Transform Your Linux Machine into a Seamless Wi-Fi Router: Achieving Same Subnet AP with nmcli

At revWhiteShadow, we understand the intricate desire to optimize your network infrastructure. Many users find themselves in a position where their Linux machine, equipped with both wired Ethernet and wireless capabilities, could serve as an efficient gateway. Specifically, the goal is to create a Wi-Fi access point (AP) that allows connected clients to reside on the same subnet as your existing wired connection. This configuration effectively transforms your computer into a wireless-to-Ethernet router, enabling seamless communication between devices connected wirelessly and those on your main wired network. We delve deep into achieving this, focusing on the powerful command-line tool, nmcli, and addressing the common challenge of default subnet allocation.

Understanding the Network Challenge: Default Subnetting and Seamless Integration

When you initiate a Wi-Fi access point on a Linux system using nmcli with a command similar to nmcli device wifi hotspot con-name Wifi_AP_pcie ifname wlan0 ssid MirrorNET password superstrongpassword, the NetworkManager often assigns a new, isolated subnet to this Wi-Fi network. Typically, this subnet falls within the 10.42.x.y range, or a similar private IP address space. While this creates a functional Wi-Fi network, it segregates devices connecting to this AP from your primary wired network. This segregation prevents direct communication and file sharing between devices on the Wi-Fi AP and those on your wired LAN, defeating the purpose of emulating a wifi-eth router box.

The core of the problem lies in how NetworkManager, by default, manages DHCP and IP address allocation for newly created hotspots. It creates a virtual bridge or a separate network interface for the Wi-Fi AP and assigns it its own independent IP range. To achieve your objective of placing Wi-Fi clients on the same subnet as your wired connection, we need to override this default subnet assignment and configure the Wi-Fi AP to operate within your existing wired network’s IP range.

Leveraging nmcli for Advanced Wi-Fi Access Point Configuration

nmcli (NetworkManager Command-Line Interface) is an incredibly versatile tool for managing network connections on Linux. While the basic hotspot command is straightforward, achieving advanced configurations like placing the AP on an existing subnet requires a deeper understanding of its capabilities. We will explore the specific parameters and settings within nmcli that allow us to custom-configure the Wi-Fi access point.

The key to this entire operation is to ensure that the Wi-Fi access point, when active, is not creating a new, isolated network. Instead, it should be logically integrated into your existing wired network, allowing devices to obtain IP addresses from the same DHCP server (or be manually assigned IPs within the same range) as your wired devices.

Identifying Your Wired Network’s Subnet and Gateway

Before we can configure the Wi-Fi AP to join your wired subnet, we must first identify the essential details of your wired connection. This includes:

  • Wired Interface Name: This is typically eth0, enpXsY, or similar. You can find this using ip a or nmcli connection show.
  • IP Address of the Wired Interface: The IP address currently assigned to your computer on the wired network.
  • Subnet Mask: This defines the network portion of your IP address, e.g., 255.255.255.0 or /24.
  • Gateway IP Address: The IP address of your router on the wired network, which facilitates communication with external networks.

You can obtain this information by running the following commands:

ip a
nmcli connection show --active

Look for the connection that corresponds to your wired Ethernet interface. Note down the IP address and subnet mask. For instance, if your wired interface is eth0 and it has an IP address of 192.168.1.100 with a subnet mask of 255.255.255.0, your wired network’s subnet is 192.168.1.0/24.

Creating a Custom Wi-Fi AP Connection Profile

The most robust way to achieve this is by creating a new nmcli connection profile specifically for your Wi-Fi access point, rather than relying solely on the quick hotspot command. This allows for more granular control over every aspect of the connection.

We will define the Wi-Fi AP connection to utilize a static IP address on your existing wired subnet. This static IP will be assigned to the Wi-Fi interface (wlan0 in our example) when the AP is active.

Here’s a step-by-step process:

Step 1: Identify Your Wireless Interface

Ensure your wireless interface is recognized by NetworkManager. You can list all network devices with:

nmcli dev status

Look for your wireless interface, commonly named wlan0.

Step 2: Define the Wi-Fi AP Connection using nmcli

We will create a new connection profile with specific settings. We need to tell nmcli to use a static IP address and to essentially bridge or route traffic within your existing wired network. This is where the nuance lies. Instead of creating a new DHCP server for the Wi-Fi AP, we are essentially extending the existing wired network’s IP addressing scheme to the wireless clients.

The command structure will involve defining the connection type, specifying the wireless interface, setting the SSID and password, and crucially, assigning a static IP address from your wired subnet.

Let’s assume your wired network uses the 192.168.1.0/24 subnet and your router’s IP is 192.168.1.1. We’ll assign a static IP to our Wi-Fi AP from this range, for example, 192.168.1.200. It’s critical to choose an IP address that is not currently in use by any other device on your wired network.

Here’s the nmcli command to create this specific connection profile:

nmcli connection add type wifi con-name Wifi_AP_SameSubnet ifname wlan0 ssid MirrorNET mode ap autoconnect no wifi-sec.key-mgmt wpa-psk wifi-sec.psk superstrongpassword ipv4.method manual ipv4.addresses 192.168.1.200/24 ipv4.gateway 192.168.1.1 ipv4.dns 192.168.1.1

Let’s break down this command:

  • nmcli connection add type wifi: This command initiates the creation of a new Wi-Fi connection profile.
  • con-name Wifi_AP_SameSubnet: This assigns a descriptive name to our new connection profile.
  • ifname wlan0: Specifies the wireless network interface to be used for the access point.
  • ssid MirrorNET: Sets the network name (SSID) for your Wi-Fi access point.
  • mode ap: Configures the interface to operate in access point mode.
  • autoconnect no: Prevents this connection from automatically activating on boot or when the device is available. We will activate it manually.
  • wifi-sec.key-mgmt wpa-psk: Specifies the security protocol (WPA-PSK for WPA2/WPA3 Personal).
  • wifi-sec.psk superstrongpassword: Sets the password for your Wi-Fi access point. Replace superstrongpassword with a strong, unique password.
  • ipv4.method manual: This is the crucial part. It tells NetworkManager to use a static IP address configuration for IPv4.
  • ipv4.addresses 192.168.1.200/24: This is where you define the static IP address and subnet mask for your Wi-Fi AP. It must be within your wired network’s subnet and not conflict with other devices. The /24 denotes the subnet mask (equivalent to 255.255.255.0).
  • ipv4.gateway 192.168.1.1: Sets the default gateway for devices connecting to this AP. This should be your main router’s IP address on the wired network.
  • ipv4.dns 192.168.1.1: Specifies the DNS server. In most home network setups, your router acts as the DNS server, so using its IP here is appropriate.

Step 3: Activate the Wi-Fi Access Point

Once the connection profile is created, you can activate it:

nmcli connection up Wifi_AP_SameSubnet

Now, your wlan0 interface should be broadcasting the MirrorNET SSID with the specified password. Devices connecting to this network will receive the static IP address 192.168.1.200 (as configured in ipv4.addresses), use 192.168.1.1 as their gateway and DNS server, and most importantly, they will be on the same subnet as your wired devices.

Step 4: Ensuring Network Connectivity (IP Forwarding and NAT)

While assigning the static IP places clients on the same subnet, ensuring they can actually access the internet and other devices on your wired network often requires IP forwarding and potentially Network Address Translation (NAT), depending on your exact network topology and security needs.

Enabling IP Forwarding:

To allow your Linux machine to route traffic between its wireless interface and its wired interface (and thus to the internet via the wired connection), you need to enable IP forwarding.

  1. Edit sysctl.conf: Open the /etc/sysctl.conf file with a text editor (e.g., sudo nano /etc/sysctl.conf).
  2. Uncomment or Add the following line:
    net.ipv4.ip_forward=1
  3. Apply the changes: You can apply the changes immediately without rebooting by running:
    sudo sysctl -p

This setting tells the kernel that it’s allowed to forward IP packets.

Configuring NAT (Network Address Translation):

In most scenarios where your Linux machine is acting as a router, you’ll need NAT to translate the private IP addresses of your Wi-Fi clients to the IP address of your wired interface when they access the internet. This allows multiple devices on your private Wi-Fi network to share a single public IP address. iptables is the standard tool for this.

We’ll use iptables to set up a masquerading rule. This rule will automatically use the IP address of the outgoing interface (your wired connection’s IP) for the translation.

First, identify your wired interface name again (e.g., eth0) and your wireless interface name (e.g., wlan0).

# Replace eth0 with your wired interface and wlan0 with your wireless interface
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

Explanation of iptables rules:

  • sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: This rule is added to the nat table, in the POSTROUTING chain. It says that for any packet going out through the eth0 interface, masquerade its source IP address. This effectively makes the packets appear as if they are coming from your computer’s wired IP address.
  • sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT: This rule is in the filter table’s FORWARD chain. It allows packets to be forwarded from the wlan0 interface to the eth0 interface.
  • sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT: This rule allows established and related connections to be forwarded back from the eth0 interface to the wlan0 interface, enabling responses to reach the Wi-Fi clients.

Making iptables Rules Persistent:

The iptables rules you set are not persistent across reboots by default. To make them permanent, you can use the iptables-persistent package.

  1. Install iptables-persistent:

    sudo apt update
sudo apt install iptables-persistent

    During installation, it will ask if you want to save the current IPv4 and IPv6 rules. Choose “Yes”.

  2. Save rules manually (if needed): If you’ve made changes and want to save them:

    sudo netfilter-persistent save

By combining the static IP configuration with IP forwarding and NAT, you’ve effectively created a Wi-Fi access point that is seamlessly integrated into your existing wired subnet. Devices connecting to your MirrorNET SSID will obtain an IP address in the same range as your wired devices, allowing them to communicate directly and access resources as if they were connected via Ethernet.

Considerations for DHCP and IP Address Management

When you assign a static IP to your Wi-Fi AP’s connection profile (192.168.1.200 in our example), you are essentially taking that IP out of the pool of available addresses that your main router’s DHCP server might assign. This is generally a good thing, as it ensures your AP has a fixed IP.

However, the Wi-Fi clients themselves will not be getting their IPs from your main router’s DHCP server in this setup. Instead, they will either get an IP address that you statically configure for them, or if you want them to get dynamic IPs from your existing wired subnet’s DHCP server, you would need a more complex setup involving bridging.

Scenario A: Static IP for Wi-Fi Clients (Simpler, less dynamic)

If you only have a few devices connecting to your AP and you know their MAC addresses, you could assign static IPs to them manually within your wired subnet’s range. This is less convenient for many users.

Scenario B: Using your Existing DHCP Server (Requires Bridging)

For a true emulation of a router where clients get dynamic IPs from your existing DHCP server, you would typically need to bridge your wireless interface (wlan0) with your wired interface (eth0). This makes both interfaces appear as a single network interface to the rest of the network.

Bridging is a more advanced configuration and can sometimes be trickier to set up correctly with NetworkManager and Wi-Fi adapters, especially with AP mode. The nmcli command for creating a bridge would look something like this, but it needs careful consideration of the stp, forward-delay, and associated slave interfaces.

# Example of creating a bridge (advanced, may require further configuration)
nmcli connection add type bridge con-name br0 ifname br0 stp no
nmcli connection add type bridge-slave ifname wlan0 master br0 con-name wlan0-slave
nmcli connection add type bridge-slave ifname eth0 master br0 con-name eth0-slave
nmcli connection modify br0 ipv4.method auto # Or manual if your wired connection uses static IP
nmcli connection up br0
nmcli connection up wlan0-slave
nmcli connection up eth0-slave

However, the direct static IP assignment method for the AP, coupled with IP forwarding and NAT, is often simpler to implement with nmcli and provides the desired effect of clients being on the same subnet and accessing the internet. The key is that the IP address assigned to the AP itself (e.g., 192.168.1.200) is on the same subnet as your wired devices. The IP addresses that Wi-Fi clients get are then assigned by the system running the AP. In our static IP nmcli setup, the clients get IPs based on what the AP is configured to provide or what the system itself assigns.

If you want Wi-Fi clients to receive IP addresses from your main router’s DHCP server, you would typically configure your Linux machine’s Wi-Fi AP connection to bridge the wireless interface to the wired interface. This effectively makes the wireless clients appear directly on the wired network, and thus, they will be served by the wired network’s DHCP server.

However, the static IP method described earlier is what allows the AP to have an IP on your subnet and act as a gateway. The clients connecting to it will then be assigned IPs by the AP’s own internal DHCP server (if it has one enabled, which nmcli does by default when creating an AP and not bridging). These client IPs will be in the 10.42.x.y range unless you explicitly configure the AP to use a different IP range for its DHCP server or, as we’ve done here, made the AP itself a static IP on your existing subnet, thereby allowing it to route traffic.

The goal is to have the devices connected to the AP be on the same subnet as your wired connection. The method described with static IP for the AP and NAT/forwarding achieves this through routing. The Wi-Fi clients will appear to be on the same logical subnet because they are routed correctly.

Troubleshooting Common Issues

When setting up a custom Wi-Fi access point, encountering issues is common. Here are some troubleshooting steps:

  • No Internet Access for Wi-Fi Clients:

    • Check IP Forwarding: Ensure net.ipv4.ip_forward=1 is set and applied.
    • Verify NAT Rules: Double-check your iptables rules, especially the -o interface (your wired interface) and the MASQUERADE target.
    • DNS Issues: Confirm that the DNS server specified in your nmcli connection profile is correct and accessible.
    • Firewall: Ensure your main firewall (if you have one beyond iptables) isn’t blocking traffic.

  • Wi-Fi Clients Cannot See Wired Devices:

    • Subnet Mismatch: Verify that the static IP address assigned to your Wifi_AP_SameSubnet connection profile is within the correct subnet of your wired network.
    • Gateway Configuration: Ensure the gateway IP is correctly set to your main router’s IP address.
    • Bridging vs. Routing: If you need direct peer-to-peer communication without NAT, a bridging setup might be necessary, though it’s more complex. The routing setup described here is typically sufficient for internet access and access to the gateway.

  • Connection Drops or Instability:

    • Driver Issues: Ensure your wireless card drivers are up-to-date.
    • Power Management: Sometimes, aggressive power saving can affect Wi-Fi performance. You might need to disable Wi-Fi power management.
    • Conflicting NetworkManager Services: Ensure no other network management tools are interfering.

  • nmcli connection up Fails:

    • Syntax Errors: Carefully review the nmcli connection add command for any typos or incorrect syntax.
    • Interface Names: Make sure wlan0 and your wired interface names are correct.

Conclusion: Achieving a Unified Network Experience

By meticulously configuring your Wi-Fi access point using nmcli with a static IP address from your existing wired subnet, and by enabling IP forwarding and NAT, you can effectively transform your Linux machine into a powerful wifi-eth router. This setup allows devices connecting wirelessly to enjoy seamless access to your wired network resources and the internet, all while residing on the same logical IP subnet. This level of network control provides an elegant solution for extending your network’s reach and facilitating inter-device communication, all managed efficiently through the command line. At revWhiteShadow, we are committed to empowering you with the knowledge to optimize your network for maximum utility and performance. This detailed approach ensures that you can successfully emulate a dedicated router, bridging the gap between your wired and wireless worlds.