Home >System Tutorial >LINUX >Complete guide to using hostapd implementation on CentOS7 in AP-less mode
This article is another way to implement wireless access point AP mode using hostapd under Linux: hostapd routing mode configuration.
The basic configuration of software and hardware and the installation of hostapd are explained in the first half of "CentOS 7 Hostapd AP Mode Configuration". You can read that article first and then read this article.
hostapd's AP mode configuration requires bridging of wired network cards and wireless network cards. The routing mode configuration mainly involves camouflaging and forwarding the data of the wireless network card through the wired network card, so there is no need to combine the wired and wireless network cards. Make a bridge.
Configuring this routing mode is similar to an ordinary wireless router. The wired network port is equivalent to the WAN interface of an ordinary wireless router. The wireless network card is responsible for sending broadcast wireless signals for wireless devices such as mobile phones and laptops to access the network to achieve network access. .
But the difference is that compared with ordinary wireless routers, this implementation does not have four ordinary LAN interfaces and cannot be used for wired connections by other desktop computers.
In fact, Linux, as an operating system with mainly network functions, can also be connected, but it requires switches and other equipment, which will be more complicated. My configuration here is just like a regular wireless router without four LAN interfaces.
hostapd.conf configuration
Here is just a minimal configuration:
#/etc/hostapd/hostapd.conf Minimum configuration
interface=wlp2s0
#bridge=br0
#driver=nl80211ssid=test
hw_mode=g
channel=1
auth_algs=3
ignore_broadcast_ssid=0 # Whether to broadcast, 0 broadcast
wpa=3
wpa_passphrase=12345678
The configuration is similar to the AP mode configuration file, just comment out the bridge=br0 option.
Wired interface configurationFirst we need to configure the wired interface correctly and be able to access the Internet normally. The simplest way is to automatically obtain the IP address, gateway, and DNS from the router. If there is no router, you need to manually set the Internet access method of the wired interface, such as the commonly used PPPOE method, static IP address method, dynamic IP address acquisition method, etc. Anyway, it is easiest to obtain the IP address dynamically.
Wireless interface settings use ip addr add commandUse the ip addr add command to set the IP address of the wireless network card. It will become invalid after restarting. For example, 172.16.0.1/24 or other private addresses, and do not be in the same network segment as the wired network card. Generally, the IP address obtained by the wired network card from the router is the 192.168.1.0/24 network segment address.
ip addr add 172.16.0.1/24 dev wlp2s0
Tips: CentOS 7 currently uses the NetworkManager suite as the network configuration tool by default. One problem encountered here is that the nmcli command provided by the NetworkManager suite does not support setting a static IP address for the wireless network card. Therefore, you need to use the ip addr add command to manually set the IP address of the wireless network card or in /etc/sysconfig/network Create a new configuration file under the -scripts/ folder. This is an older and classic interface configuration method.
Using network configuration filesIf you want to save the settings, you can create a new file /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0, and the file name is prefixed with ifcfg.
vi /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0
[root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-static-wlp2s0
#TYPE=Ethernet
#BOOTPROTO=none
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
#IPV6INIT=yes
#IPV6_AUTOCONF=yes
#IPV6_DEFROUTE=yes
#IPV6_FAILURE_FATAL=no
#NAME=static-wlp2s0
#UUID=a036678e-8fdf-48f3-8693-961bb6326i744
DEVICE=wlp2s0
Onboot = yes#Open it and set itIPADDR=172.16.0.1
PREFIX=24
#GATEWAY=192.168.10.254#DNS1=127.0.0.1
#DNS2=192.168.10.254
#IPV6_PEERDNS=yes
#IPV6_PEERROUTES=yes
After saving, you need to stop the NetworkManager.service service first. It is best to disable startup, otherwise there will still be problems. The main symptom is that network.service cannot be started when booting.
Prohibit NetworkManager.service service from starting at boot
systemctl disable NetworkManager.service
Stop NetworkManager.service service
systemctl stop NetworkManager.service
To see if it takes effect, you can restart the network.service service or restart the system directly.
systemctl restart network.service
Enable forwarding and configure interface masquerading Enable forwardingUsing sysctl -w will fail after restarting
sysctl -w net.ipv4.ip_forward=1
[root@server ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
Enabling IP forwarding will not be invalid after restarting. Use the following method. After the system restarts, the settings in the /etc/sysctl.d/ folder will be automatically loaded.
vi /etc/sysctl.d/ip_forward.conf
[root@server ~]# vi /etc/sysctl.d/ip_forward.conf
net.ipv4.ip_forward = 1
Configure interface camouflageIn CentOS 7, both firewalld and iptables can be used to camouflage interfaces. The firewalld.service service is enabled by default in CentOS 7. The iptables service conflicts with the firewalld service, and only one of them can be enabled.
Use firewalld to configure interface camouflageIf you can use the graphical interface to configure it, it will be simpler and clearer. Here, only the firewalld-cmd command is used for configuration.
If the firewalld.service service is not started, you need to start the firewalld.service service first.
systemctl start firewalld.service
Add the wireless interface to the trust area and save the configuration. By default, all interfaces belong to the public area, and connection restrictions are strict, resulting in inability to connect.
firewall-cmd --zone=trusted --add-interface=wlp2s0 --permanent
[root@server ~]# firewall-cmd --zone=trusted --add-interface=wlp2s0 --permanent
success
Enable masquerading in the area where the wired interface is located and save the configuration. By default, the wired interface belongs to the public area.
firewall-cmd --zone=public --add-masquerade --permanent
[root@server ~]# firewall-cmd --zone=public --add-masquerade --permanent
success
Restart firewalld service
systemctl restart firewalld.service
Use iptables to configure interface camouflageIf you are used to using iptables, you need to install the iptables-services package, which contains the two services iptables.service and ip6tables.service, which are used for ipv4 and ipv6 respectively.
To use iptables, you need to stop and disable the firewalld.service service
systemctl stop firewalld.service
systemctl disable firewalld.service
Enable the iptables.service service again. Because ipv4 is still mainly used, only enable iptables.service. If you use iptables, you also need to set up the iptables.service service at startup.
systemctl enable iptables.service
Start iptables.service service
systemctl start iptables.service
Interface camouflage
iptables -t nat -A POSTROUTING -o p2p1 -j MASQUERADE
Generally speaking, just configure the above command. If the firewall settings are strict, you need to add the wireless network card interface wlp2s0 that allows forwarding.
iptables -t filter -A FORWARD -i wlp2s0 -j ACCEPT
dnsmasq configuration dnsmasq software installationdnsmasq is mainly responsible for allocating client IP addresses and DNS resolution services.
If it is not installed, install the dnsmasq software first
yum install dnsmasq
Set the dnsmasq service to automatically start at boot
systemctl enable dnsmasq.service
dnsmasq.conf configurationvi /etc/dmsmasq.conf
[root@server ~]# vi /etc/dnsmasq.conf
# Specify the interface. After specifying, append the lo interface. You can use the '*' wildcard
interface=wlp2s0
# Binding interface
bind-interfaces
# DHCP address pool from 172.16.0.100 to 172.16.0.200
dhcp-range=172.16.0.100,172.16.0.200,255.255.255.0,1h
Starting the dnsmansq service requires that the wireless network card has the correct IP address. dnsmasq will automatically set the current wireless network card address 172.16.0.1 as the client's gateway address and DNS address.
systemctl start dnsmasq.service
Finally restart the hostapd service
systemctl restart hostapd.service
The above is the detailed content of Complete guide to using hostapd implementation on CentOS7 in AP-less mode. For more information, please follow other related articles on the PHP Chinese website!