I have been using a Netgear N600 router with Dual Band Wi-Fi (2.4 & 5 GHz) for a little over a year now and I don’t have any problems with it :) However, I’ve been reading about Wi-Fi network interference lately … this has inspired me to start playing with Wi-Fi interference with my home lab. I recently purchased a Raspberry Pi 3B+ that has Dual Band Wi-Fi, so I now have the perfect opportunity to start playing :)
But, before I can start testing out Wi-Fi interference, I’ll need to set up a Wireless Access Point for my Pi. This is actually a pretty involved process, so I’ll be working from this tutorial. Before I continue, I’d like to explain some concepts that will be used throughout this project.
Iptables are a set of rules used by a Linux firewall to determine how packets (data) get treated. Network Address Translation (NAT) allows a group of private IP addresses to be treated as a single IP address when communicating with the internet; I’ll eventually talk about the limited IP addresses for IPv4 and why it’s important … you could Google that if you don’t already know about it. Finally, in the context of NAT, masquerade is an algorithm used to convert between the private IP address space and the publicly assigned IP address.
Coming back to the tutorial, the first thing I’ll be doing is making sure my Raspbian OS is up-to-date.
sudo apt-get update sudo apt-get upgrade
Next up, I’ll be grabbing the software packages that are required for creating a WAP with a Raspberry Pi: dnsmasq & hostapd. Dnsmasq is a low-resource DNS and DHCP server. Hostapd allows regular network interface cards to be treated as access points.
sudo apt-get install dnsmasq hostapd
^Those software packages haven’t been configured, so I don’t want them to be running yet. Also, I’m rebooting just to keep things fresh.
sudo systemctl stop dnsmasq sudo systemctl stop hostapd sudo reboot
IP addresses change on reboot and the wireless access point needs to be at the same IP address (so devices can stay on it), so I need to give my Pi a static IP address. I’ll be doing that by making a dhcpcd configuration file. Nano is a common text editor, BTW.
# This opens *or* creates the configuration file sudo nano /etc/dhcpcd.conf # this is the config info that I added to the end of the file interface wlan0 static ip_address=192.168.4.1/24 nohook wpa_supplicant
The changes won’t take effect until the service is restarted, so …
sudo service dhcpcd restart
I’m about to make changes to the dnsmas configuration file, so I’ll be saving an original copy just in case ;)
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig sudo nano /etc/dnsmasq.conf
Here’s the new code for the dnsmasq config file:
interface=wlan0 # Use the require wireless interface - usually wlan0 dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h
^It’s now set up to provide IP addresses between 192.168.4.2 and 192.168.4.20 AND the IP addresses will only be good for 24 hours.
But how do I set up the Wi-Fi name, password & GHz info?!? With another configuration file! Here I’m adding more specifications for the hostapd configuration file. Please don’t use my password to hax my network, lol ;)
interface=wlan0 driver=nl80211 ssid=NameOfNetwork hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=AardvarkBadgerHedgehog wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
The current DAEMON_CONF is set to a blank string, so the Pi doesn’t know where the hostapd file is. This new addition tells my Raspberry where the hostapd configuration file is:
This is where the tutorial fails me! I get an error about not being able to start the hostapd service because it is “masked.”
pi@raspberrypi:~ $ sudo systemctl start hostapd Failed to start hostapd.service: Unit hostapd.service is masked. pi@raspberrypi:~ $ sudo systemctl start dnsmasq
Thankfully, I know how to Google around ;) Another user experienced the same problem, explaining it here. I ran their commands and that set things right :)
sudo systemctl unmask hostapd sudo systemctl enable hostapd sudo systemctl start hostapd
Now I add the masquerade algorithm for outbound traffic on eth0 (eth0 is ethernet 0 in UNIX-based systems).
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This is me saving the iptables rule.
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
Now I edit the /etc/rc.local file so that the previously added rules run after a reboot.
pi@raspberrypi:~ $ sudo nano /etc/rc.local # add this line above the "exit 0" iptables-restore < /etc/iptables.ipv4.nat # reboot the system pi@raspberrypi:~ $ sudo reboot
I should now be seeing a net Wi-Fi access point … YES! I did a search on my phone and, there it is!!!
^BUT, that network doesn’t have access to the internet because I haven’t yet bridged the Raspberry Pi’s ethernet connection to it’s new Wi-Fi access point. I’ll need the bridge-utils to make that happen …
sudo apt-get install bridge-utils
I’m gonna turn off the host access point until it’s properly configured.
sudo systemctl stop hostapd
I then added these two lines to the end of the /etc/dhcpdd config file, BUT the lines were added above the previously added interface lines.
# I used "sudo nano /etc/dhcpcd.conf" to open the file # then I added these lines denyinterfaces wlan0 denyinterfaces eth0
Here’s how I added a bridge named br0:
sudo brctl addbr br0
This line connects the eth0 and the br0 network ports:
sudo brctl addif br0 eth0
Next up, I needed to make some edits to make the interfaces work with bridging. I opened the interfaces file with:
sudo nano /etc/network/interfaces
These are the changes that I made to the end of that file:
# Bridge setup auto br0 iface br0 inet manual bridge_ports eth0 wlan0
Finally, I configured the hostapd configuration file again to include this new br0 connection … this means that devices connecting to the WAP will have access to the bridged ethernet internet connection! Here’s how I opened the configuration file:
pi@raspberrypi:~ $ sudo nano /etc/hostapd/hostapd.conf
These are the lines that I edited … note that I have changed the SSID to be “DavidWiFiTest” … I wanna try out underscores, but I don’t know if those are allowed … it’s 1:37 AM, so that can wait, lol.
interface=wlan0 bridge=br0 #driver=nl80211 ssid=DavidWiFiTest hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=AardvarkBadgerHedgehog wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
^All of the edits are now in place, so it’s time for a final reboot to run the relevant changes.
annnnnnnnndddddd …. YESSSSSSS! My new Wi-Fi access point is available AND, this time, it now gives attached devices access to it’s internet connection!!!