https://www.campisano.org/wiki/Debian_based_home_wifi_router/history?feed=atomDebian based home wifi router - Revision history2026-04-11T04:41:19ZRevision history for this page on the wikiMediaWiki 1.43.5https://www.campisano.org/mediawiki/index.php?title=Debian_based_home_wifi_router&diff=2762&oldid=prevT1t0: Created page with "= Optional = Install etckeeper and sshd = Setup connection from linux router to internet = <pre> apt-get install pppoeconf pppoeconf </pre> = Enable wireless access point for internal network = <pre> apt-get install hostapd # note that it is in a maksked status, it needs to be configured systemctl status hostapd.service # define the config file sed -i 's|#DAEMON_CONF=""|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd # configure, please change YOUR_IN..."2024-06-01T22:25:19Z<p>Created page with "= Optional = Install etckeeper and sshd = Setup connection from linux router to internet = <pre> apt-get install pppoeconf pppoeconf </pre> = Enable wireless access point for internal network = <pre> apt-get install hostapd # note that it is in a maksked status, it needs to be configured systemctl status hostapd.service # define the config file sed -i 's|#DAEMON_CONF=""|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd # configure, please change YOUR_IN..."</p>
<p><b>New page</b></p><div>= Optional =<br />
<br />
Install etckeeper and sshd<br />
<br />
= Setup connection from linux router to internet =<br />
<br />
<pre><br />
apt-get install pppoeconf<br />
pppoeconf<br />
</pre><br />
<br />
= Enable wireless access point for internal network =<br />
<pre><br />
apt-get install hostapd<br />
# note that it is in a maksked status, it needs to be configured<br />
systemctl status hostapd.service<br />
# define the config file<br />
sed -i 's|#DAEMON_CONF=""|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd<br />
# configure, please change YOUR_INTERFACE, YOUR_COUNTRY, YOUR_SSID and YOUR_PASSWORD!<br />
cat > /etc/hostapd/hostapd.conf << EOF<br />
# from https://wiki.gentoo.org/wiki/Hostapd#802.11b.2Fg.2Fn_with_WPA2-PSK_and_CCMP<br />
<br />
# the interface used by the AP<br />
interface=YOUR_INTERFACE<br />
<br />
# "g" simply means 2.4GHz band<br />
hw_mode=g<br />
<br />
# the channel to use<br />
channel=11<br />
<br />
# limit the frequencies used to those allowed in the country<br />
ieee80211d=1<br />
<br />
# the country code<br />
country_code=YOUR_COUNTRY<br />
<br />
# 802.11n support<br />
ieee80211n=1<br />
<br />
# QoS support, also required for full speed on 802.11n/ac/ax<br />
wmm_enabled=1<br />
<br />
# the name of the AP<br />
ssid=YOUR_SSID<br />
<br />
# 1=wpa, 2=wep, 3=both<br />
auth_algs=1<br />
<br />
# WPA2 only<br />
wpa=2<br />
wpa_key_mgmt=WPA-PSK<br />
wpa_pairwise=CCMP<br />
rsn_pairwise=CCMP<br />
wpa_passphrase=YOUR_PASSWORD<br />
<br />
# HT capabilities (enabling support for 40MHz)<br />
ht_capab=[SHORT-GI-40][HT40+][HT40-][DSSS_CCK-40]<br />
EOF<br />
systemctl stop hostapd.service<br />
systemctl unmask hostapd.service<br />
systemctl enable hostapd.service<br />
systemctl start hostapd.service<br />
journalctl --unit=hostapd.service --follow<br />
</pre><br />
<br />
= Enable IP forwarding and masquerading =<br />
<br />
<pre><br />
# configure, please change YOUR_INTERFACE!<br />
cat > /etc/network/if-pre-up.d/forward-masq-YOUR_INTERFACE-ppp0 << EOF<br />
#!/bin/sh<br />
<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
iptables -A INPUT -i ppp0 -j DROP<br />
iptables -A FORWARD -i YOUR_INTERFACE -o ppp0 -j ACCEPT<br />
iptables -A FORWARD -i ppp0 -o YOUR_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE<br />
EOF<br />
chmod 755 /etc/network/if-pre-up.d/forward-masq-YOUR_INTERFACE-ppp0<br />
systemctl restart networking<br />
journalctl --unit=networking.service --follow<br />
</pre><br />
<br />
= Configure a dhcp and dns server =<br />
<br />
<pre><br />
apt-get install dnsmasq<br />
# configure, please change YOUR_INTERFACE and YOUR_NET_PREFIX!<br />
cat > /etc/dnsmasq.conf << EOF<br />
# use standard port for dns server<br />
port=53<br />
<br />
# never forward plain names (without a dot or domain part)<br />
domain-needed<br />
<br />
# never forward addresses in the non-routed address spaces.<br />
bogus-priv<br />
<br />
# do not use /etc/resolv.conf or any other file to resolv<br />
no-resolv<br />
<br />
# add other name servers<br />
server=8.8.8.8<br />
server=8.8.4.4<br />
<br />
# listen for DHCP and DNS requests only on specified interfaces<br />
# repeat the line for more than one interface<br />
interface=lo<br />
interface=YOUR_INTERFACE<br />
<br />
# provide only DNS service on specified interface<br />
no-dhcp-interface=lo<br />
<br />
# enable the integrated DHCP server<br />
# you need to supply the range of addresses available<br />
dhcp-range=YOUR_NET_PREFIX.100,YOUR_NET_PREFIX.200,255.255.255.0,12h<br />
EOF<br />
systemctl restart dnsmasq.service<br />
journalctl --unit=dnsmasq.service --follow<br />
</pre><br />
<br />
[[Category:unix]]<br />
[[Category:linux]]<br />
[[Category:network]]<br />
[[Category:wifi]]<br />
[[Category:router]]</div>T1t0