Random Wisdom

WiFi to Ethernet router

by on Aug.09, 2018, under How To ..., Linux, Software

A WiFi to Ethernet router is handy when you need to connect a wired device to a network/Internet but only have access to a wireless network. While certainly not a common scenario, the requirement does arise from time to time. The steps involved are actualy almost the same as setting up a NAT router but using the wireless interface as the WAN port rather than Ethernet. The iptables and dhcp (server) packages the needed for this to work. Although the following instructions are for a CentOS/RHEL 6.X type system, the same principles will apply to other distributions as well.

Configure the DHCP server
The DHCP server provides IP configuration information to any client(s) connecting over the Ethernet interface. Assuming the Ethernet interface is eth0, modify ‘/etc/sysconfig/dhcpd’ and set

DHCPDARGS=eth0

Next, modify ‘/etc/dhcp/dhcpd.conf’ to define the LAN-side subnet and options such as the router address and nameservers:

authoritative;

subnet 192.168.101.0 netmask 255.255.255.0 {
  range 192.168.101.2 192.168.101.10;
  option domain-name-servers 8.8.8.8;
  option domain-name "example.local";
  option routers 192.168.101.1;
  option broadcast-address 192.168.101.255;
  default-lease-time 3600;
  max-lease-time 7200;
}

Here we’ve selected Google DNS as the nameserver and defined a subnet that will provide addresses in the 192.168.101.2 to 192.168.101.10 range. At this point, the DHCP server is configured.

Before the server can be started, we need to ensure the eth0 has an address in the subnet defined. The address of 192.168.101.1 is assigned as it will act as the gateway router for any client(s) connected to the LAN:

[root@hostname ~]# ifconfig eth0 192.168.101.1 up

Ensure that the eth0 interface is static rather than automatic/DHCP configured to prevent the assigned address being overridden. Once the address has been assigned and the interface marked as up, the DHCP service can be started by running:

[root@hostname ~]# service dhcpd start

Configure the NAT router
Start by disabling (flushing) the firewall rules to keep things straightforward:

[root@hostname ~]# iptables --flush

Then enable forwarding and routing between wlan0 (Wireless) and eth0 (Ethernet) as follows:

[root@hostname ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@hostname ~]# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
[root@hostname ~]# iptables -A FORWARD -i eth0 -j ACCEPT

That’s it! As long as the WiFi interface is configured and connected to a network, clients connected over the Ethernet port will not also have access to that network/Internet.

To disable the router, DHCP server, and reload the original firewall rules, simply run:

[root@hostname ~]# service iptables restart
[root@hostname ~]# echo 0 > /proc/sys/net/ipv4/ip_forward
[root@hostname ~]# service dhcpd stop
:, , , , , , , ,

Leave a Reply