Setting Up a Wireless Access Point With Ubuntu Raring Ringtail
I’ve finally gotten sick of having a terrible wireless signal in my room, and I have a server in my office (hard wired via gigabit) so I figured I’d set it up as a wireless access point. There’s a lot of information in various places on how to set everything up, so I figured I’d try to wrangle everything in 1 spot.
Install the card.
I used a TP-Link WDN4800. Sadly I don’t have a list of all the compatible wireless cards, but it seems that having something based on the Atheros chipset is a good thing.
Check sudo lshw | less and look for your new card. If you have a build in wireless device, you’ll most likely want the one marked wlan1, otherwise it will probably be wlan0. For the rest of this post I’ll assume you’re using wlan1 as a lot of machines come with a build in wireless device at wlan0.
Check to make sure you’re using the right drivers. You’ll want to see mac80211 in there.
> lspci -k | grep -A 3 -i network
04:00.0 Network controller: Atheros Communications Inc. AR9300 Wireless LAN adaptor (rev 01)
Subsystem: Atheros Communications Inc. Device 3112
Kernel driver in use: ath9k <----- this is what you want to see
> modinfo ath9k | grep 'depend'
depends: ath9k_hw,ath9k_common,mac80211,ath,cfg80211 <--- make sure mac80211 is in here
Check that your wireless device is up via ifconfig wlan1 up. If it can’t come up, check rfkill list all.
> rfkill list all
0: phy0: Wireless LAN
Soft blocked: yes
Hard blocked: no
1: phy1: Wireless LAN
Soft blocked: yes
Hard blocked: no
If you see that your device is soft blocked, you can use rfkill unblock wifi, then ifconfig wlan1 up to bring it up. You should see this now:
> rfkill list all
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
1: phy1: Wireless LAN
Soft blocked: no
Hard blocked: no
Install hostapd
apt-get install hostapd
Configure your wireless. You’ll want to edit /etc/hostapd/hostapd.conf. Here’s what mine looks like, set to be wide open to the world. You’ll want to lock this down after we get it up and running. Chuck the card in one of your PCI slots, and boot the machine back up.
interface=wlan1
driver=nl80211
ssid=batcave
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
There’s plenty of details in this post, so I won’t rehash the entire post.
Set up your DNS server
As of Ubuntu 12.04, the network manager runs dnsmasq, you’ll need to disable it if you want to run your own. Open vim /etc/NetworkManager/NetworkManager.conf and comment out the line dns=dnsmasq. Read Stéphane Graber’s blog post on this if you want to learn more.
Install dnsmasq with apt-get install dnsmasq. Edit the end of your /etc/dnsmasq.conf:
# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
interface=wlan1
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4
We’ll need to configure our wireless device to be able to use our hostapd and our dnsmasq.
Set your iptables rules
ifconfig wlan1 up 10.0.0.1 netmask 255.255.255.0
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE ## <--- change eth2 to whatever your wired connection is
iptables --append FORWARD --in-interface wlan1 -j ACCEPT
#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sysctl -w net.ipv4.ip_forward=1
service hostapd start
service dnsmasq start
You should now be able to connect to your wireless network. Save your iptables rules with iptables-save > /etc/iptables.rules.
Read the full post about using dnsmasq here.
Enable Wireless N and a WPA password
At this point, your network is wide open, which probably sucks. I’ve updated my /etc/hostapd/hostapd.conf to now include wireless N support and a passphrase.
interface=wlan1
driver=nl80211
ssid=batcave
hw_mode=g
channel=6
ignore_broadcast_ssid=0
# wireless N
ieee80211n=1
wmm_enabled=1
country_code=US
ieee80211d=1
auth_algs=3
wpa=3
wpa_passphrase=yourpasswordhere
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
macaddr_acl=0
Restart hostapd with service hostapd restart and you should be good to go.