Advertisement. Why?

Turn your Raspberry Pi into a wireless access point

This article explains how to convert your Raspberry Pi into a wireless access point using a simple WiFi USB dongle.

You will need

- A Raspberry Pi model B (of course!)
- An SD Card for your Raspberry Pi: I used a 4GB for this but whatever you have should be good
- A USB WiFi Dongle: I used a ZyXEL Communications Corp. ZyAIR G-202 802.11bg

Setting up your SD card

First install Raspbian from the Raspberry Pi site at the URL below:

Install the image to your SD card as explained here:

Logging into your Raspberry Pi

Log in to your Raspberry Pi – I setup mine via SSH but no reason why you can’t do it via a keyboard and screen if you have it connected that way. The default login username is ‘pi’ with password ‘raspberry’. You’ll be wanting to change these later for security. If not logging in via SSH make sure you have a network connection with internet access.

If you’re using SSH then you’ll need to locate your Raspberry Pi’s IP address on your LAN using (on Linux systems, at least):

$ sudo nmap -sP

This will list all IP’s on your network (if your network is 192.168.1.x then change the network range in the command to and so on). You’ll get a list along the lines of:

Nmap scan report for UNKNOWN (
Host is up (0.65s latency).
MAC Address: 00:24:2C:12:62:55 (Hon Hai Precision Ind. Co.)
Nmap scan report for UNKNOWN (
Host is up (0.23s latency).
MAC Address: B8:27:EB:9E:CA:4D (Raspberry Pi Foundation)
Nmap scan report for UNKNOWN (
Host is up (0.0036s latency).
MAC Address: 00:A0:DE:86:D3:6B (Yamaha)

In this case the Raspberry Pi is at so I login with ssh pi@

Configuring your Raspberry Pi

Run the following command to setup your Raspberry Pi:

$ sudo raspi-config

You will likely want to change your memory split to 16 and turn off ‘Start desktop on boot?’ (which you will not need). Reboot and set a root password using sudo passwd and enter a decent (i.e. not ‘password’!) password for the root user. From this point on I’ll assume you’re logged in as root. I’m also assuming you know how to use vi or vim console text editors (or maybe an alternative like nano).



Installing the necessary software packages

I prefer to use aptitude for package installs and will be using it throughout this article – if you’re happier using apt-get then you will need to alter some of the installation commands to suit. Install aptitude with:

$ apt-get install aptitude

Bring your Raspberry Pi up to date using:

$ aptitude update; aptitude safe-upgrade

This may take a little while and will also depend on your internet connection speed.

You need to install these packages:

$ aptitude install rfkill zd1211-firmware hostapd hostap-utils iw dnsmasq

These are:
rfkill – wireless utility
zd1211-firmware – software for dealing with zd1211 based wireless hardware
hostapd – hostap wireless access point daemon
hostap-utils – tools that go with hostap
iw – wireless config utility
dnsmasq – a DHCP and DNS utility

The zd1211-firmware package is hardware-specific but is a very common implementation for WiFi dongles. Your dongle will also need to support ‘AP’ mode which you can verify by typing,

$ iw list

and under the ‘Supported interface modes’ you will hopefully see ‘AP’ listed along with others like ‘managed’ and ‘monitor’. If not you’re out of luck with your particular dongle. If you have another Linux machine handy you may want to plug the dongle into that and check it with ‘iw list’ before you start!

Configuring the wireless interface

Your wireless interface must be set statically for hostap. Therefore you need to edit your /etc/network/interfaces file to look like this:

auto lo
iface lo inet loopback
iface eth0 inet dhcp
iface wlan0 inet static

Then restart your wireless interface using:

$ ifdown wlan0; ifup wlan0

This should hopefully go smoothly without errors. The address of (pi, get it!?) should not be the same as the network connected to eth0. My main LAN is and the wireless interface should be a different network. This adds a simple layer of security in case you’re configuring an open access point (as I was) and allows you to firewall one network from the other far more easily.

Configuring the access point

Now to configure hostap. Edit /etc/hostapd/hostapd.conf (it may not already exist but this will create it anyway) to look like this:


The settings are pretty obvious, ‘driver’ being the only exception. Just leave it as it is but change the other values as you see fit, though these should do for an initial test. One thing to bear in mind is that hostapd seems to be very literal about reading its configuration file so make sure you have no trailing spaces on the end of any lines! Restart the hostapd service with:

$ service hostapd restart

All being well you should now see ‘test’ as a wireless network, though a little more work needs to be done to connect to it yet.

Configuring the DHCP server

The final step is to configure dnsmasq so you can obtain an IP address from your new Pi-point. Edit your /etc/dnsmasq.conf file to look like this:

# Never forward plain names (without a #dot or domain part)

# Only listen for DHCP on wlan0

# create a domain if you want, comment #it out otherwise

# Create a dhcp range on your /24 wlan0 #network with 12 hour lease time

# Send an empty WPAD option. This may be #REQUIRED to get windows 7 to behave.

Remember to change the dhcp-range option for the network IP range you’re using. If you’re having problems with Windows 7 machines then try uncommenting the last line. For the configuration to take effect, restart dnsmasq by typing:

$ service dnsmasq restart

Now you should be able to connect to your new Pi-point and get a proper IP address from it.

Now your Pi-point is up and running there’s a few things to take care of. You’ll probably have noticed that you can’t load Google or anything else. That’s because although you can connect to the Pi-point and get an IP address from it, it is not yet routing your requests across your network and out onto the internet. We’ll address this next.

Configure the network routing

The first thing you need to do is to allow forwarding in the Pi-point. This is achieved by issuing the following command to turn on forwarding:

$ echo 1 > /proc/sys/net/ipv4/ip_forward

(N.B. you can also permanently set the ip_forward value as a one-off in /etc/sysctl.conf by uncommenting the appropriate line). Now your Pi-point is forwarding packets you need it to provide NAT between your WiFi network and your main network which is attached to the internet:

$ iptables -t nat -A POSTROUTING -j MASQUERADE

You should now have a working Pi-point which will allow users to connect wirelessly and use the internet via your internet connection!

Making sure it reboots as a working access point

To ensure your Pi-point works from a reboot (remember you’ve done all this inside your current login session with console commands) you’ll need to create a run file to turn on forwarding, NAT and run hostapd at boot time. Create a file /etc/init.d/pipoint with these contents. Keep all the commented lines as these are used by the startup processes:

# Configure Wifi Access Point.
# Provides:          WifiAP
# Required-Start:    $remote_fs $syslog 
# Required-Stop:     $remote_fs $syslog $time
# Should-Start:      $network $named slapd autofs ypbind nscd nslcd
# Should-Stop:       $network $named slapd autofs ypbind nscd nslcd
# Default-Start:     2
# Default-Stop:
# Short-Description: Wifi Access Point configuration

# Description:       Sets forwarding, starts hostap, enables NAT in iptables

# turn on forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# enable NAT
iptables -t nat -A POSTROUTING -j MASQUERADE

# start the access point
hostapd -B /etc/hostapd/hostapd.conf

Next make the script executable with:

$ chmod +x /etc/init.d/pipoint

Next add the script to the startup sequence using:

$ update-rc.d pipoint start 99 2

This should ensure your Pi-point will reboot as a functioning WiFi access point.

Where next?

You could try installing SQUID proxy to reduce bandwidth from WiFi users across your network. You could even use a Pi-point in place of buying a WiFi router, in order to to create a private gaming network unconnected to your main LAN which game players (e.g. Minecraft) could connect to as an isolated wireless network.

About the Author

Guy Eastwood is a web development professional (most of the time these days) and Open Source advocate, having cut his teeth on pretty much everything from ZX81 BASIC to Sharc Assembler DSP audio plugins for sound cards. He fills spare time mucking about with Android stuff, Raspberry Pi configurations, Playstation 3 and doing as he’s told (promptly) by his culinary genius wife.

For further details visit