Skip to content
Setting up a Wireless Access Point - NAT Method (internet over wireless interface)
In this tutorial we will show you how to setup your Raspberry Pi as a WiFi Access Point and how to NAT the access point to your wireless internet connection. If you are looking to connect your access point to the internet over a wired internet connection then check out this tutorial here.
We recommend you run through this tutorial with a wired Ethernet connection to make sure you keep an internet connection for installing required packages.
This tutorial will use our Ultra Long Range High Gain WiFi Dongle as an Access Point, and will use the on-board WiFi on the Raspberry Pi 3B+ to connect to the internet. If you have an older Pi, that doesn’t have built in WiFi, you can simply use two USB WiFi dongles.
Let’s start by making sure our Raspbian installation is fully up-to-date
sudo apt-get update sudo apt-get upgrade
Then we can install the software required for this tutorial, hostapd and dnsmasq
sudo apt-get install dnsmasq hostapd
Now we can check to see the names of our WiFi interfaces, as we will need them later on.
ifconfig
You should see a list of network interfaces, including the WiFi interfaces. They will probably be called wlan0 and wlan1
First thing to do, is to setup our internet WiFi connection. To do this, we need to know the SSID and password.
Edit the wpa_supplicant.conf file:
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
and add the following snippet, replacing the details with your own:
network={
ssid="YOUR_NETWORK_SSID"
psk="WIFI_PASSWORD"
}
Now we can setup our access point. First thing to do, is to give the AP a static IP address.
Edit the dhcpcd.conf file:
sudo nano /etc/dhcpcd.conf
and add the following:
interface wlan1
static ip_address=192.168.10.1/24
nohook wpa_supplicant
Next, we need to configure dnsmasq to provide the correct ip address to connections over the AP.
Edit the dnsmasq.conf file:
sudo nano /etc/dnsmasq.conf
and add the following:
interface=wlan1
dhcp-range=192.168.10.2,192.168.10.50,255.255.255.0,24h
server=8.8.8.8
listen-address=127.0.0.1
listen-address=192.168.10.1
Now we need to configure the access point settings.
Edit the hostapd.conf file:
sudo nano /etc/hostapd/hostapd.conf
and add the following:
interface=wlan1 driver=nl80211 ssid=RPi_AP hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=SecurePassword wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Change the following lines as required:
ssid= - This is the name of the network you see when searching for WiFi networks
wpa_passphrase= - This is the password required to connect to the WiFi network (please note, quotes should NOT be used around the password and must be longer than 8 characters, but less than 64)
Once you’ve added that configuration, we need to tell hostapd to use it by default. To do this we need to edit the hostapd defaults file:
sudo nano /etc/default/hostapd
Update the line #DAEMON_CONF to:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Take note that the # has been removed!
Final step is to set hostapd to start up at boot:
sudo systemctl unmask hostapd sudo systemctl enable hostapd
With the AP configuration done, the final steps are to allow traffic to be passed between the two WiFi interfaces.
First, make sure ipv4 ip forwarding is enabled.
Edit the sysctl.conf file:
sudo nano /etc/sysctl.conf
Find the line that reads:
# net.ipv4.ip_forward=1
And uncommend it, by deleting the # symbol
net.ipv4.ip_forward=1
Now we can add an iptable rule:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Save the rules to a file so that we can automatically load the rule on boot:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
To load the file on boot, edit the rc.local file:
sudo nano /etc/rc.local
just before:
exit 0
add:
iptables-restore < /etc/iptables.ipv4.nat
That’s it! Reboot your Raspberry Pi and you should now be able to see a Wireless network called RPi_AP. Connect to it and you should have internet access (assuming the Pi has connected to your main WiFi network)
