A detailed walkthrough of the 7 configuration changes needed to turn a standard Linux host into a WiFi router/switch. Covers enabling IP forwarding via sysctl, creating a Linux bridge (br0) to unify wired and wireless interfaces at Layer 2, installing nftables firewall rules on netfilter hooks, using conntrack for stateful packet inspection, configuring NAT masquerade for private-to-public address translation, deploying dnsmasq for DHCP and DNS services, and running hostapd to put the wireless card into AP mode via nl80211/mac80211. Each step is explained with the underlying kernel mechanism, relevant source files, and inspection commands.
Table of contents
What does it mean to turn a Linux system into networking infrastructure?What is a hook?Change 1: Activating IP ForwardingChange 2: Defining The Bridge: Collapsing Two Interfaces Into One SegmentChange 3: Activating nftables policies: Installing Code on the HooksChange 4: Stateful Firewalling with conntrackChange 5: Defining NAT and Masquerade policies: Rewriting Addresses at the BorderChange 6: Vending DHCP and DNS with dnsmasq: Announcing the Router to New ClientsChange 7: Vending WiFi networks with hostapd: Switching the Wireless Card into Access Point (AP) ModeThe Result: A WiFi Router!Sort: