If at first you don’t succeed try, try again … Dispite the fact that I did succeed in turning my Raspberry Pi into a wireless access point by bridging the two network interfaces this is not the best solution and I was still puzzled by the fact that I had not been able to get it to work using the original instructions here.
There were several different problems.
- The client wasn’t getting a dhcp address, proabably because I’d mis-configured dnsmasq somewhere, or the ports on the firewall were blocked – I eventually just disabled the firewall.
- Using isc-dhcp-server instead of dnsmasq I managed to conenct but still could not ping anything through the wireless access point as packets were not being forwarded.
- Everything stopped working when I re-enabled the firewall – even though I thought Id opened up the necessary ports from the wireless network.
I decided to start again from scratch using the debian wiki page and sample configuration file for guidance. I’m still not quite sure why the client did not get a DHCP address originally but I got it to work this time.
Install the firmware
As before to enable wireless networking you need to install the appropriate firmware for your wireless card from the non-free repository.
To do this you need to be running as root.
$ su Password:
$ sudo -i Password:
Then add the non-free repository to the list of repositories that will be used when installing new packages.
# vi /etc/apt/sources.list
# /etc/apt/sources.list # deb http://archive.raspbian.org/raspbian/ wheezy main non-free : : :
# /etc/apt/sources.list # deb http://ftp.uk.debian.org/debian/ squeeze main contrib non-free # deb-src http://ftp.uk.debian.org/debian/ squeeze main : : :
Then update the local package lists, and install the firmware for the wireless adaptor.
# apt-get update : : : Reading package lists... Done #
To help identify the type of wireless network card you are using you can list all the devices that are recognised using lsusb or lspci. My Raspberry Pi has a USB Nano 150 wireless adaptor with a Ralink chipset
# lsusb Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. Bus 001 Device 004: ID 148f:5370 Ralink Technology. RT5370 Wireless Adapter
# apt-get install firmware-ralink Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: initramfs-tools linux-image The following NEW packages will be installed: firmware-ralink 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/21.4 kB of archives. After this operation, 96.3 kB of disk space will be used. : : : #
In my PC running Debian I have a BELKIN Wireless Desktop Network Card with a Broadcom 4306 chipset.
# lspci 00:00.0 Host bridge:Intel 82865G/PE/P DRAM Controller Interface 00:02.0 VGA compatible controller:Intel 82865G Graphics Controller 00:06.0 System peripheral:Intel 82865G/PE/P I/O Memory Interface 00:1f.0 ISA bridge:Intel 82801EB/ER LPC Interface Bridge 00:1f.1 IDE interface:Intel 82801EB/ER IDE Controller 00:1f.2 IDE interface:Intel 82801EB SATA Controller 00:1f.3 SMBus:Intel 82801EB/ER SMBus Controller 05:02.0 Ethernet controller:Broadcom NetXtreme BCM5782 Ethernet 05:04.0 Network controller:Broadcom BCM4306 802.11b/g Wireless LAN
The firmware for this card must be downloaded separately using an installer, the process is a little different but we will still use apt to start the installation.
# apt-get install firmware-b43-installer Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: b43-fwcutter bzip2 Suggested packages: bzip2-doc The following NEW packages will be installed: b43-fwcutter bzip2 firmware-b43-installer 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 52.6 kB/68.7 kB of archives. After this operation, 287 kB of disk space will be used. Do you want to continue [Y/n]? Y : : : Setting up firmware-b43-installer (184.108.40.206-4) ... Resolving mirror2.openwrt.org... 220.127.116.11 Connecting to mirror2.openwrt.org|18.104.22.168|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3888794 (3.7M) [application/x-bzip2] Saving to: `broadcom-wl-22.214.171.124.tar.bz2' 100% [============================>] 3,888,794 632K/s in 5.9s `broadcom-wl-126.96.36.199.tar.bz2' saved [3888794/3888794] This file is recognised as: ID : FW13 filename : wl_apsta_mimo.o version : 410.2160 MD5 : cb8d70972b885b1f8883b943c0261a3c Extracting b43/pcm5.fw Extracting b43/ucode15.fw : : : Extracting b43/b0g0initvals5.fw #
Enable the wireless interface
Next we need to install the wireless tools and can then check that the wireless network interface has been detected.
# apt-get install wireless-tools Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libiw30 The following NEW packages will be installed: libiw30 wireless-tools 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 168 kB of archives. After this operation, 385 kB of disk space will be used. Do you want to continue [Y/n]? Y : : :
To check that the wireless interface is detected
# iwconfig wlan0 IEEE 802.11bgn ESSID:off/any Mode:Managed Access Point:Not-Associated Tx-Power=0dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on lo no wireless extensions. eth0 no wireless extensions.
If there is not an entry corresponding to your wireless network then your wireless device is not supported. You may find that upgrading to a newer kernel (using apt-get upgrade), or newer Linux release solves this problem.
Configure the network
You now need to give the wireless network a fixed address – using a different subnet from the one you have used for your LAN. In this case my network addresses all look like 192.168.0.x so I’m using 192.16.1.x for the wireless network.
# vi /etc/network/interfaces
#/etc/network/interfaces # # This file describes the network interfaces available on # your system and how to activate them. For more information, # see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp # Wireless interface auto wlan0 iface wlan0 inet static address 192.168.1.254 netmask 255.255.255.0
Now reboot for these changes to take effect and then check that the wireless interface has been configured with the correct address.
$ su Password: # ifconfig eth0 Link encap:Ethernet HWaddr 00:40:ca:75:fe:91 inet addr:192.168.0.64 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::240:caff:fe75:fe91/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5465 (5.3 KiB) TX bytes:5829 (5.6 KiB) Interrupt:20 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wlan0 Link encap:Ethernet HWaddr 00:11:50:06:d0:e8 inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Install and configure the Access Point
Now that we know the wireless network is working was can install the access point package and configure it.
# apt-get install hostapd Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libnl1 The following NEW packages will be installed: hostapd libnl1 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 451 kB of archives. After this operation, 1,200 kB of disk space will be used. Do you want to continue [Y/n]? Y : : : Setting up hostapd (1:0.6.10-2+squeeze1) ...
Configure the wireless access point properties, using your own ssid and password.
Note – Don’t make the password too long initially as I found a long password didn’t work, you can always change it later when you know everything is working.
# vi /etc/hostapd/hostapd.conf
# /etc/hostapd/hostapd.conf # # /etc/hostapd/hostapd.conf # interface=wlan0 driver=nl80211 hw_mode=b channel=1 ssid=private auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=TKIP wpa_passphrase=Password #ieee80211n=1
I’ve commented out the last line as the BELKIN card doesn’t support 802.11n. Next we need to configure it to start automatically at boot.
# vi /etc/default/hostapd
# /etc/default/hostapd # # Defaults for hostapd initscript # DAEMON_CONF="/etc/hostapd/hostapd.conf"
Then reboot for the changes to take effect…
Install and configure a DHCP server
We will use dnsmasq to allocate network addresses to the clients as this is a lightweight server designed to provide DNS, DHCP and TFTP services to a small-scale network. (We could use other packages to provide DHCP if we wanted to, so long as the clients know the address of a valid name server).
# apt-get install dnsmasq Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: dnsmasq-base libdbus-1-3 libidn11 Suggested packages: resolvconf Recommended packages: dbus The following NEW packages will be installed: dnsmasq dnsmasq-base libdbus-1-3 libidn11 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/609 kB of archives. After this operation, 1,565 kB of disk space will be used. Do you want to continue [Y/n]? Y : : : Setting up dnsmasq-base (2.55-2+b1) ... Setting up dnsmasq (2.55-2) ... Starting DNS forwarder and DHCP server: dnsmasq.
Then we need to configure it to listen on for requests on the wireless network interface, and use the correct range of addresses. This is a very large file, double-check that you are modifying the right entries.
# vi /etc/dnsmasq.conf
# Configuration file for dnsmasq. # : : : # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=wlan0 : : # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and # optionally a lease time. If you have more than one network, # you will need torepeat this for each network on which you # want to supply DHCPservice. dhcp-range=192.168.0.128,192.168.0.191,4h
Configure the firewall
To allow DHCP requests from the clients we need to open up the following ports. Note, that I’m not filtering incoming packets using the source address as the client does get an address utill the DHCP request is satisfied.
# ufw allow in on wlan0 from any port 68 to any port 67 proto udp
We also need to enable DNS queries on port 53 (both tcp and udp), these will be forwarded to the DNS server on eth0 by dnsmasq.
# ufw allow in on wlan0 from 192.168.0.0/24 to any port 53
Check the firewall settings, there may be other entries particularly, if you are connecting remotely using ssh.
# ufw status Status: active To Action From -- ------ ---- 67/udp on wlan0 ALLOW 68/udp 53 on wlan0 ALLOW 192.168.0.0/24
To allow clients connected to the wireless network to access the rest of the wired network we need to enable forwarding and configure NAT so that packets can be sent through the router.
To enable forwarding uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf.
# vi /etc/sysctl.conf
# /etc/sysctl.conf # net.ipv4.ip_forward=1
Since we are already using UFW we can use this to enable forwarding can be done by adding the necessary rules to /etc/ufw/after.rules. Three rules are required.
- The first rule enables the forwarding of packets for new connections;
- The second rule enables the forwarding of packets for established connections;
- The the rule enables NAT.
The first two they can both be inserted into the existing rule table, just before the COMMIT.
# vi /etc/ufw/after.rules
# /etc/ufw/after.rules # : : : # Enable Port forwarding -A FORWARD -o eth0 -i wlan0 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # All one line. -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT
The third rule needs to be added to the end of the file in a separate rule table.
# vi /etc/ufw/after.rules
# /etc/ufw/after.rules # : : : # Enable NAT *nat :POSTROUTING ACCEPT [0:0] # Forward traffic through eth0 - Change to match you out-interface -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE COMMIT
You need to reboot for these changes to take effect.
Check that both the required processes are running.
# ps -A|grep -e hostapd -e dnsmasq 1084 ? 00:00:00 hostapd 1096 ? 00:00:00 dnsmasq
If one of the processes is not running you will need to review the console output to see if there are any error messages, or you can login as root and try to start them manually.
# /etc/init.d/hostapd start # /etc/init.d/dnsmasq start
Starting hostapd interactively with the debug option may also help identify what is wrong.
# hostapd -d /etc/hostapd/hostapd.conf
Raspberry Pi is a trademark of the Raspberry Pi Foundation