Shulou(Shulou.com)06/01 Report--

This article mainly introduces CentOS7 how to use hostapd to achieve no AP model, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.

This article is another way to realize the AP mode of wireless access point using hostapd under linux: hostapd route pattern configuration.

For the basic configuration of hardware and software and the installation of hostapd in the first half of "hostapd AP Mode configuration of CentOS 7", you can take a look at that article first and then this article.

The AP mode configuration of hostapd needs to bridge the wired network card and the wireless network card, so the routing mode configuration is mainly to camouflage and forward the data of the wireless network card through the wired network card, so it is no longer necessary to bridge the wired and wireless network cards.

The configuration of this routing mode is similar to an ordinary wireless router, the wired network port is equivalent to the WAN interface of the ordinary wireless router, and the wireless network card is responsible for sending broadcast wireless signals for the wireless devices of mobile phones and notebooks to access the network.

But there is also a difference is that compared with ordinary wireless routers, this implementation does not have four common LAN interfaces and can not be wired for other desktops.

In fact, as a network-based operating system, linux can also be connected, but it needs devices such as switches, which will be more complicated. My configuration here is like an ordinary wireless router without four LAN interfaces.

Hostapd.conf configuration

Here is just a minimized configuration:

# / etc/hostapd/hostapd.conf minimized configuration

Interface=wlp2s0

# bridge=br0 # you no longer need to bridge, just comment this line

Driver=nl80211

Ssid=test

Hw_mode=g

Channel=1

Auth_algs=3

Ignore_broadcast_ssid=0 # whether to broadcast, 0 broadcast

Wpa=3

Wpa_passphrase=12345678 # Wireless connection password

The configuration is similar to the AP mode configuration file, as long as the bridge=br0 option is commented out.

Wired interface configuration

First of all, we need to configure the wired interface correctly and surf the Internet normally. The easiest way is to automatically get IP addresses, gateways, and DNS from the router. If there is no router, it is necessary to manually set the Internet access mode of the wired interface, such as the commonly used PPPOE mode, static IP address mode, dynamic IP address mode and so on. Anyway, it's easiest to get IP addresses dynamically.

Wireless interface settings using the ip addr add command

Use the ip addr add command to set the IP address of the wireless network card, which will fail after restart. For example, 172.16.0.1 Compact 24 or other private address, and do not be on the same network segment as the wired network card. The IP address obtained by the general wired network card from the router is the 192.168.1.0 and24 network segment address.

Ip addr add 172.16.0.1/24 dev wlp2s0

Tip: at present, CentOS 7 uses the NetworkManager suite as a network configuration tool by default. A problem encountered here is that the nmcli command provided by the NetworkManager suite does not support setting a static IP address for the wireless network card, so you need to use the ip addr add command to manually set the IP address of the wireless network card or create a new configuration file under the / etc/sysconfig/network-scripts/ folder, which is an old and classic way of interface configuration.

Use Network Profil

If you want to save settings, you can create a new file / etc/sysconfig/network-scripts/ifcfg-static-wlp2s0 with the file name prefixed with ifcfg.

Vi / etc/sysconfig/network-scripts/ifcfg-static-wlp2s0

[root@server ~] # vi / etc/sysconfig/network-scripts/ifcfg-static-wlp2s0

# TYPE=Ethernet

# BOOTPROTO=none

# DEFROUTE=yes

# IPV4_FAILURE_FATAL=no

# IPV6INIT=yes

# IPV6_AUTOCONF=yes

# IPV6_DEFROUTE=yes

# IPV6_FAILURE_FATAL=no

# NAME=static-wlp2s0

# UUID=a036678e-8fdf-48f3-8693-961bb6326i744

DEVICE=wlp2s0 # specify the interface of the wireless network card

ONBOOT=yes # set up as soon as you turn it on

IPADDR=172.16.0.1 # specify IP address

PREFIX=24 # specify mask length

# GATEWAY=192.168.10.254 # others do not need to be commented out

# DNS1=127.0.0.1

# DNS2=192.168.10.254

# IPV6_PEERDNS=yes

# IPV6_PEERROUTES=yes

After saving, you need to stop the NetworkManager.service service first, it is best to disable boot, otherwise there will still be problems. The main performance is that the network.service cannot be started when booting up.

Disable NetworkManager.service service startup

Systemctl disable NetworkManager.service

Stop the NetworkManager.service service

Systemctl stop NetworkManager.service

I want to see if it works to restart the network.service service or restart the system directly.

Systemctl restart network.service

Enable forwarding and configure interface masquerade to enable forwarding

It will fail after restarting using sysctl-w

Sysctl-w net.ipv4.ip_forward=1

[root@server ~] # sysctl-w net.ipv4.ip_forward=1

Net.ipv4.ip_forward = 1

Enable IP forwarding restart will not fail using the following method, the system restart will automatically load the settings under the / etc/sysctl.d/ folder.

Vi / etc/sysctl.d/ip_forward.conf

[root@server ~] # vi / etc/sysctl.d/ip_forward.conf

Net.ipv4.ip_forward = 1

Configure interface camouflage

Interface camouflage can be achieved with both firewalld and iptables in CentOS 7. The firewalld.service service is enabled by default in CentOS 7. The iptables service and the firewalld service conflict, and only one of them can be enabled.

Configure interface camouflage using firewalld

It's even simpler if you can configure it using a graphical interface, which is only configured using the firewalld-cmd command.

If the firewalld.service service is not started, you need to start the firewalld.service service first.

Systemctl start firewalld.service

Add the wireless interface to the trust area and save the configuration. By default, all interfaces belong to the public area, and the connection restrictions are relatively strict, which will cause them to fail to connect.

Firewall-cmd-zone=trusted-add-interface=wlp2s0-permanent

[root@server] # firewall-cmd-zone=trusted-add-interface=wlp2s0-permanent

Success

Enable masquerading for the area where the wired interface is located, and save the configuration, which belongs to the public area by default.

Firewall-cmd-zone=public-add-masquerade-permanent

[root@server] # firewall-cmd-zone=public-add-masquerade-permanent

Success

Restart the firewalld service

Systemctl restart firewalld.service

Configure interface camouflage using iptables

If you are used to using iptables, you need to install the iptables-services package, which contains two services, iptables.service and ip6tables.service, for ipv4 and ipv6, respectively.

To use iptables, you need to stop and disable the firewalld.service service

Systemctl stop firewalld.service

Systemctl disable firewalld.service

Then enable the iptables.service service, because currently you are still mainly using ipv4, so you can only enable iptables.service. If you use iptables, you also need to set up the boot to start the iptables.service service.

Systemctl enable iptables.service

Start the iptables.service service

Systemctl start iptables.service

Interface camouflage

Iptables-t nat-A POSTROUTING-o p2p1-j MASQUERADE

Generally speaking, it is OK to configure the above commands. If the firewall setting is relatively strict, you need to add the interface wlp2s0 that allows wireless network card to be forwarded.

Iptables-t filter-A FORWARD-I wlp2s0-j ACCEPT

Dnsmasq configuration dnsmasq software installation

Dnsmasq is mainly responsible for assigning client IP addresses and DNS resolution services.

Install dnsmasq software first if it is not installed

Yum install dnsmasq

Set the boot to start the dnsmasq service automatically

Systemctl enable dnsmasq.service

Dnsmasq.conf configuration

Vi / etc/dmsmasq.conf

[root@server ~] # vi / etc/dnsmasq.conf

# specify the interface, and append the lo interface at the same time. You can use the'* 'wildcard

Interface=wlp2s0

# bind API

Bind-interfaces

# DHCP address pool from 172.16.0.100 to 172.16.0.200

Dhcp-range=172.16.0.100172.16.0.200255.255.255.0,1h

Starting the dnsmansq service requires that the wireless network card has set the ip address correctly. Dnsmasq automatically sets the current wireless card address 172.16.0.1 to the gateway address and DNS address of the client.

Systemctl start dnsmasq.service

Finally restart the hostapd service

Systemctl restart hostapd.service

Thank you for reading this article carefully. I hope the article "how CentOS7 uses hostapd to achieve AP-free mode" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.