Complete guide to using hostapd implementation on CentOS7 in AP-less mode

This article is another way to implement wireless access point AP mode using hostapd under Linux: hostapd routing mode configuration.

The basic configuration of software and hardware and the installation of hostapd are explained in the first half of "CentOS 7 Hostapd AP Mode Configuration". You can read that article first and then read this article.

hostapd's AP mode configuration requires bridging of wired network cards and wireless network cards. The routing mode configuration mainly involves camouflaging and forwarding the data of the wireless network card through the wired network card, so there is no need to combine the wired and wireless network cards. Make a bridge.

Configuring this routing mode is similar to an ordinary wireless router. The wired network port is equivalent to the WAN interface of an ordinary wireless router. The wireless network card is responsible for sending broadcast wireless signals for wireless devices such as mobile phones and laptops to access the network to achieve network access. .

But the difference is that compared with ordinary wireless routers, this implementation does not have four ordinary LAN interfaces and cannot be used for wired connections by other desktop computers.

In fact, Linux, as an operating system with mainly network functions, can also be connected, but it requires switches and other equipment, which will be more complicated. My configuration here is just like a regular wireless router without four LAN interfaces.

hostapd.conf configuration

Here is just a minimal configuration:

#/etc/hostapd/hostapd.conf Minimum configuration

interface=wlp2s0

#bridge=br0                                                                                                                                                                                                  

#driver=nl80211

ssid=test

hw_mode=g

channel=1

auth_algs=3

ignore_broadcast_ssid=0               # Whether to broadcast, 0 broadcast

wpa=3

wpa_passphrase=12345678                                                                               

The configuration is similar to the AP mode configuration file, just comment out the bridge=br0 option.

Wired interface configuration

First we need to configure the wired interface correctly and be able to access the Internet normally. The simplest way is to automatically obtain the IP address, gateway, and DNS from the router. If there is no router, you need to manually set the Internet access method of the wired interface, such as the commonly used PPPOE method, static IP address method, dynamic IP address acquisition method, etc. Anyway, it is easiest to obtain the IP address dynamically.

Wireless interface settings use ip addr add command

Use the ip addr add command to set the IP address of the wireless network card. It will become invalid after restarting. For example, 172.16.0.1/24 or other private addresses, and do not be in the same network segment as the wired network card. Generally, the IP address obtained by the wired network card from the router is the 192.168.1.0/24 network segment address.

ip addr add 172.16.0.1/24 dev wlp2s0

Tips

: CentOS 7 currently uses the NetworkManager suite as the network configuration tool by default. One problem encountered here is that the nmcli command provided by the NetworkManager suite does not support setting a static IP address for the wireless network card. Therefore, you need to use the ip addr add command to manually set the IP address of the wireless network card or in /etc/sysconfig/network Create a new configuration file under the -scripts/ folder. This is an older and classic interface configuration method.

Using network configuration files

If you want to save the settings, you can create a new file /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0, and the file name is prefixed with ifcfg.

vi /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0

[root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0

#TYPE=Ethernet

#BOOTPROTO=none

#DEFROUTE=yes

#IPV4_FAILURE_FATAL=no

#IPV6INIT=yes

#IPV6_AUTOCONF=yes

#IPV6_DEFROUTE=yes

#IPV6_FAILURE_FATAL=no

#NAME=static-wlp2s0

#UUID=a036678e-8fdf-48f3-8693-961bb6326i744

DEVICE=wlp2s0                                                                                                                                                                                  

Onboot = yes#Open it and set it

IPADDR=172.16.0.1                                                                                                                      

PREFIX=24                                                                                                                                                      

#GATEWAY=192.168.10.254   

#DNS1=127.0.0.1

#DNS2=192.168.10.254

#IPV6_PEERDNS=yes

#IPV6_PEERROUTES=yes

After saving, you need to stop the NetworkManager.service service first. It is best to disable startup, otherwise there will still be problems. The main symptom is that network.service cannot be started when booting.

Prohibit NetworkManager.service service from starting at boot

systemctl disable NetworkManager.service

Stop NetworkManager.service service

systemctl stop NetworkManager.service

To see if it takes effect, you can restart the network.service service or restart the system directly.

systemctl restart network.service

Enable forwarding and configure interface masquerading Enable forwarding

Using sysctl -w will fail after restarting

sysctl -w net.ipv4.ip_forward=1

[root@server ~]# sysctl -w net.ipv4.ip_forward=1

net.ipv4.ip_forward = 1

Enabling IP forwarding will not be invalid after restarting. Use the following method. After the system restarts, the settings in the /etc/sysctl.d/ folder will be automatically loaded.

vi /etc/sysctl.d/ip_forward.conf

[root@server ~]# vi /etc/sysctl.d/ip_forward.conf

net.ipv4.ip_forward = 1

Configure interface camouflage

In CentOS 7, both firewalld and iptables can be used to camouflage interfaces. The firewalld.service service is enabled by default in CentOS 7. The iptables service conflicts with the firewalld service, and only one of them can be enabled.

Use firewalld to configure interface camouflage

If you can use the graphical interface to configure it, it will be simpler and clearer. Here, only the firewalld-cmd command is used for configuration.

If the firewalld.service service is not started, you need to start the firewalld.service service first.

systemctl start firewalld.service

Add the wireless interface to the trust area and save the configuration. By default, all interfaces belong to the public area, and connection restrictions are strict, resulting in inability to connect.

firewall-cmd --zone=trusted --add-interface=wlp2s0 --permanent

[root@server ~]# firewall-cmd --zone=trusted --add-interface=wlp2s0 --permanent

success

Enable masquerading in the area where the wired interface is located and save the configuration. By default, the wired interface belongs to the public area.

firewall-cmd --zone=public --add-masquerade --permanent

[root@server ~]# firewall-cmd --zone=public --add-masquerade --permanent

success

Restart firewalld service

systemctl restart firewalld.service

Use iptables to configure interface camouflage

If you are used to using iptables, you need to install the iptables-services package, which contains the two services iptables.service and ip6tables.service, which are used for ipv4 and ipv6 respectively.

To use iptables, you need to stop and disable the firewalld.service service

systemctl stop firewalld.service

systemctl disable firewalld.service

Enable the iptables.service service again. Because ipv4 is still mainly used, only enable iptables.service. If you use iptables, you also need to set up the iptables.service service at startup.

systemctl enable iptables.service

Start iptables.service service

systemctl start iptables.service

Interface camouflage

iptables -t nat -A POSTROUTING -o p2p1 -j MASQUERADE

Generally speaking, just configure the above command. If the firewall settings are strict, you need to add the wireless network card interface wlp2s0 that allows forwarding.

iptables -t filter -A FORWARD -i wlp2s0 -j ​​ACCEPT

dnsmasq configuration dnsmasq software installation

dnsmasq is mainly responsible for allocating client IP addresses and DNS resolution services.

If it is not installed, install the dnsmasq software first

yum install dnsmasq

Set the dnsmasq service to automatically start at boot

systemctl enable dnsmasq.service

dnsmasq.conf configuration

vi /etc/dmsmasq.conf

[root@server ~]# vi /etc/dnsmasq.conf

# Specify the interface. After specifying, append the lo interface. You can use the '*' wildcard

interface=wlp2s0

# Binding interface

bind-interfaces

# DHCP address pool from 172.16.0.100 to 172.16.0.200

dhcp-range=172.16.0.100,172.16.0.200,255.255.255.0,1h

Starting the dnsmansq service requires that the wireless network card has the correct IP address. dnsmasq will automatically set the current wireless network card address 172.16.0.1 as the client's gateway address and DNS address.

systemctl start dnsmasq.service

Finally restart the hostapd service

systemctl restart hostapd.service

The above is the detailed content of Complete guide to using hostapd implementation on CentOS7 in AP-less mode. For more information, please follow other related articles on the PHP Chinese website!