19 C

Building your own Wireless Access Point on top of CentOS7

Wireless is everywhere, though have you ever thought about building your own wireless access point.?Well, if you’ve got capable enough wireless NIC and of course bit of understanding in Linux, that’s what it takes to get the job done.!


On this article, I will stick to CentOS7 system and as well following applications to work on the goal;

  • hostapd => a daemon that will control how these wireless protocols should behave
  • dhcpd => a daemon that taking care of handing over IP address allocation for external clients
  • FirewallD => the native firewall daemon on Centos7 platforms that helps to perform NAT functionality while client internet requests traverse via wireless AP.
  • I also assume that the system that we are gonna build our Access Point has wireless NIC plus another medium of access to reach the internet, for example, having a wired NIC with ISP connectivity.


- Advertisement -

01. Finding out whether your wireless nic support access-point mode:

iw list


02. Second, let make sure no blocking behavior occured on our selected wireless NIC.

rfkill list

As in the figure, both Soft & Hard blocked should say “no”, otherwise, the system won’t allow Hostapd to setup wireless on top of the selected NIC. If unfortunately blocked are in “yes”, you can work on following command to mark them as “no”

rfkill unblock wlan


03. Let install “epel-release” package which will then setup a new repository that hosts this “hostapd” package.

yum -y install epel-release
yum install hostapd dhcp


04. Once the installation completes, let’s move to hostapd specific configuration => /etc/hostapd/hostapd.conf




interface => on which interface that setup this wireless access point
bridge => a virtual “type => bridge” interface that manage the IP address space for the hosting access point
ssid => the name that client see as your wireless AP


05. Next step should be implement a “br-AP” virtual bridge interface that we defined while configuring hostapd.

nmcli con add con-name br-AP type bridge ifname br-AP autoconnect yes stp no ip4


06. To let handing over IP address leases over to clients, DHCP is a must => /etc/dhcpd/dhcpd.conf

option domain-name-servers;
default-lease-time 600;
max-lease-time 7200;
# this DHCP server to be declared valid
# specify network address and subnet mask
subnet netmask {
       range dynamic-bootp;
       option broadcast-address;
       option domain-name-servers;
       option domain-name "example.org";
       option routers;

Note that IP address range should be same on both Bridge interface as well as IP address pool managed by DHCP.

07. While Linux system boots up and yet wireless NIC might not initialized as required. In such cases you might experience a service failure on “hostapd.service”. Then the tick should ask the respective initialization unit file to restart the fail service, if found. To do this, you might need to reflect default hostapd.service file to the following context => vim /etc/systemd/system/hostapd.service

Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B


Note following key parameters:

08. Further, I even personally experience a failure in DHCP initialization due to early forking while our Bridge interface hasn’t completed it’s own initialization. This is a must because DHCP strictly looking for a system IP address for which it’s pool of address defined in its configuration. So, lets implement another trick by creating a systemD timer and ask it to fork the dhcpd.service with a bit of delay => vim /etc/systemd/system/dhcpd.timer

Description=make dhcp starts after 60sec of boot



What this unit does is that, even the main service of “dhcpd.service” is in disable mode at startup, this force the initialization of the dhcpd process after 60 seconds of delay.

09. Finally, reload the systemD unit files, stop DHCP service at boot process and finally start DHCP timer as well as hostapd daemon.

systemctl daemon-reload
systemctl disable dhcpd.service
systemctl enable dhcpd.timer
systemctl enable hostapd.service


10. Reboot the system and after 1 minutes of delay, check the status of;

systemctl status hostapd.service
systemctl status dhcpd.service

If they are running, then well done, you done it. But, if unfortunately a failure in hostapd.service, try to restart it again by first, disabling WIFI from NetworkManager.

nmcli radio wifi off


11. When external client traffic moving out on via our system’s public interface(or the NIC which holding your ISP connection), they should subjected to a NAT functionality, otherwise these outgoing traffic  would simply never be route back to our system to complete its communication. To setup the NAT process, lets configure firewallD.

firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=443/tcp
firewall-cmd --zone=public --add-service=dns

Be mindful to add more rules, if required, to allow certain outgoing tcp/udp protocols.


“I hope this has been informative for you”

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"



Please enter your comment!
Please enter your name here

Latest article