How to Create a WiFi Hotspot on Linux: A Complete Guide

Turning your Linux laptop or desktop computer into a fully-fledged WiFi access point isn't just a technical curiosity, it's often a vital necessity. Imagine a situation where you're on a business trip and your hotel has wired internet but no wireless router, or your main router suddenly fails and your mobile devices urgently need access to the global network. In such cases, the ability to quickly deploy hotspot on existing equipment becomes invaluable.

Modern Linux distributions offer powerful built-in tools that allow you to implement this feature without installing cumbersome third-party software. However, unlike Windows, where this option is often buried deep in settings or absent altogether, Linux gives you full control over network parameters, broadcast channels, and security protocols. This provides flexibility, but requires an understanding of how the operating system manages network interfaces.

In this article, we will examine in detail two main approaches: using a graphical interface NetworkManager for simple scripts and using the command line utility hostapd For advanced configurations. You'll learn how to bypass driver restrictions, set up encryption, and ensure a stable connection for your devices. A willingness to experiment and access to a terminal are all you need to get started.

📊 Which Linux distribution do you use most often?
Ubuntu
Debian
Fedora
Arch Linux
Another

Checking wireless adapter compatibility

Before you begin setting up, it is critical to ensure that your wireless adapter Supports Master mode (or AP mode). Not all Wi-Fi cards can broadcast a signal; many can only receive it. To test this capability, we'll use the utility iw, which is the de facto standard for managing wireless devices in Linux.

Open a terminal and enter the command to display information about supported interfaces. In the resulting list, find the section describing the device's capabilities. Look for the line containing the keyword AP or masterIf such an entry is missing, then, unfortunately, it won't be possible to convert this adapter into a router using software, and the hardware will need to be replaced.

⚠️ Note: Some proprietary drivers (especially for Broadcom cards) may incorrectly display supported modes or block access point creation. In such cases, it is recommended to use open-source drivers. ath9k or iwlwifi.

It's also worth considering that the frequency range may be limited when operating in access point mode. Older adapters may not support 5 GHz, operating exclusively in the congested 2.4 GHz band. Checking your hardware specifications will save you time troubleshooting later.

Setting up an access point via NetworkManager

The easiest and fastest way to distribute WiFi is to use a graphical interface NetworkManager, which is installed by default in most popular distributions, such as Ubuntu, Fedora, and Linux Mint. This method is ideal for temporary use and doesn't require extensive command line knowledge. Simply access the network settings from the system tray or control panel.

In the network connections menu, select the option to create a new connection and select the "Wi-Fi Hotspot" type. The system will automatically prompt you to configure the network name (SSID) and password. It's important to select a security method here. WPA2/WPA3 Personal, as open networks are unsafe for data transfer. After saving the settings, NetworkManager will attempt to activate the access point.

☑️ Check before launching a hotspot

Completed: 0 / 4

However, sometimes the graphical interface doesn't display the hotspot creation option, or the button is grayed out. This may be due to security policy or the lack of an active wired connection that the system is attempting to use as an internet source. In this case, you need to check the routing settings manually.

Using hostapd for professional setup

For users who require maximum control, or in cases where graphical utilities fail to cope, there is a utility hostapd (Host Access Point Daemon). This is a lightweight background process that allows you to turn a Linux machine into a fully-fledged, highly configurable access point. Installation is performed through your distribution's package manager, such as sudo apt install hostapd.

The main work is done in the configuration file, usually located at the path /etc/hostapd/hostapd.confHere you specify all parameters, from the interface name and channel frequency to encryption methods. Below is an example of the minimum configuration required to launch the network:

interface=wlan0

driver=nl80211

ssid=MyLinuxHotspot

hw_mode=g

channel=6

wmm_enabled=0

macaddr_acl=0

auth_algs=1

ignore_broadcast_ssid=0

wpa=2

wpa_passphrase=StrongPassword123

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

Pay attention to the parameter driverFor modern Linux kernels and wireless macro stacks cfg80211 the meaning is almost always used nl80211Using an outdated driver may cause startup errors. After configuring the file, you need to start the daemon and, if necessary, configure the DHCP server (e.g., dnsmasq) to distribute IP addresses to connecting clients.

Parameter Meaning Description
interface wlan0 Wireless interface name
ssid MyNetwork Your WiFi network name
channel 6 Broadcast channel (1-14 for 2.4 GHz)
wpa_passphrase Secret Password for connecting clients

Configuring DHCP and traffic routing

Creating an access point is only half the battle. For connected devices to access the internet, your Linux computer must be able to distribute IP addresses and forward data packets between interfaces. This is accomplished using a protocol called DHCP (Dynamic Host Configuration Protocol). Without it, devices will receive an address but won't know where the gateway is.

Most often in conjunction with hostapd use dnsmasq or NetworkManager's built-in DHCP server. You need to define a pool of addresses to be assigned to clients, for example, from 10.0.0.2 to 10.0.0.254. It's important that this range doesn't overlap with your main local network, if you have one, to avoid routing conflicts.

The key is enabling IP forwarding in the Linux kernel. This is a mechanism that allows packets arriving on one network interface (WiFi) to pass through another (Ethernet). To temporarily enable it, use the command:

sudo sysctl -w net.ipv4.ip_forward=1

⚠️ Warning: Network configuration changes may disrupt your current SSH connection or remote desktop access. Always have physical access to the console or a backup connection in case of a configuration error.

After enabling forwarding, you need to configure the rules iptables or nftables for address masquerading (NAT). This will hide your clients' internal addresses behind the computer's primary interface address. The command to add a masquerading rule typically looks like this: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE, Where eth0 - This is your interface with Internet access.

What to do if iptables is not working?

Newer Linux distributions (Ubuntu 20.04+, Debian 11+) may use the nftables backend by default instead of the classic iptables. If iptables commands don't work, try installing the iptables-nft package or use the nft utility directly to configure NAT rules.

Solutions to common problems and errors

Even with proper configuration, you may encounter a situation where the hotspot is created, but devices don't see the network or can't connect. One of the most common causes is incompatible security standards. Some older smartphones or IoT devices (smart light bulbs, sockets) may not support WPA3 or even certain WPA2 configurations. In such cases, compromises must be made and older, but compatible, protocols must be used.

Another common problem is a busy channel. If you live in an apartment building, the airwaves may be clogged with signals from your neighbors. Using the utility iwlist scanning or nmcli dev wifi list will help analyze channel load. Select the least congested channel (usually 1, 6, or 11 for the 2.4 GHz band) and explicitly specify it in the configuration, disabling automatic selection.

It's also worth mentioning the issue with power management. WiFi drivers often try to save power by disabling the adapter or reducing power, which leads to unstable access point operation. It's recommended to disable power saving mode for the wireless interface using the command:

sudo iw dev wlan0 set power_save off

Securing Your DIY Network

By turning your computer into a router, you take responsibility for the security of the traffic passing through. Using a weak password or outdated encryption WEP (which can be hacked in minutes) is unacceptable. Always choose WPA2-PSK (AES) or, if the equipment allows, WPA3This will ensure secure encryption of data between the client and your access point.

Another layer of protection is hiding the SSID (network name). While this isn't a complete security measure (special scanners will still see the network), it will protect you from accidental connections from nosy neighbors. In the configuration hostapd the parameter is responsible for this ignore_broadcast_ssid=1.

Remember that your computer is now the gateway for all connected devices. Make sure it has a firewall installed and updated (e.g., ufw), which restricts incoming connections from the external network, but allows traffic within the local subnet you create.

Frequently Asked Questions (FAQ)

Is it possible to share WiFi if the laptop is connected to the Internet via WiFi?

Technically, this is possible, but requires two wireless adapters or support for "concurrent AP/STA" mode on one adapter. Most standard cards can't simultaneously receive and broadcast Wi-Fi on the same frequency. It's easier to use an Ethernet cable or USB modem as an internet source.

Why do devices connect but say "No Internet access"?

Most likely, IP forwarding or NAT (masquerading) rules are not configured in iptables. Check if the command is enabled. net.ipv4.ip_forward=1 and is the interface with access to the global network specified correctly in the rule? MASQUERADE.

How to hide an access point from strangers?

To do this, you need to set the parameter in the hostapd configuration ignore_broadcast_ssid=1However, keep in mind that a hidden SSID is easily detected by sniffers, so this is only a measure to prevent "casual" users, not protection against hackers.

Which frequency range is better to choose: 2.4 GHz or 5 GHz?

The 2.4 GHz band has a longer range and penetrates walls better, but it's prone to noise. 5 GHz offers higher speeds and less interference, but its range is significantly shorter. The choice depends on your specific situation and the standards supported by your client devices.