Raspberry Pi 3 as WiFi Access Point (without bridge interface)

Happy New Year to everyone! Although this is not my first entry of this year I forgot to wish you the best for 2020 in my previous article, sorry about that, let’s start with this new topic.

This entry is going to cover my particular setup to configure Raspberry Pi 3 as WiFi access point, although I have an APU.1D4 as my personal router due to a problem with one of its ports I can’t install a Wifi card, and I bought a D-Link DWA 171 to be used with my RB3 I decided to use LAN access point, so here is my setup.

Installing required software packages

# apt update && apt upgrade
# apt -y install hostapd dnsmasq
# systemctl stop hostapd
# systemctl stop dnsmasq

Set up static IP address

In my case I only going to use static IP configuration so I don’t need dhcpcd service running, although the same configuration could be done using dhcpcd.conf file, but I’m trying to follow KISS principle here:

# systemctl disable dhcpcd
# systemctl mask dhcpcd
Created symlink /etc/systemd/system/dhcpcd.service → /dev/null.
# systemctl status dhcpcd
● dhcpcd.service
   Loaded: masked (Reason: Unit dhcpcd.service is masked.)
   Active: inactive (dead)

To set up my static IP configuration I’m going to create a file inside interfaces.d directory:

# vim /etc/network/interfaces.d/mylan
auto eth0
iface eth0 inet static
   address 10.111.1.2
   netmask 255.255.255.0
   gateway 10.111.1.1

auto wlan0
iface wlan0 inet static
   address 10.111.11.1
   netmask 255.255.255.0

# systemctl restart networking
# ip route
default via 10.111.1.1 dev eth0 onlink 
10.111.1.0/24 dev eth0 proto kernel scope link src 10.111.1.2 
10.111.11.0/24 dev wlan0 proto kernel scope link src 10.111.11.1 

Configure Hostapd

Edit the settings file with the following content:

# vim /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=miap
hw_mode=g
channel=6
country_code=ES
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=<YOUR_PASSWORD_HERE>
rsn_pairwise=CCMP

Please pay attention to an unusual configuration line country_code=ES, until I don’t setup this line I always receive the following log entries when I try to connect with my AP:

hostapd: wlan0: Could not connect to kernel driver
...
hostapd: wlan0: STA bc:a8:a6:ce:29:94 IEEE 802.11: disassociated

This hint was found in the raspberry forum, it seems that this config line makes your AP compiles local radio rules (whatever does mean 😀 ): https://www.raspberrypi.org/forums/viewtopic.php?t=141807#p938323

If you check hostapd start up log you could see something like this, no more Could not connect to kernel driver error message anymore:

...
Jan 08 11:27:29 raspberrypi hostapd[502]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Jan 08 11:27:29 raspberrypi systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
...

It’s needed to edit an additional configuration file and modify this

# vim /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Configure dnsmasq

We are going to use dnsmasq service as DHCP server to our access point:

# mv /etc/dnsmasq.conf /etc/dnsmasq.conf.ORIG
# vim /etc/dnsmasq.conf
interface=wlan0 
listen-address=10.111.11.1
bind-interfaces 
server=8.8.8.8
bogus-priv
dhcp-range=10.111.11.120,10.111.11.135,255.255.255.0,24h
local=8.8.8.8

Test our WiFi configuration

Let’s start our services

# systemctl start dnsmasq
# systemctl start hostapd

And this is how is logged a successful WiFi connection to our access point when I connect to my miap network:

Jan  8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 IEEE 802.11: associated
Jan  8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 RADIUS: starting accounting session 33D3C0E7942D9F7B
Jan  8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 WPA: pairwise key handshake completed (RSN)
Jan  8 11:27:45 raspberrypi dnsmasq-dhcp[520]: DHCPREQUEST(wlan0) 10.111.11.135 bc:a8:a6:ce:29:94 
Jan  8 11:27:45 raspberrypi dnsmasq-dhcp[520]: DHCPACK(wlan0) 10.111.11.135 bc:a8:a6:ce:29:94 fisher3

Enabling packet forwarding

As you could before when we setup our IP configuration this approach is not using a bridge interface because we’re going to setup iptables to forward packets between our Ethernet NIC and our WiFi interface, first of all let’s enable NAT (Network Address Translation) uncommenting the following line:

# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
# iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# sh -c "iptables-save > /etc/iptables.ipv4.nat"
# vim /etc/rc.local
...
iptables-restore < /etc/iptables.ipv4.nat 
exit 0

Test it out.

Restart our RB, and when you see in available networks the name assigned to the access point connect to it and try to web browse, hopefully all should work like a charm:

# reboot

References:

That’s all Folks!!!


“If you cannot do great things, do small things in a great way”
— Napoleon Hill

One thought on “Raspberry Pi 3 as WiFi Access Point (without bridge interface)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s