有些情况下我们需要将连接并认证过的wifi共享出来,这样就无需多个认证达到多人使用了
手动配置
无线网卡是否支持AP模式
无线设备必须兼容 nl80211标准 ,并且支持 AP (Access Point)工作模式。可通过 iw list 命令查看无线网卡设备信息, 输出信息到Supported interface modes 段落中要有 AP 模式:
输出中包含* AP代表支持AP模式,可开启热点
1
2
3
4
5
6
7
8
9
10
11
| <!--more-->
Wiphy phy1
...
Supported interface modes:
...
* AP
...
valid interface combinations:
* #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
total <= 2048, #channels <= 1, STA/AP BI must match
...
|
注意:
#channels <=1 代表开启的热点
必须所连wifi用
同一信道创建热点接口
查看无线网卡设备接口
1
2
3
4
| wlan0: ...
link/ether ...
inet ...
...
|
创建虚拟接口
1
2
3
| sudo iw dev wlan0 interface add wifi_ap type managed addr 12:34:56:78:ab:cd
# 或
sudo iw phy phy0 interface add wifi_ap type managed addr 12:34:56:78:ab:cd
|
如需删除接口使用命令
sudo iw dev wifi_ap del即可删除
可使用macchanger给虚拟接口生成一个随机Mac地址
1
| sudo macchanger -r wifi_ap
|
如需恢复Mac地址使用命令macchanger -p wifi_ap
配置热点
安装hostapd
配置hostapd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| sudo vim /etc/hostapd/hostapd.conf
ssid=test_wifi_ap
wpa_passphrase=password
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
interface=wifi_ap
channel=1
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/run/hostapd
ctrl_interface_group=0
hw_mode=g
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
|
网络设置
可使用网桥或NAT两种模式,网桥模式还得单独取得认证才能上网,而NAT模式则是认证后再将网络转发分享出来
NAT设置
启动包转发
检查包转发配置情况
1
| sudo sysctl -a |grep forward
|
信息为用于控制每个默认值,每个接口的转发的选项,以及每个接口的IPv4 / IPv6的单独选项
启用临时包转发
1
| sudo sysctl net.ipv4.ip_forward=1
|
要想选择性地为某一个具体的网卡提供包转发,使用sysctl net.ipv4.conf.interface_name.forwarding=1来代替
永久开启需编辑/etc/sysctl.d/30-ipforward.conf
1
2
3
| net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
|
启用NAT
使用iptables配置规则来启用NAT
1
2
3
4
5
6
| sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wifi_ap -o wlan0 -j ACCEPT
# 保存规则
sudo iptables-save > /etc/iptables/iptables.rules
|
或 使用nftables启用NAT
1
2
3
4
5
6
| sudo nft add table ip nat
sudo nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
sudo nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
# 永久保存
sudo nft list ruleset > /etc/nftables.conf
|
配置DHCP
配置DHCP自动分配IP,可通过使用dhcpd或dnsmasq来启用DHCP服务
DHCP服务器必须允许UDP端口67的传入连接。对于DNS请求,还必须允许到UDP / TCP端口53的传入连接。
1
2
3
4
5
6
| iptables -I INPUT -p udp --dport 67 -i net0 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -s 192.168.123.0/24 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -s 192.168.123.0/24 -j ACCEPT
# 保存规则
sudo iptables-save > /etc/iptables/iptables.rules
|
使用dhcpd配置
给接口添加静态IP
1
| sudo ip addr add 10.0.0.254/24 dev wifi_ap
|
配置hdcpd服务
需要安装dhcpd包
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
sudo mv /etc/dhcpd.conf /etc/dhcpd.conf.backup
sudo vim /etc/dhcpd.conf
option domain-name-servers 114.114.114.114,8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 10.0.0.254;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.0 10.0.0.0;
}
option domain-name-servers 114.114.114.114,8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 10.0.0.254;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.0 10.0.0.0;
host macbookpro{
hardware ethernet 11:22:33:aa:bb:cc;
fixed-address 10.0.0.10;
}
}
|
1
2
3
4
5
| # 启用IPv4 DHCP
sudo systemctl start dhcpd4
# 启动IPv6 DHCP
sudo systemctl start dhcpd6
|
开启热点
启动hostapd即可
1
| sudo systemctl start hostapd
|
使用脚本
安装
详解参考create_ap仓库
ArchLinux系可直接用pacman安装
1
| sudo pacman -S create_ap
|
使用
添加虚拟网络接口并设置地址
1
| sudo iw dev wlan0 interface add wifi_ap type managed addr 12:34:56:78:ab:cd
|
配置热点
1
| sudo create_ap -c 11 wifi_ap\ eth0 SSID passwowd
|
参考:
Linux连接wifi同时开启热点
Software access point
Linux 设置 wifi 共享(wifi 到 wifi)