Gentoo Wiki


We will build an access point under GNU/Linux. This is quite experimental and does not always work. If you are looking for something more stable you can use FreeBSD and this howto or OpenBSD. If you use a Ralink card, be sure to use the 2.6.26 kernel that has been released (not a release candidate) otherwise your computer would freeze (see [1] for more details).

Note: All the commands of this tutorial are run as root.



First we need to have a recent 2.6.26 kernel. Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

=sys-kernel/vanilla-sources-2.6.26 ~x86

Run the following commands to download the sources of the 2.6.26 kernel:

emerge --sync
emerge -av sys-kernel/vanilla-sources

Then patch the kernel to allow vlan access point modes ([2]) and refresh the symlink that points to the kernel:

cd /usr/src/
cp linux/.config old_config
rm linux
ln -s linux-2.6.26 linux
mv old_config linux/.config
cd linux
patch -p1 < 004-allow-ap-vlan-modes.patch

If the patch fails to download, browse to the directory LATEST and see if it has been renamed (it changes number in front of it from time to time).

To restore the configuration options of the old kernel, execute:

make oldconfig

Now you will need to install the new kernel.

make && make modules_install


Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

dev-libs/libnl ~x86

then type:

emerge -av dev-libs/libnl

Kernel Headers

You need at least the 2.6.26 version of the linux-headers package to be able to use the nl80211 driver in hostapd:

emerge -av ">=sys-kernel/linux-headers-2.6.26"


Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

net-wireless/hostapd ~x86

then emerge the newest version 0.6.x version of hostapd (>=0.6.4 since october 2008):

emerge -av =net-wireless/hostapd-0.6.*

Configuration of hostapd

edit the following line of /etc/conf.d/hostapd:


and make it match your interface name

then edit /etc/conf.d/net and add:

modules_wlan0=( "!iwconfig" "!wpa_supplicant" )
config_wlan0=( "" )

change it to your desired ip address but many routers uses so adding it as is is a good choice

then edit the following lined of your /etc/hostapd/hostapd.conf:


change it to your interface


be shure this to set nl80211


change it to your desired ssid


g is a good choice


change the channel to a free channel


change it to the ip address you have chosen before

then link your interface (if you haven't already done this):

cd /etc/init.d/
ln -s net.lo net.wlan0

then start hostapd:

/etc/init.d/hostapd start

you can also add it to be started automatically:

rc-update add hostapd default


type this command:

emerge -av dnsmasq

remplace /etc/dnsmasq.conf with by the following:

# filter what we send upstream

# allow /etc/hosts and dhcp lookups via *.lan


# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>

# other useful options:
# default route(s):
#    dns server(s):

the file don't need to be explained but read-ethers... read ethers permit you to assign static ip to certain mac address so edit /etc/ethers with entries like this:


and in order to give a dns name to this entry edit /etc/hosts and add an entry like this: Ralink

then in order to start your dnsmasq server at boot you need to run the following command:

/etc/init.d/dnsmasq start

if you want to add it at boot run:

rc-update add dnsmasq default

You can now test the wifi connection with any graphical tool(like NetworkManager in GNU/Linux or even test it with a Microsoft Windows computer). You can even try to ping a website but you will only get his IP and no response. That's because we didn't set up the NAT yet...

Note : In this example, we are using DNSmasq's integrated DHCP server. If you'd like more control over your DHCP configuration, see the DHCP article. In this case, you have to comment the lines dhcp-range and dhcp-authoritative in your dnsmasq.conf


install iptables if you don't have it:

emerge -av net-firewall/iptables

Run the following script in order to activate NAT and test your setup...

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables  -t  nat  -A  POSTROUTING  -o  ppp0 -j  MASQUERADE
iptables  -A  FORWARD -j  ACCEPT 
iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # /!\run this line only if you have ppp

then if you want to make it permanant:

net.ipv4.ip_forward = 0

to this line:

net.ipv4.ip_forward = 1

that will activate the ip_forwarding,then run the following commands:

/etc/init.d/iptables save
rc-update add iptables default

then if you don't want to save rules each times you shut down,inside /etc/conf.d/iptables change this line:


to this line:

Retrieved from ""

Last modified: Thu, 09 Oct 2008 11:12:00 +0000 Hits: 3,081