Sometimes you need a configurable access point on your Fedora desktop. This can be done in a few simple steps:
WARNING: Now comes a lot of code!
1. Install the required software:

yum install hostapd dnsmasq

2. configure your WLAN adapter

First, check if your adapter is online:

[root@seger~]# iwconfig
wlan0 IEEE 802.11bgn ESSID: off/any
Mode: Managed Access Point: Not-Associated Tx-Power=0 dBm
Retry short limit: 7 RTS thr:off Fragment thr:off
Encryption key: off
Power Management: off

lo no wireless extensions.
eth0 no wireless extensions.

Now check if the Network Manager has control over your device:

[root@seger~] # nmcli -p r
======================================
Radio switches
======================================
WIFI-HW WIFI WWAN-HW WWAN
--------------------------------------
enabled enabled enabled disabled

If it is enabled, disable it with the nmcli:

[root@seger~] # nmcli r wifi off

The Network Manager sets the killswitch to “on”, so we need to set it back to off to re-enable wifi outside the NM.

[root@seger~] # rfkill unblock wlan

After this step, we have an active WiFi card without interference from the network manager.

Configure the hostapd

The configuration file is located in /etc/hostapd/hostapd.conf. Here are useful settings to enable WPA2 with TKIP-CCMP:

# Einige verwendbare Standardeinstellungen ...
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
# Kommentieren Sie diese für Basis WPA & WPA2-Unterstützung mit einem Pre-Shared Key
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# NICHT VERGESSEN EIN WPA-PASSPHRASE EINZURICHTEN!!
wpa_passphrase=<Passphrase>
# Die meisten modernen WLAN-Treiber im Kernel benötigen driver=nl80211
driver=nl80211
# Passen Sie diese Einstellungen für Ihre lokale Konfiguration an...
interface=wlan0
hw_mode=g
channel=<CHANNEL>
ssid=<SID des AP>
ieee80211n=1

After that the whole thing can be started:

[root@seger ~] # systemctl start hostapd.service
[root@seger~] # systemctl status hostapd.service
hostapd.service - Hostapd IEEE 802.11 AP, IEEE 802.1X / WPA / WPA2 / EAP / RADIUS Authenticator
Loaded: geladene (/usr/lib/systemd/system/hostapd.service; disabled)
Aktiv: aktiv (läuft), da Fr 2014.08.01 13.24.08 CEST; Vor 4s
Prozess: 12208 ExecStart=/usr/sbin/hostapd/etc/hostapd/hostapd.conf -P /run/hostapd.pid -B (code=exited, status=0/SUCCESS)
Haupt PID: 12209 (hostapd)
CGroup: /system.slice/hostapd.service
└─12209 /usr/sbin/hostapd/etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
1. August 13.24.08 seger systemd[1]: Gestartet Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator.

Configure DNSMASQ

Dnsmasq is a combination DHCP / DNS server with a small memory footprint. The configuration is in /etc/dnsmasq/dnsmasq.conf.
The main configuration options:

server=10.159.14.14 # Upstream DNS

interface=wlan0
dhcp-range=192.168.23.50,192.168.23.150,12h
no-resolv
no-Umfrage

Configure the firewall

Fedora 20 comes with firewalld that can dynamically adjust iptables rules. For our setup, we need to be able to access the outside network, DNS and DHCP access and IP forwarding from wlan0:

# Setzen Sie die Schnittstelle in einer Zone
firewall-cmd --zone=public --add-interface=wlan0
# MASQ Aktivieren für diese Zone
firewall-cmd --zone=public --add-masquerade
# Lassen Sie DHCP
firewall-cmd --zone=public --add-service=dhcp
# Zulassen DNS
firewall-cmd --zone=public --add-service=dns

 

Now connect them all together:

After all services are configured, a small script is enough to run the whole thing:

#!/bin/bash
# WLAN sollte nicht mehr von Network Manager verwaltet werden
nmcli r wifi off
# WLAN Entblocken 
rfkill unblock wlan
# Rufen Sie die Schnittstelle aufifconfig wlan0 192.168.23.1 Netzmaske 255.255.255.0 up
# IP forward aktivieren
## -> bereits aktiviert!
# Setzen Sie die Schnittstelle in einer Zone
firewall-cmd --zone=public --add-interface=wlan0
# MASQ für diese Zone aktivieren
firewall-cmd --zone=public --add-masquerade
# DHCP erlauben
firewall-cmd --zone=public --add-service=dhcp
# DNS erlauben
firewall-cmd --zone=public --add-service=dns
# hostapd und dnsmasq startensystemctl start hostapd.service
systemctl start dnsmasq.service

That’s it, have fun with your WLAN access point!

The following two tabs change content below.

atixadmin