Debian Linux HowTo: Bridging WLAN to Ethernet for Access Point (Infrastructure Mode) for Android Phones

This blog post was published 10 years ago and may or may not have aged well. While reading please keep in mind that it may no longer be accurate or even relevant.

Many mobile devices, such as Android, unfortunately will NOT connect to an Ad-Hoc WiWi network, for reasons which are very well explained on this How-To Geek posting:

Many devices don’t support ad-hoc mode because of its limitations. Android devices, wireless printers, Google’s Chromecast, and a wide variety of other Wi-Fi-enabled devices don’t want to deal with the problems of ad-hoc networks and will refuse to connect to them, only connecting to networks in infrastructure mode.

There are basically 2 modes to operate a wireless network: “Ad-Hoc” and “Infrastructure” (the latter one also called “Access Point” or shorter “AP”) mode. Cheaper Wireless cards only support the Ad-Hoc mode, but do not support the AP mode.

So, I thought: Let’s just buy a WLAN card which supports the AP mode. I bought the Intel Centrino Advanced-N 6235 (Link to official Intel product page).

It is supported since Kernel version 3.2. I mounted it, and was planning to use the Network Manager of Debian Wheezy / Gnome 3 to quickly set up an AP Hotspot.

Easier said than done! Because even though there is an option to set “Infrastructure” mode, my Android phone still would not connect. It would simply write “Ad-Hoc Connecting” and stop there.

Network Manager in Debian Wheezy / Gnome3
Network Manager in Debian Wheezy / Gnome3 offering 'Infrastructure' mode which is not recognized by an Android smartphone, even though the network card supports AP and is fully supported by the Kernel.

After researching, it turned out that you need a dedicated user-space program for ‘driving’ the AP hardware contained in your network chip; it is called hostapd. It seems, you can’t do without it to solve this problem.

I found this blog which offered a bash script to automate the job, but it only worked for Ubuntu, and not for Debian due to different configuration files. I also found this little Qt program that made the wireless connection work for my phone, but disconnected my laptop from all networks. (It could have been my fault due to not understanding the issue enough, though…)

This blog did a good job in explaining what hostapd is and gives basic installation and configuration instructions. You should read the post in any event. However, the suggested final solution did not work for me. Yes, the phone would see the generated wireless network, would connect, but immediately disconnect. I have not found the reason for the failure, but it probably lies hidden in the complexity of the set-up which involves

  • a locally run DHCP and DNS server,
  • configuration of same,
  • and manual calls to iptables  (masquerading, forwarding, etc.) to route between eth0 and wlan0 devices

The author of this blog wrote a second post to avoid the locally run DHCP server in favor of re-using the DHCP server of the network (e.g. the modem) by using dnsmasq , which is yet another locally run server, only a bit simpler, but has to be configured also. I tried it to no avail. Same problem: phone would disconnect immediately.

Frustrated, I moved on.

Then I found this blog which brought up a new idea: the concept of bridging between network interfaces instead of iptables forwarding, which — and this is the good news — is supported ‘natively’ by hostapd and the Linux networking configured by /etc/network/interfaces.

However, this solution still did not work for me. After modifying /etc/network/interfaces accordingly, I managed to mess my internet connection up. Setting up a bridge between Ethernet and Wireless is not that trivial! Even the official Debian Wiki BridgeNetworkConnections would not give working results for my case.

So, I started crossreferencing between other solutions and finally came up with the following sequence of commands that worked for me on my pretty standard Debian Wheezy laptop with one ethernet adapter (eth0) and the above mentioned Intel network adapter (wlan1).

You only need to install 2 packages (bridge-utils and hostapd). With my method, there is no need for a locally installed DHCP or DNS server, and no need to modify the /etc/network/interfaces file. There is no requirement to permanently make changes to your network configuration. In an emergency (if you are stuck somehow), a reboot will reset your network configuration to the defaults. Devices connected to your newly created wireless network will be served by the DHCP and DNS server specified in your router/modem. Your mobile phone will be a regular and equal member of your LAN.

apt-get install bridge-utils

Next, remove the attached IP address from the Ethernet card eth0. Bridging will not work when an IP address is set.

ip addr flush dev eth0

Next, turn on IPv4 networking for your wireless card. This is necessary, otherwise one of the next steps will give the error “can’t add wlan1 to bridge br0: Operation not supported”.

iw dev wlan1 set 4addr on

Next, create the actual bridge br0 with the helper program brctl:

brctl addbr br0

Next, add a bridge between Ethernet and wireless. The order of the last two arguments is not important:

brctl addif br0 eth0 wlan1

Next, bring the newly created bridge up, as a virtual device:

ip link set dev br0 up

At this point, you will have lost your connection to your LAN/WAN. You have to set an IP address, netmask, router, etc. for the bridge. We do this via DHCP:

dhclient br0

Now you should be able to access the internet again.

So far so good. Now we have to create our actual wireless network in AP mode and use our Android phone to test it. Install hostapd:

apt-get install hostapd

Create a configuration file somewhere; I chose the location /etc/hostapd/my-wlan.conf . Make sure you have the right driver enabled for your card (see above mentioned blog for more info. n180211 should work in most cases):


#sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Setting to g ensures backward compatibility.

#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"

#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid

#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication

######Sets WPA and WPA2 authentication#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both

#sets wpa passphrase required by the clients to authenticate themselves on the network

#sets wpa key management

#sets encryption used by WPA

#sets encryption used by WPA2

(comments are thanks to above mentioned blog)

Now, start hostapd with this configuration file as the only argument:

hostapd /etc/hostapd/my-wlan.conf

Now take your Android phone, enable WIFI, wait for the network mynetwork to appear, connect to it, enter the password “hackme”, open up a browser and see if it works. Make sure that Wireless is turned on in your Network Manager:

Otherwise you will get the following messages:

rfkill: WLAN soft blocked
Could not set interface mon.wlan1 flags: Operation not possible due to RF-kill
nl80211: Failed to set interface wlan1 into AP mode

To roll back everything, we can do:

ifconfig br0 down
brctl delbr br0
ifconfig eth0 down
ifconfig eth0 up

Only after that, we can turn of Wireless in Network Manager.

If you think you found a mistake in this blog post, or would like to suggest an improvement to this blog post, you can write me an e-mail to the address public dot michael at franzl dot name; as subject please use the prefix "Comment to blog post" and append the post title.
Copyright © 2023 Michael Franzl