wifi access point by hostapd on nano pi

i read https://dietpi.com/forum/t/dietpi-wifi-access-point-wlan0-not-found/1050/1 .

i follow it , then i make wifi access point easily . :rofl:

i change a bit .

  1. change name

/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=RakudaAP
hw_mode=g
channel=3
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=111222333
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


2) change address

/etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.123.0 netmask 255.255.255.0 {
range 192.168.123.10 192.168.123.50;
option broadcast-address 192.168.123.255;
option routers 192.168.123.1;
option domain-name β€œlocal”;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}


and
/etc/network/interfaces <β€” but this may be unnessesary
auto lo
iface lo inet loopback
allow-hotplug eth0

iface eth0 inet dhcp
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.123.1
netmask 255.255.255.0
wireless-power off
up iptables-restore < /etc/iptables.ipv4.nat


3) firewall rule

originally
_iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination _




firewall.bat
echo 1 > /proc/sys/net/ipv4/ip_forward
internal_net=β€˜192.168.123.0/24’
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -X
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i wlan0 -o eth0 -s $internal_net -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p TCP -s 0/0 --destination-port 22 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s $internal_net -j MASQUERADE
/sbin/iptables -N LOGGING
/sbin/iptables -A LOGGING -j LOG --log-level warning --log-prefix β€œDROP:” -m limit
/sbin/iptables -A LOGGING -j DROP
/sbin/iptables -A INPUT -j LOGGING
/sbin/iptables -A FORWARD -j LOGGING



do it , then

iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
LOGGING all – anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all – 192.168.123.0/24 anywhere
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
LOGGING all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain LOGGING (2 references)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/hour burst 5 LOG level warning prefix β€œDROP:”
DROP all – anywhere anywhere


regards