Make a Wi-Fi Access Point with Raspberry Pi 3
The Raspberry Pi 3 is the third generation of the famous 35$ nano PC with the size of a credit card. For this latest evolution, a Wi-Fi controller has been integrated which opens a lot of new possibilities, including creating a Wi-Fi access point.
Here are the specs of the Raspberry Pi 3:
- AMRv8 64-bit CPU, 4x Cores, 1.2GHz
- 1GB RAM
- 4x USB ports
- 1x Ethernet por
- 1x Full HDMI port
- 802.11n Wireless LAN
- Bluetooth 4.1
- 3.5mm audio jack / composite video
- Micro SD card slot
Step 1 – Install Raspbian on your Raspberry Pi 3
Download and install Raspbian on your Raspberry Pi 3. I am using a 8 GB SDHC card and Win32DiskImager under Windows 10 to write the image of the Linux OS on it.
Once done, boot your Raspberry Pi on your local network, assuming it has DHCP, and remote connect to it (the default password for the pi account is raspberry):
ssh pi@192.168.1.108 pi@raspberrypi:~ $ uname -a Linux raspberrypi 4.4.21-v7+ #911 SMP Thu Sep 15 14:22:38 BST 2016 armv7l GNU/Linux
Update your pi:
pi@raspberrypi:~ $ sudo apt-get update pi@raspberrypi:~ $ sudo apt-get upgrade
Once the system is up-to-date, we install the applications we will need:
pi@raspberrypi:~ $ sudo apt-get install -y vim hostapd dnsmasq nginx
- hostapd, the daemon to create a wifi hotspot,
- dnsmasq, a dhcp/dns server to reroute the queries
- nginx, a small web server to present modified webpages
- vim, because it’s better 😉
Step 2 – Configure the WLAN interface with a static IP
In the latest version of Raspbian, the networking is managed by dhcpcd service and not with networking. Since we want to assign a static IP to our wifi interface, we will ask dhchcp to ignore this interface and assign the static IP in the interfaces config file:
Edit the dhcpcd.conf file:
pi@raspberrypi:~ $ sudo vim /etc/dhcpcd.conf
Add the following line at the end of the file:
denyinterfaces wlan0
Edit the interfaces file:
pi@raspberrypi:~ $ sudo vim /etc/network/interfaces
Change the wlan0 configuration as follows:
allow-hotplug wlan0 iface wlan0 inet static    address 172.16.0.1    netmask 255.255.0.0    network 172.16.0.0    broadcast 172.16.255.255 #   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Now we restart all the services and check the result:
pi@raspberrypi:~ $ sudo service dhcpcd restart pi@raspberrypi:~ $ sudo ifdown wlan0 pi@raspberrypi:~ $ sudo ifup wlan0 pi@raspberrypi:~ $ ifconfig
Now the status of the interfaces should be like this:
Step 3 – Configure the Wi-Fi Access Point
We are going to create a configuration file for hostapd:
pi@raspberrypi:~ $ sudo vim /etc/hostapd/hostapd.conf
Enter the following configuration lines, which will create a Wi-Fi access point named ‘HoneyPot’ using the Wi-Fi controller:
interface=wlan0 driver=nl80211 ssid=HoneyPot hw_mode=g channel=1 wmm_enable=1 ht_capab=[HT40][SHORT-GI-20][DSSS-CK-40] macaddr_acl=0 ignore_broadcast_ssid=0
Now we will edit the interfaces configuration file to load hostapd with this configuration:
pi@raspberrypi:~ $ sudo vim /etc/network/interfaces
Add the line with hostapd at the end for wlan0:
allow-hotplug wlan0 iface wlan0 inet static    address 172.16.0.1    netmask 255.255.0.0    network 172.16.0.0    broadcast 172.16.255.255 hostapd /etc/hostapd/hostapd.conf #   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Then edit the dnsmasq configuration file:
pi@raspberrypi:~ $ sudo vim /etc/dnsmasq.conf
Add the following lines at the end of the file, this will enable the DNS service on the Wi-Fi interface and translate any query to the IP address of the Raspberry Pi. It will also enable the DHCP service to provide addresses between 172.16.0.10 and 172.16.0.250 for a duration of 12h.
resolv-file=/var/run/dnsmasq/resolv.conf log-facility=/var/log/dnsmasq.log address=/*/172.16.0.1 interface=wlan0 dhcp-range=172.16.0.10,172.16.0.250,12h log-queries
As you noticed, we point dnsmasq to a specific resolv.conf file which will contain the upstream DNS servers. This file will be generated by the resolvconf service, and we need to configure it accordingly:
pi@raspberrypi:~ $ sudo vim /etc/resolvconf.conf
It should look like this:
resolv_conf=/etc/resolv.conf name_servers=127.0.0.1 dnsmasq_resolv=/var/run/dnsmasq/resolv.conf pdnsd_conf=/etc/pdnsd.conf unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf
Restart the Rasperry Pi to test, and you should see the SSID ‘HoneyPot’ being broadcast around, and that the network is not secured, so anyone can connect to our access point. See how it looks like in a Windows 10 laptop nearby:
Step 4 – Routing traffic
We need to enable packet forwarding by editing the following file:
pi@raspberrypi:~ $ sudo vim /etc/sysctl.conf
and uncomment the line:
net.ipv4.ip_forward=1
We can also enter this extra command to activate immediately the packet forwarding sudo sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”. Then, we configure the firewall to route traffic between wlan0 and eth0:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Â sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT Â sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
And we save this configuration in a file:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
That we will load during boot:
pi@raspberrypi:~ $ sudo vim /etc/rc.local
by adding a line before exit 0:
_IP=$(hostname -I) || true if [ "$_IP" ]; then  printf "My IP address is %s\n" "$_IP" fi iptables-restore < /etc/iptables.ipv4.nat exit 0
At this stage, you should have a nice working Wi-Fi Access Point based on your Raspberry Pi 3 connected to your ISP router, and where you can browse internet normally and safely. But we will not stop here, if you noticed in the article we named the SSID “HoneyPot“, and in the next post, we will show you how to do nasty things with your unsecured Access Point.
Hello, just a question, Will honneypot work if it is not connected to the router?
Hello,
Yes the access point will work but you won’t be able to redirect internet traffic, only show local page hosted on the nginx web server.