Skip to content

Instantly share code, notes, and snippets.

@greut
Last active February 10, 2021 23:32
Show Gist options
  • Save greut/a3e794a510834d4deacde6100e17d501 to your computer and use it in GitHub Desktop.
Save greut/a3e794a510834d4deacde6100e17d501 to your computer and use it in GitHub Desktop.
Laptop Access-Point with monitoring

Access Point

Setup

  • hostapd
  • dnsmasq
  • ntop
  • iptables

NetworkManager

Manually manage the wireless interface.

/etc/NetworkManager/NetworkManager.conf

[keyfile]
unmanaged-devices=mac:8c:70:5a:ff:ed:a4
$ sudo ip link set up dev wlp3s0
$ sudo ip addr add 10.0.0.1/24 dev wlp3s0

HostAP

/etc/hostapd/hostapd.conf

sid=YoanBlancAP
utf8_ssid=1
interface=wlp3s0
auth_algs=3
country_code=CH
channel=7

# Problem on windows?
#require_ht=0
driver=nl80211
hw_mode=g

logger_stdout=-1
logger_stdout_level=2

max_num_sta=5
rsn_pairwise=CCMP

# client isolation
ap_isolate=1

wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TIKIP CCMP
wpa_passphrase=testtest

Port forwarding

/etc/sysctl.d/hostap.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1

NAT

iptables

$ sudo iptables-save > old.rules
$ sudo iptables-restore < old.rules
# DHCP
$ sudo iptables -I INPUT -p udp --dport 67 -i wlp3s0 -j ACCEPT
# DNS
$ sudo iptables -I INPUT -p udp --dport 53 -s 10.0.0.0/24 -j ACCEPT
$ sudo iptables -I INPUT -p tcp --dport 53 -s 10.0.0.0/24 -j ACCEPT
$ sudo iptables -t nat -A POSTROUTING -o enp0s26u1u2u4 -j MASQUERADE
$ sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i wlp3s0 -o enp0s26u1u2u4 -j ACCEPT

DHCP

dnsmasq

# /etc/dnsmasq.conf

listen-address=10.0.0.1
resolv-file=/etc/resolv.dnsmasq.conf
dhcp-range=10.0.0.10,10.0.0.200,12h
log-queries
log-dhcp

Monitoring

ntop

$ sudo ntop -W 4223 -i wlp3s0

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment