Forward ports over hostapd?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1












I'm running this project for creating access points which is built on top of hostapd.



Running this works as expected, my ethernet connection is available as wifi:



sudo create_ap wlan0 eth0 wifiname


I was hoping that port 80 on my host machine would automatically be exposed to the client but it isn't.



How can I create a hostapd hotspot that exposes port 80? I'm thinking I might need to use iptables or dnsmasq but I'm not sure.



I'm using the project linked as a starting point but my main goal is to broadcast a port over a wifi-hot spot.



Update: I found that by default the host is available at IP 192.168.12.1. I'm now looking for a way to forward all (or at minimum localhost) traffic on the hotspot to this IP.



But I still need to be able to resolve other domains on the host itself.




iptables nat dnsmasq wifi-hotspot hostapd




share|improve this question


















  • 1




    You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
    – NarÅ«nasK
    Oct 20 '17 at 13:39










  • I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
    – Arpit Agarwal
    Oct 28 '17 at 19:43














up vote
1
down vote

favorite
1












I'm running this project for creating access points which is built on top of hostapd.



Running this works as expected, my ethernet connection is available as wifi:



sudo create_ap wlan0 eth0 wifiname


I was hoping that port 80 on my host machine would automatically be exposed to the client but it isn't.



How can I create a hostapd hotspot that exposes port 80? I'm thinking I might need to use iptables or dnsmasq but I'm not sure.



I'm using the project linked as a starting point but my main goal is to broadcast a port over a wifi-hot spot.



Update: I found that by default the host is available at IP 192.168.12.1. I'm now looking for a way to forward all (or at minimum localhost) traffic on the hotspot to this IP.



But I still need to be able to resolve other domains on the host itself.




iptables nat dnsmasq wifi-hotspot hostapd




share|improve this question


















  • 1




    You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
    – NarÅ«nasK
    Oct 20 '17 at 13:39










  • I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
    – Arpit Agarwal
    Oct 28 '17 at 19:43












up vote
1
down vote

favorite
1









up vote
1
down vote

favorite
1






1





I'm running this project for creating access points which is built on top of hostapd.



Running this works as expected, my ethernet connection is available as wifi:



sudo create_ap wlan0 eth0 wifiname


I was hoping that port 80 on my host machine would automatically be exposed to the client but it isn't.



How can I create a hostapd hotspot that exposes port 80? I'm thinking I might need to use iptables or dnsmasq but I'm not sure.



I'm using the project linked as a starting point but my main goal is to broadcast a port over a wifi-hot spot.



Update: I found that by default the host is available at IP 192.168.12.1. I'm now looking for a way to forward all (or at minimum localhost) traffic on the hotspot to this IP.



But I still need to be able to resolve other domains on the host itself.




iptables nat dnsmasq wifi-hotspot hostapd




share|improve this question














I'm running this project for creating access points which is built on top of hostapd.



Running this works as expected, my ethernet connection is available as wifi:



sudo create_ap wlan0 eth0 wifiname


I was hoping that port 80 on my host machine would automatically be exposed to the client but it isn't.



How can I create a hostapd hotspot that exposes port 80? I'm thinking I might need to use iptables or dnsmasq but I'm not sure.



I'm using the project linked as a starting point but my main goal is to broadcast a port over a wifi-hot spot.



Update: I found that by default the host is available at IP 192.168.12.1. I'm now looking for a way to forward all (or at minimum localhost) traffic on the hotspot to this IP.



But I still need to be able to resolve other domains on the host itself.





iptables nat dnsmasq wifi-hotspot hostapd





share|improve this question













share|improve this question




share|improve this question








edited Oct 24 '17 at 13:43

























asked Oct 20 '17 at 13:31









Philip Kirkbride

2,2972470




2,2972470







  • 1




    You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
    – NarÅ«nasK
    Oct 20 '17 at 13:39










  • I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
    – Arpit Agarwal
    Oct 28 '17 at 19:43












  • 1




    You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
    – NarÅ«nasK
    Oct 20 '17 at 13:39










  • I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
    – Arpit Agarwal
    Oct 28 '17 at 19:43







1




1




You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
– NarÅ«nasK
Oct 20 '17 at 13:39




You must bind the port to appropriate device (presumably wlan0). If you need it open on eth0 too - iptables / nftables is your answer.
– NarÅ«nasK
Oct 20 '17 at 13:39












I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
– Arpit Agarwal
Oct 28 '17 at 19:43




I just tried your script and it worked fine. I created hotspot on my laptop and connected my phone to it. Started a server on 443. In phone, opening https://192.168.12.1 worked as expected.
– Arpit Agarwal
Oct 28 '17 at 19:43










2 Answers
2






active

oldest

votes

















up vote
0
down vote













You cannot do that via hostapd because port 80 is at Layer4 of ISO/OSI stack, APs work at Layer2. So you need to identify your IP connected via WIFI and work with IPTABLES for that IP






share|improve this answer



























    up vote
    0
    down vote



    accepted










    I was able to get the behavior I wanted using dnsmasq. Originally I was confused because I was adding the following to the default dnsmasq.conf location:



    address=/#/192.168.12.1


    It should forward all traffic to the IP 192.168.12.1 but I found it wasn't working.



    Later on while running top with the program running I found that create_ap had called dnsmasq but with a custom dnsmasq.conf in a /tmp/ folder.



    Reading through the source I found this snippet:



     MTU=$(get_mtu $INTERNET_IFACE)
     [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,$MTU" >> $CONFDIR/dnsmasq.conf
     [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
     [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=$ADDN_HOSTS" >> $CONFDIR/dnsmasq.conf
     if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then
     cat << EOF >> $CONFDIR/dnsmasq.conf
    address=/#/$GATEWAY


    Inside that statement I added the following line to add my configuration to the temporary dnsmasq file:



    echo "address=/#/$GATEWAY" >> $CONFDIR/dnsmasq.conf


    After adding that any http address on the AP was forwarding to 192.168.12.1 the browser automatically assumes port 80 when one isn't provided so that became a non-issue.






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f399343%2fforward-ports-over-hostapd%23new-answer', 'question_page');

      );

      Post as a guest

















      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      You cannot do that via hostapd because port 80 is at Layer4 of ISO/OSI stack, APs work at Layer2. So you need to identify your IP connected via WIFI and work with IPTABLES for that IP






      share|improve this answer
























        up vote
        0
        down vote













        You cannot do that via hostapd because port 80 is at Layer4 of ISO/OSI stack, APs work at Layer2. So you need to identify your IP connected via WIFI and work with IPTABLES for that IP






        share|improve this answer






















          up vote
          0
          down vote










          up vote
          0
          down vote









          You cannot do that via hostapd because port 80 is at Layer4 of ISO/OSI stack, APs work at Layer2. So you need to identify your IP connected via WIFI and work with IPTABLES for that IP






          share|improve this answer












          You cannot do that via hostapd because port 80 is at Layer4 of ISO/OSI stack, APs work at Layer2. So you need to identify your IP connected via WIFI and work with IPTABLES for that IP







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Oct 27 '17 at 15:35









          Federi

          44311229




          44311229






















              up vote
              0
              down vote



              accepted










              I was able to get the behavior I wanted using dnsmasq. Originally I was confused because I was adding the following to the default dnsmasq.conf location:



              address=/#/192.168.12.1


              It should forward all traffic to the IP 192.168.12.1 but I found it wasn't working.



              Later on while running top with the program running I found that create_ap had called dnsmasq but with a custom dnsmasq.conf in a /tmp/ folder.



              Reading through the source I found this snippet:



               MTU=$(get_mtu $INTERNET_IFACE)
               [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,$MTU" >> $CONFDIR/dnsmasq.conf
               [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
               [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=$ADDN_HOSTS" >> $CONFDIR/dnsmasq.conf
               if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then
               cat << EOF >> $CONFDIR/dnsmasq.conf
              address=/#/$GATEWAY


              Inside that statement I added the following line to add my configuration to the temporary dnsmasq file:



              echo "address=/#/$GATEWAY" >> $CONFDIR/dnsmasq.conf


              After adding that any http address on the AP was forwarding to 192.168.12.1 the browser automatically assumes port 80 when one isn't provided so that became a non-issue.






              share|improve this answer
























                up vote
                0
                down vote



                accepted










                I was able to get the behavior I wanted using dnsmasq. Originally I was confused because I was adding the following to the default dnsmasq.conf location:



                address=/#/192.168.12.1


                It should forward all traffic to the IP 192.168.12.1 but I found it wasn't working.



                Later on while running top with the program running I found that create_ap had called dnsmasq but with a custom dnsmasq.conf in a /tmp/ folder.



                Reading through the source I found this snippet:



                 MTU=$(get_mtu $INTERNET_IFACE)
                 [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,$MTU" >> $CONFDIR/dnsmasq.conf
                 [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
                 [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=$ADDN_HOSTS" >> $CONFDIR/dnsmasq.conf
                 if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then
                 cat << EOF >> $CONFDIR/dnsmasq.conf
                address=/#/$GATEWAY


                Inside that statement I added the following line to add my configuration to the temporary dnsmasq file:



                echo "address=/#/$GATEWAY" >> $CONFDIR/dnsmasq.conf


                After adding that any http address on the AP was forwarding to 192.168.12.1 the browser automatically assumes port 80 when one isn't provided so that became a non-issue.






                share|improve this answer






















                  up vote
                  0
                  down vote



                  accepted







                  up vote
                  0
                  down vote



                  accepted






                  I was able to get the behavior I wanted using dnsmasq. Originally I was confused because I was adding the following to the default dnsmasq.conf location:



                  address=/#/192.168.12.1


                  It should forward all traffic to the IP 192.168.12.1 but I found it wasn't working.



                  Later on while running top with the program running I found that create_ap had called dnsmasq but with a custom dnsmasq.conf in a /tmp/ folder.



                  Reading through the source I found this snippet:



                   MTU=$(get_mtu $INTERNET_IFACE)
                   [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,$MTU" >> $CONFDIR/dnsmasq.conf
                   [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
                   [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=$ADDN_HOSTS" >> $CONFDIR/dnsmasq.conf
                   if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then
                   cat << EOF >> $CONFDIR/dnsmasq.conf
                  address=/#/$GATEWAY


                  Inside that statement I added the following line to add my configuration to the temporary dnsmasq file:



                  echo "address=/#/$GATEWAY" >> $CONFDIR/dnsmasq.conf


                  After adding that any http address on the AP was forwarding to 192.168.12.1 the browser automatically assumes port 80 when one isn't provided so that became a non-issue.






                  share|improve this answer












                  I was able to get the behavior I wanted using dnsmasq. Originally I was confused because I was adding the following to the default dnsmasq.conf location:



                  address=/#/192.168.12.1


                  It should forward all traffic to the IP 192.168.12.1 but I found it wasn't working.



                  Later on while running top with the program running I found that create_ap had called dnsmasq but with a custom dnsmasq.conf in a /tmp/ folder.



                  Reading through the source I found this snippet:



                   MTU=$(get_mtu $INTERNET_IFACE)
                   [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,$MTU" >> $CONFDIR/dnsmasq.conf
                   [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
                   [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=$ADDN_HOSTS" >> $CONFDIR/dnsmasq.conf
                   if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then
                   cat << EOF >> $CONFDIR/dnsmasq.conf
                  address=/#/$GATEWAY


                  Inside that statement I added the following line to add my configuration to the temporary dnsmasq file:



                  echo "address=/#/$GATEWAY" >> $CONFDIR/dnsmasq.conf


                  After adding that any http address on the AP was forwarding to 192.168.12.1 the browser automatically assumes port 80 when one isn't provided so that became a non-issue.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 1 '17 at 15:23









                  Philip Kirkbride

                  2,2972470




                  2,2972470



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f399343%2fforward-ports-over-hostapd%23new-answer', 'question_page');

                      );

                      Post as a guest
































































                      -

                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Image
                      Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
                      Read more

                      Bahrain

                      Image
                      For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
                      Read more

                      Postfix configuration issue with fips on centos 7; mailgun relay

                      Image
                      Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
                      Read more