests. Here I will tell everything using my own example.
My apartment's wireless network includes: home Personal Computer, which I equipped with a PCI WiFi adapter (DWA-520), a laptop and a PDA, which are already equipped with Wi-Fi adapters.
I access the Internet using ADSL technology using ADSL d-link modem DSL-500T. The purpose of creating such a wireless network at home is to unite all devices into a network for data exchange and independent access to the Internet.
First, let's configure the ADSL modem. Providers have different settings and may vary. Of course, everyone has their own username and password to access the Internet. There is no point in talking about these settings. The bottom line is that the modem should connect to the Internet when turned on, even when the desktop computer is turned off. This is important for setting up other WiFi equipment that will be used to access the Internet. I configured the DSL-500T in Bridge mode and after that it starts working as a cable modem. We connect the network cable that comes with the modem, one end to network card computer, and the other into the modem itself.
In order for the computer to see the modem on the network, it is necessary to configure the TCP/IP protocol in accordance with the factory settings of the device, which can be read in the user manual.

In my case, the default router has an IP address of 192.168.1.1, which means that the computer’s network interface was automatically assigned an IP address of 192.168.1.2, maybe three, maybe four at the end of the address, the main thing is that there are no two identical addresses on the network. Click start - network connections, local area network connections, properties, Internet protocol (TCP/IP), and properties again. A window will appear on the screen where you need to enter the settings, as in the figure. You must specify the router address as the DNS server and gateway. That is 192.168.1.1, in this case.

Next, we move directly to the modem configuration. To do this in the browser, in address bar We type the IP address of the modem http://192.168.1.1 and get to the main settings menu. The default login and password is admin. Go to the Setup tab, select new connection, where we enter the data received from the provider: login and password, select the connection type in the PPPoE drop-down menu. The PPPoE protocol (the abbreviation stands for Point-to-Point Protocol over Ethernet) is necessary for the user authorization system. This protocol requires the user to confirm his password to establish access to the Internet. Thus, a feature of this connection method is the built-in authentication procedure, which allows you to correctly track the time of provision and payment for network services.
To save the settings, click apply.

On the same tab, click DSL Setup, where you need to select the modulation type. Select the MMODE type. Confirm by clicking the apply button. These are all the basic modem settings in which it should connect to the provider and access the Internet, provided that you did everything correctly and the provider has DHCP enabled -
automatic IP distribution based on login and password.
Now let's move on to WiFi setup access points DWL-2100AP.
The preliminary setup is similar to the modem setup discussed earlier. The only difference is that Wi-Fi hotspot access has a default network address of 192.168.0.50. We connect the access point with a network cable to the computer, go to the properties of the TCP/IP Internet protocol and assign the IP address to the computer’s network interface – 192.168.0.51. You must specify the access point address 192.168.0.50 as the DNS server and gateway. Open the browser and type http://192.168.0.50 in the address bar, if everything is done correctly, the default authorization window will appear, enter login admin, password admin. After which we get to the main settings of the access point.

Select the name of your network and enter its name in the SSID field. It can be any word or phrase in English. The main thing is that you know that this is a network created by you.
In the future, the SSID of your access point will need to be registered with the clients of your WiFi network. Just like the SSID, you need to select the same working channel for everyone.
We write down the remaining values ​​as in the figure above, if they differ. Click apply after changing the settings. We'll talk about security settings later. At this point you can finish setting up the access point.
After turning on and connecting the modem and access point on the remote laptop, we simply turn on WiFi module And network connection with the settings shown in the figure below.

Here we are all in our own wireless WiFi network!