Using your Linux server to create an ad-hoc wireless network

Today, wireless networking is available on many sites. Nevertheless, you may need it on a site where it is not available. This article will help you create a solution in those cases and explain how to turn your Linux server into an ad-hoc WiFi access point.

The procedure to create your own ad-hoc access point consists of several steps:

  • Configure the network in the right way
  • Make sure your wireless network card is configured in ad-hoc mode
  • Offer DHCP services on the WiFi card
  • Configure the firewall for iptables masquerading

You'll also read how to create this configuration using

    Requires Free Membership to View

Fedora Core 13. The procedure described here is roughly compatible with all major Linux distributions, although the name of specific configuration files may be different.

The network configuration
To configure your server as an access point, you need two network configurations. One of these should offer the server Internet access. This can be direct Internet access or access through a NAT router -- for this procedure it doesn't really matter. If you're using a server to create this configuration, this Internet interface will typically be LAN, but you can also replace the server with a laptop that uses any kind of interface to access the Internet.

Apart from the Internet interface, you need a wireless interface. In this article, I'll assume that the Internet interface is known on your server as eth0 and the wireless interface is wlan0. To create the configuration, you can configure the Internet interface with the tool that is the most convenient for you. There's no need to create a manual configuration. For the wireless interface, you will need to do some handwork.

Configuring the wireless network card
Before putting the configuration into configuration files, it's a good idea to create the configuration for the wireless card on the command line. You'll do this using the iwconfig command, and the first thing to do with this command is put the WiFi card in ad-hoc mode. The following command will do this for you:

iwconfig wlan0 mode Ad-Hoc

Your WiFi card will allow other computers to make a connection only if it is configured in ad-hoc mode. Next, your computer needs an ESSID. This is a unique name that is used to identify the network. In this example, I'll use the essid supernet. You can use anything, as long as it's not already in use as an ESSID within reach of your computer. The following command will set an ESSID for your computer:

iwconfig wlan0 essid supernet

At this point, your WiFi card should have all of the required parameters. Use iwconfig to verify this is the case:

[root@sfo ~]# iwconfig

wlan0     IEEE 802.11abgn  ESSID:"sandernet" 
         Mode:Ad-Hoc  Frequency:2.412 GHz  Cell: 96:1E:76:FA:FE:A0  
        Tx-Power=15 dBm  
         Retry  long limit:7   RTS thr:off   Fragment thr:off
        Encryption key:off
        Power Management:off

Next, you need to specify the IP address configuration for the WiFi card. To do this, you can use the ip address command, as in the example below: 

ip address add dev wlan0 netmask

When specifying the IP address, make sure that you're using an IP network address that is completely unique and not yet in use. You don't need to specify a default gateway or DNS server, as your computer already knows about these from the Internet interface. After specifying the IP address, your WiFi card is up and you should be able to see the wireless access point from other computers in the vicinity:

Click here for a larger image

You can even connect to it, but be aware that you won't get an IP address, as the DHCP-server is not configured yet.

Configuring the DHCP server
Next, you also need to make sure that your access point can hand out IP addresses. To do this, first install the DHCP server using yum install dhcp. Next, make a configuration file with the name /etc/dhcp/dhcpd.conf and give it the following contents:

[root@sfo ~]# cat /etc/dhcp/dhcpd.conf
option domain-name "supernet.example";
option domain-name-servers;

default-lease-time 600;
max-lease-time 7200;

log-facility local7;

subnet netmask {
option routers;

After creating this configuration, you need to start the DHCP server and make sure it starts automatically after rebooting your server. The following commands will do that for you:

service dhcpd start
chkconfig dhcpd on

Configuring the firewall
The last part of the configuration is to configure NAT on your server. You'll do that using the powerful internal Linux firewall iptables. If no additional firewalling is configured on your server, creating this NAT configuration is easy, but be careful with which method you use. On Fedora, Red Hat and CentOS, you can use the graphical system-config-firewall tool to create firewall rules. However, this easy-to-use tool will destroy all the firewall configuration that you may have already created manually. So it’s better to not use this and instead go for the manual approach:

Click here for a larger image

To enable NAT on your server, one command is enough:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The most important part in this command is the option -o eth0. This option specifies the name of the network interface that you're using to connect to the Internet. Make sure it reflects the correct interface name.

If additional firewall rules are also enabled on your server, you may need to specify two more lines to make sure that traffic from the wireless network is routed to the Internet and your firewall allows replies to that traffic to come back to your server. The following two lines will help you accomplish this:

iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Next, you need to change /etc/sysconfig/iptables-config. Fedora and derivatives have a nice feature of saving iptables lines that you type on the command line if you give the following three parameters in iptables-config the value yes:


Now there's one more thing to do. Your computer should be instructed to forward IP packets so that it can act as a router. To enable this, put the following line in /etc/sysctl.conf:


At this point the configuration is ready. It is a good idea to reboot your computer so that you can test everything is coming up automatically as expected. After that, you can start using your ad-hoc access point!

This was first published in September 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.