internet sharing with create_ap

mfaridi · 2013-08-03 11:36:25

I have two lan card one of them is

root@mfaridi mostafa]# ifconfig
enp0s10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.57  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::21b:fcff:fef2:9b19  prefixlen 64  scopeid 0x20<link>
        ether 00:1b:fc:f2:9b:19  txqueuelen 1000  (Ethernet)
        RX packets 11899  bytes 6236662 (5.9 MiB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 10126  bytes 13236913 (12.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and one of them is wireless and it is this

[root@mfaridi mostafa]# iwconfig
wlp1s7    IEEE 802.11bg  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

my lan card get internet from ADSL modem with cable and my lan card connect to ADSL midem with cable. and I want share internet with wirless lan card and other device like my phone and my ipod touch can use internet

so I install hostapd with pacman and this is my config

ssid=faridi
wpa_passphrase=123456789
interface=wlan0
bridge=br0
auth_algs=3
channel=7
driver=nl80211
hw_mode=g
logger_stdout=-1
logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

and I run this package by systemctl and run this

systemctl enable hostapd.service

and after that I run this command

sysctl net.ipv4.ip_forward=1

and edit

/etc/sysctl.conf

and put this in it

net.ipv4.ip_forward=1

and after this Irun this command

iptables -t nat -A POSTROUTING -o enp0s10  -j MASQUERADE

and after this I do this

iptables-save > /etc/iptables/iptables.rules

and then Irun this command

systemctl start iptables

and then i run this command

systemctl enable iptables.service

and then I run this cammand

systemctl enable dhcpd4.service

and after that Irun this command

ip link set up dev wlp1s7

and after that I run this

ip addr add 139.96.30.100/24 dev wlp1s7 # arbitrary address

and then run this

mv /etc/dhcpd.conf /etc/dhcpd.conf.example

and put these in dhcpd.conf

# Using the google's dns in the example.
# Change it to 139.96.30.100 if you have a dns server installed
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 139.96.30.100;
subnet 139.96.30.0 netmask 255.255.255.0 {
  range 139.96.30.150 139.96.30.250;
}

but when I run this script

#!/bin/bash

# dependencies:
#    bash (to run this script)
#    util-linux (for getopt)
#    hostapd
#    dnsmasq
#    iptables
#    iproute2
#    haveged (optional)

usage() {
    echo "Usage: $(basename $0) [options] <wifi-interface> <interface-with-internet> <access-point-name> [<passphrase>]"
    echo
    echo "Options:"
    echo "  -h, --help          Show this help"
    echo "  -c <channel>        Channel number (default: 1)"
    echo "  -w <WPA version>    Use 1 for WPA, use 2 for WPA2, use 1+2 for both (default: 1+2)"
    echo "  -g <gateway>        IPv4 Gateway for the Access Point (default: 192.168.12.1)"
    echo "  -d                  DNS server will take into account /etc/hosts (default: disabled)"
    echo
    echo "Example:"
    echo "  $(basename $0) wlan0 eth0 MyAccessPoint MyPassPhrase"
}

get_macaddr() {
    ip link show "$1" | sed -n 's/.*ether \([0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]\) .*/\1/p'
}

ARGS=$(getopt -o hc:w:g:d -l "help" -n $(basename $0) -- "$@")
[[ $? -ne 0 ]] && exit 1
eval set -- "$ARGS"

CHANNEL=1
GATEWAY=192.168.12.1
WPA_VERSION=1+2
ETC_HOSTS=0

while :; do
    case "$1" in
	-h|--help)
	    usage
	    exit 1
	    ;;
	-c)
	    shift
	    if [[ -n "$1" ]]; then
		CHANNEL="$1"
		shift
	    fi
	    ;;
	-w)
	    shift
	    if [[ -n "$1" ]]; then
		WPA_VERSION="$1"
		shift
	    fi
	    ;;
	-g)
	    shift
	    if [[ -n "$1" ]]; then
		GATEWAY="$1"
		shift
	    fi
	    ;;
	-d)
	    shift
	    ETC_HOSTS=1
	    ;;
	--)
	    shift
	    break
	    ;;
    esac
done

if [[ $# -ne 3 && $# -ne 4 ]]; then
    usage
    exit 1
fi

WIFI_IFACE=$1
INTERNET_IFACE=$2
SSID=$3
PASSPHRASE=$4

if [[ $(id -u) -ne 0 ]]; then
    echo "You must run it as root."
    exit 1
fi

CONFDIR=$(mktemp -d /tmp/create_ap.${WIFI_IFACE}.conf.XXXXXXXX)
echo "Config dir: $CONFDIR"

# hostapd config
cat << EOF > $CONFDIR/hostapd.conf
ssid=${SSID}
interface=${WIFI_IFACE}
driver=nl80211
hw_mode=g
channel=${CHANNEL}

ctrl_interface=$CONFDIR/hostapd_ctrl
ctrl_interface_group=0
EOF

if [[ -n "$PASSPHRASE" ]]; then
    [[ "$WPA_VERSION" == "1+2" || "$WPA_VERSION" == "2+1" ]] && WPA_VERSION=3
    cat << EOF >> $CONFDIR/hostapd.conf
wpa=${WPA_VERSION}
wpa_passphrase=$4
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
EOF
fi

# dnsmasq config (dhcp + dns)
cat << EOF > $CONFDIR/dnsmasq.conf
interface=${WIFI_IFACE}
bind-interfaces
dhcp-range=${GATEWAY%.*}.1,${GATEWAY%.*}.254,255.255.255.0,24h
dhcp-option=option:router,${GATEWAY}
EOF

[[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf

# enable interface
ip link set down dev ${WIFI_IFACE}
ip addr flush ${WIFI_IFACE}
ip link set up dev ${WIFI_IFACE}
ip addr add ${GATEWAY}/24 dev ${WIFI_IFACE}

# enable NAT
iptables -t nat -A POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
iptables -A FORWARD -i ${WIFI_IFACE} -j ACCEPT
OLD_IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
echo 1 > /proc/sys/net/ipv4/ip_forward

# boost low-entropy
if [[ $(cat /proc/sys/kernel/random/entropy_avail) -lt 1000 ]]; then
    which haveged > /dev/null 2>&1 && {
	haveged -w 1024 -p $CONFDIR/haveged.pid
    }
fi

# start dns + dhcp server
dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid

# start access point
echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
hostapd $CONFDIR/hostapd.conf || {
    echo
    echo "Hostapd failed to run, maybe a program is interfering."
    echo "If you use NetworkManager then add the following in"
    echo "/etc/NetworkManager/NetworkManager.conf and retry."
    echo "Don't forget to remove it after you finish."
    echo
    echo "[keyfile]"
    echo "unmanaged-devices=mac:$(get_macaddr "$WIFI_IFACE")"
    echo
}

# exiting
for x in $CONFDIR/*.pid; do
    kill -9 $(cat $x)
done
rm -rf $CONFDIR
iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
iptables -D FORWARD -i ${WIFI_IFACE} -j ACCEPT
echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
ip link set down dev ${WIFI_IFACE}
ip addr flush ${WIFI_IFACE}
exit 0

but when I run this command

./create_ap wlp1s7  enp0s10 faridi  123456789

but my ipod touch and my htc phone can not connect to internet , my HTC phone and Ipoid touch find faridi network and ask me password but after enter password they do not have internet .where i make mistake

I do all of these but my phone my ipod touch do not have internet .they find network

Last edited by mfaridi (2013-08-03 17:24:54)

mfaridi · 2013-08-03 17:19:10

any suggestion

tomk · 2013-08-03 17:47:04

I'd suggest you either:
- forget about create_ap, and configure it yourself manually
or:
- contact whoever wrote create_ap for assistance

Personally, I'd go for the first option.

mfaridi · 2013-08-03 19:22:37

tomk wrote:

I'd suggest you either:
- forget about create_ap, and configure it yourself manually
or:
- contact whoever wrote create_ap for assistance
Personally, I'd go for the first option.

I use that link for config internet sharing ,but for NAT ,I use create_ap ,but I think it is not work good

mfaridi · 2013-08-03 23:18:01

I think one or more step in this guide is wrong and my conf can not work good

mfaridi · 2013-08-03 23:31:18

can someone check my hostapd config

ssid=faridi
wpa_passphrase=123456789
interface=wlan0
#bridge=br0
auth_algs=3
channel=7
#driver=nl80211
driver=ath5k
hw_mode=g
logger_stdout=-1
logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

when I run
lspci -v
I see this

01:07.0 Ethernet controller: Qualcomm Atheros AR5212/AR5213 Wireless Network Adapter (rev 01)
	Subsystem: Qualcomm Atheros TRENDnet TEW-443PI Wireless PCI Adapter
	Flags: bus master, medium devsel, latency 168, IRQ 17
	Memory at fdfe0000 (32-bit, non-prefetchable) [size=64K]
	Capabilities: [44] Power Management version 2
	Kernel driver in use: ath5k
	Kernel modules: ath5k

ewaller · 2013-08-04 00:26:01

I understand what you are trying to do, but... I would not pick your method. Your choice of 139.96.30.100 is not a good choice. That address seems to be owned by an ISP in the Netherlands. Your wireless network is probably want to be in the 10:xx:xx:xx, 172:xx:xx:xx:xx or (best choice) 192:xx:xx:xx space. Specifically, might I suggest 192:168:2:1/24 ? That puts you on a sub net 192.168.1 for the wired link, and 192.168.2 for the wireless AP. Then, your wireless clients will have addresses such as 192.168.2.2 through 192.168.2.253 (I think). Trying to set up an AP and a DHCP server on a routable address seems to me like a recipe for failure.

ewaller · 2013-08-04 00:27:32

BTW, where are you running all these magic scripts?

EDIT: I really suggest you try this wiki article

Last edited by ewaller (2013-08-04 00:29:24)

Strike0 · 2013-08-04 04:34:38

The software access point wiki now links to the script too.

mfaridi wrote:

can someone check my hostapd config
...
interface=wlan0
#bridge=br0

Your config still mentions wlan0 whereas in your first post the wifi interface you use is wlp1s7.

Provide the "ip r" output after you started the script.

mfaridi · 2013-08-04 20:20:59

Strike0 wrote:

The software access point wiki now links to the script too.
mfaridi wrote:
can someone check my hostapd config
...
interface=wlan0
#bridge=br0
Your config still mentions wlan0 whereas in your first post the wifi interface you use is wlp1s7.
Provide the "ip r" output after you started the script.

thanks
after change wlan0 to wlp1s7
that script work for me for 30min .after reset my arch ,that script does not work ,
before reboot system ,I open my ipod touch and I see have internet , and went to wifi network setting
and I see these

IP Address  169.254.142.141
Submet Mask 255.255.0.0
Router  192.168.0.12.
DNS 8.8.8.8

but after reboot arch linux and run that script again .my ipod touch do not have internet and when I go wifi Networks setting in my ipod touch ,I see only IP address and DNS ,and I do not see IP of Router and DNS IP

I think this problem happen because my ipod touch can not get DNS and Router IP

mfaridi · 2013-08-04 20:54:43

I try connect with my HTC phone ,,y HTC phone can find my network describe in hostapd config
but when I choose my network in HTC phone I see this message

obtaining IP addres ..

and my HTC phone can not connect to wireless network
and after min ,I see this message

Avoid poor internet connection

and HTC phone can not connect to wirelles connection and use ineternet

Strike0 · 2013-08-04 20:59:11

Yes, should be that some config did not survive the reboot. You should check if the various dhcp settings you applied in your first post are still valid.
Besides I agree to ewaller and you should not use that 139* address in that config anyway. The NAT you use should take care of translating the dhcp-IP to your clients to your ADSL IP.

edit: crosspost, same applies though. In the example of your iphone touch you see a 169* address, which is a sign that dhcp did not send one out. That's probably why it does not work. Check the output of "ip r" on both, the host and the htc.

Last edited by Strike0 (2013-08-04 21:04:00)

mfaridi · 2013-08-05 00:14:39

this is ip -r in my arch linux

[root@mfaridi mostafa]# ip r
default via 192.168.1.1 dev enp0s10  metric 202 
192.168.1.0/24 dev enp0s10  proto kernel  scope link  src 192.168.1.57  metric 202 
192.168.1.57 via 127.0.0.1 dev lo  metric 202 
192.168.12.0/24 dev wlp1s7  proto kernel  scope link  src 192.168.12.1

Strike0 · 2013-08-05 04:02:17

Ok, now that routing does not look too bad does it.
Are you aware that running the script overwrites your hostapd.conf which appeared to work for 30 minutes?
The thing is that you have spend the effort to create config (see post #1) but then run the create_ap which re-applies some and overwrites other parts of it.

Now you should decide on one way to setup the faridi AP. Either by your manual config or by the script.
If you want to use the script, you should change the hostapd part of it according to the hostapd.conf working once above. For your own config you should check the dhcp config you have done.

mfaridi · 2013-08-05 18:00:26

Strike0 wrote:

Ok, now that routing does not look too bad does it.
Are you aware that running the script overwrites your hostapd.conf which appeared to work for 30 minutes?
The thing is that you have spend the effort to create config (see post #1) but then run the create_ap which re-applies some and overwrites other parts of it.
Now you should decide on one way to setup the faridi AP. Either by your manual config or by the script.
If you want to use the script, you should change the hostapd part of it according to the hostapd.conf working once above. For your own config you should check the dhcp config you have done.

thanks
after reinstall dnsmmasq and reboot system ,my problem is solve and my HTC and my Ipod touch can connect to internet
do I change 139.96.30.100 to 192.168.0.100 ? Do i have to do this ?
how I can understand my DHCP config has problem ?

Strike0 · 2013-08-05 18:47:32

Ok, good it works again.
The problem with the address in the config you used is that it is registered to someone

whois   139.96.30.100

Once that someone uses it, there are simple routing clashes (two systems at different places using the same address). Just replace the 139.96.30.* accordingly to ewaller's 192* suggestion (post #7). Alternatively you can also use dnsmasq instead (the create_ap script uses that).

I now see you got that strange 139* setup from the wiki: https://wiki.archlinux.org/index.php/Dhcpd
That page should be changed.

mfaridi · 2013-08-05 19:58:54

I run this command first

ip link set up dev  wlp1s7

and then run this command

ip addr add  192.168.2.100/24 dev wlp1s7 # arbitrary address

and this is my dhcp.conf

[root@mfaridi mostafa]# cat /etc/dhcpd.conf
# Using the google's dns in the example.
# Change it to 139.96.30.100 if you have a dns server installed
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 192.168.2.100;
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.150 192.168.2.250;
}

now my Ipod touch can connect to internet and I see these in wireless setting

IP Address 192.168.12.137
Subnet  Mask  255.255.255.0
Router 192.168.12.1
.DNS 192.168.12.1

Strike0 · 2013-08-06 20:48:42

I am assuming that last wireless settings output is from your PC. If it is from the ipod, I would be unsure where it got the 192.168.12.137 from.
Anyhow, since it is a 192* address you seem to have corrected the problem with dhcp and the 139 range IP address.

So, if it works over a reboot, your problem is solved?
If you consider it solved, please edit your first post's thread title accordingly.
You have provided a lot of good config information that will be helpful for others searching for solutions.

mfaridi · 2013-08-07 17:46:00

Strike0 wrote:

I am assuming that last wireless settings output is from your PC. If it is from the ipod, I would be unsure where it got the 192.168.12.137 from.
Anyhow, since it is a 192* address you seem to have corrected the problem with dhcp and the 139 range IP address.
So, if it works over a reboot, your problem is solved?
If you consider it solved, please edit your first post's thread title accordingly.
You have provided a lot of good config information that will be helpful for others searching for solutions.

OK
thanks
I remove 139 range
Do you think ,I have problem in my config ?
my english is not enough good

Strike0 · 2013-08-07 18:16:20

You have configured:

[root@mfaridi mostafa]# cat /etc/dhcpd.conf
..option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 192.168.2.100;
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.    2      .150 192.168.2.250;
}

But you write the Ipod got:

IP Address 192.168.   12    .137

If you mis-typed and it was 192.16.2.137, then I understand it. If you did not mis-type the "12", dhcpd should not give out that IP.

mfaridi · 2013-08-07 18:27:26

Strike0 wrote:

You have configured:
[root@mfaridi mostafa]# cat /etc/dhcpd.conf
..option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 192.168.2.100;
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.    2      .150 192.168.2.250;
}
But you write the Ipod got:
IP Address 192.168.   12    .137
If you mis-typed and it was 192.16.2.137, then I understand it. If you did not mis-type the "12", dhcpd should not give out that IP.

this is my IP address in my Ipod touch

IP Address 192.168.12.137
Subnet Mask 255.255.255.0
Router 192.168.12.1
DNS 192.168..12.1

and this my my dhcp.conf

[mostafa@mfaridi ~]$ cat /etc/dhcpd.conf
# Using the google's dns in the example.
# Change it to 139.96.30.100 if you have a dns server installed
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 192.168.2.100;
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.150 192.168.2.250;
}

I do not know 192.168.12.1 from where is coming
where is my mistake

Strike0 · 2013-08-07 19:08:22

Stop and disable dhcpd and check if your ipod still gets an IP.
Then check the logs which service does it.

mfaridi · 2013-08-07 19:31:59

Strike0 wrote:

Stop and disable dhcpd and check if your ipod still gets an IP.
Then check the logs which service does it.

when i run this command

systemctl list-units

I see this

dbus.service                                                                       loaded active running   D-Bus System Message Bus
dhcpcd@enp0s10.service                                                             loaded active running   dhcpcd on enp0s10
dhcpd4.service                                                                     loaded failed failed    IPv4 DHCP server
getty@tty1.service                                                                 loaded active running   Getty on tty1
hostapd.service                                                                    loaded failed failed    Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
iptables.service                                                                   loaded active exited    Packet Filtering Framework

Strike0 · 2013-08-08 21:14:33

I am not sure why you post that output in response to my suggestion which you quote above.
Can you explain what you want to show with that?

MariusMatutiae · 2013-08-08 21:48:28

There is also another error in hostapd.conf. You wrote:

....
#driver=nl80211
driver=ath5k

You should leave the user-space drive nl80211 in place, please do not replace it with your driver ath5k.

Also, I am not sure why you use dhcp, with its ensuing problems. If you "bridge" your wireless interface with your ethernet interface, the whole business of dishing out IP numbers would be left to your router. A simple script to do this would be:

#!/bin/sh

WAN=$1
LAN=$2
systemctl stop NetworkManager.service
ifconfig $WAN down
ifconfig $WAN up
dhclient $WAN

cp /etc/hostapd/hostapd-bridge.conf /etc/hostapd/hostapd.conf
systemctl start hostapd.service
systemctl start netcfg@bridge.service
echo "That's it"

which needs to be invoked (assuming it's called bridgedap, and it's been made executable by means of "chmod 755 bridgedap", with

./bridgedap YourEthernetInterface YourWirelessInterface

The file hostapd-bridge.conf is

interface=YourWirelessInterface
bridge=br0
driver=nl80211
hw_mode=g
country_code=FR (put here YOUR country code) 
ieee80211n=1
ieee80211d=1
wmm_enabled=1
channel=1
ssid=YourSSID
wpa=2
wpa_passphrase=YourPassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

And that's it.

Arch Linux

#1 2013-08-03 11:36:25

internet sharing with create_ap

#2 2013-08-03 17:19:10

Re: internet sharing with create_ap

#3 2013-08-03 17:47:04

Re: internet sharing with create_ap

#4 2013-08-03 19:22:37

Re: internet sharing with create_ap

#5 2013-08-03 23:18:01

Re: internet sharing with create_ap

#6 2013-08-03 23:31:18

Re: internet sharing with create_ap

#7 2013-08-04 00:26:01

Re: internet sharing with create_ap

#8 2013-08-04 00:27:32

Re: internet sharing with create_ap

#9 2013-08-04 04:34:38

Re: internet sharing with create_ap

#10 2013-08-04 20:20:59

Re: internet sharing with create_ap

#11 2013-08-04 20:54:43

Re: internet sharing with create_ap

#12 2013-08-04 20:59:11

Re: internet sharing with create_ap

#13 2013-08-05 00:14:39

Re: internet sharing with create_ap

#14 2013-08-05 04:02:17

Re: internet sharing with create_ap

#15 2013-08-05 18:00:26

Re: internet sharing with create_ap

#16 2013-08-05 18:47:32

Re: internet sharing with create_ap

#17 2013-08-05 19:58:54

Re: internet sharing with create_ap

#18 2013-08-06 20:48:42

Re: internet sharing with create_ap

#19 2013-08-07 17:46:00

Re: internet sharing with create_ap

#20 2013-08-07 18:16:20

Re: internet sharing with create_ap

#21 2013-08-07 18:27:26

Re: internet sharing with create_ap

#22 2013-08-07 19:08:22

Re: internet sharing with create_ap

#23 2013-08-07 19:31:59

Re: internet sharing with create_ap

#24 2013-08-08 21:14:33

Re: internet sharing with create_ap

#25 2013-08-08 21:48:28

Re: internet sharing with create_ap

Board footer