https://github.com/ogd09/nic_sharing
This Bash script enables and disables internet connection sharing on Linux by setting up a Wi-Fi access point. It configures `dnsmasq` for DHCP and optional DNS, adds NAT and forwarding rules with `iptables`, and ensures IP traffic is routed between a specified internet-connected interface and a Wi-Fi interface. When disabled, it restores original
https://github.com/ogd09/nic_sharing
bash-script dhcp dnsmasq forwarding hostapd hotspot internet-connection-sharing internet-sharing iptables linux nat network-routing temporary-network wi-fi-access-point
Last synced: about 1 month ago
JSON representation
This Bash script enables and disables internet connection sharing on Linux by setting up a Wi-Fi access point. It configures `dnsmasq` for DHCP and optional DNS, adds NAT and forwarding rules with `iptables`, and ensures IP traffic is routed between a specified internet-connected interface and a Wi-Fi interface. When disabled, it restores original
- Host: GitHub
- URL: https://github.com/ogd09/nic_sharing
- Owner: OGD09
- Created: 2024-11-05T20:43:23.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-12T10:52:08.000Z (over 1 year ago)
- Last Synced: 2025-02-21T22:30:44.296Z (over 1 year ago)
- Topics: bash-script, dhcp, dnsmasq, forwarding, hostapd, hotspot, internet-connection-sharing, internet-sharing, iptables, linux, nat, network-routing, temporary-network, wi-fi-access-point
- Language: Shell
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Internet Sharing Script
Shares an internet connection from one network interface to another by turning
the destination interface into a Wi-Fi access point. Configures IP forwarding,
NAT via `iptables`, DHCP via `dnsmasq`, and creates a WPA2 AP with `hostapd`.
## Requirements
| Tool | Purpose |
|---|---|
| `hostapd` | Wi-Fi access point |
| `dnsmasq` | DHCP (with drop-in conf support) |
| `iptables` | NAT / packet forwarding |
| `iw` / `ip` | Interface management |
| `rfkill` | Unblock Wi-Fi adapter if needed |
| `nmcli` (NetworkManager) | Save and restore Wi-Fi connection state |
```bash
sudo apt install dnsmasq hostapd rfkill network-manager iproute2 iptables
```
### dnsmasq drop-in support
The script writes a drop-in file to `/etc/dnsmasq.d/nic-sharing.conf` and
never modifies `/etc/dnsmasq.conf`. Ensure your dnsmasq configuration includes:
```
conf-dir=/etc/dnsmasq.d/,*.conf
```
This line is present and uncommented by default on Debian/Ubuntu. The script
will warn at runtime if it cannot detect it.
## Usage
```bash
sudo ./nic_sharing.sh on --ssid --pass [options]
sudo ./nic_sharing.sh off
```
| Argument | Description |
|---|---|
| `on\|off` | Enable or disable sharing |
| `` | Interface with internet access (e.g. `eth0`, `wg0`, `tun0`) |
| `` | Wi-Fi interface to use as access point (e.g. `wlan0`) |
### Options (`on` only)
| Option | Description | Default |
|---|---|---|
| `--ssid ` | Wi-Fi network name | required |
| `--pass ` | WPA2 passphrase (8–63 chars) | required |
| `--band <2.4\|5>` | Radio band | `2.4` |
| `--channel ` | Wi-Fi channel | `6` (2.4 GHz) or `36` (5 GHz) |
| `--dns ` | DNS server advertised to clients via DHCP | none |
| `--domain ` | Search domain advertised to clients via DHCP | none |
### Examples
```bash
# Basic sharing — 2.4 GHz
sudo ./nic_sharing.sh on eth0 wlan0 --ssid "MyAP" --pass "MyPassword123"
# 5 GHz with custom DNS and search domain
sudo ./nic_sharing.sh on eth0 wlan0 \
--ssid "MyAP" --pass "MyPassword123" \
--band 5 --channel 36 \
--dns 10.0.0.10 --domain corp.example.com
# Disable sharing and restore previous state
sudo ./nic_sharing.sh off eth0 wlan0
```
## Behaviour
### Enabling (`on`)
1. Validates the Wi-Fi interface and arguments.
2. Unblocks the Wi-Fi adapter if soft-blocked by `rfkill`.
3. Saves the current `ip_forward` value and the Wi-Fi connection state.
4. Disconnects the Wi-Fi interface from any active network.
5. Enables IP forwarding and adds NAT + FORWARD `iptables` rules.
6. Assigns `192.168.60.1/24` to the Wi-Fi interface.
7. Writes `/etc/dnsmasq.d/nic-sharing.conf` and restarts `dnsmasq`.
8. Writes `/etc/hostapd/nic-sharing.conf` and starts `hostapd` in background.
If any step fails, all changes are rolled back automatically.
### Disabling (`off`)
1. Stops `hostapd` by PID (falls back to `pkill` if the PID file is absent).
2. Removes the dnsmasq drop-in and restarts `dnsmasq`.
3. Removes the `iptables` NAT and FORWARD rules.
4. Restores `ip_forward` to its value before `on` was run.
5. Flushes the Wi-Fi interface address and brings it down.
6. Reconnects the Wi-Fi interface if it was connected before `on`.
7. Clears the runtime state file.
## Notes
- **Passphrase security**: the passphrase is passed as a command-line argument
and will be visible in `ps aux` during the brief setup window. For
higher-security environments consider reading it from an environment variable
or a file.
- **Subnet**: the gateway address `192.168.60.1` and DHCP range
`192.168.60.10–50` are hardcoded. Ensure they do not conflict with your
existing network.
- **5 GHz support**: requires a Wi-Fi adapter that supports AP mode on 5 GHz
(`hw_mode=a`). Not all adapters or drivers support this. Check with
`iw phy` and `iw list`.
- **ip_forward**: the script saves and restores the prior `ip_forward` value,
so disabling sharing will not affect other active NAT or routing sessions.
## Troubleshooting
```bash
# Check hostapd and dnsmasq logs
sudo journalctl -u hostapd
sudo journalctl -u dnsmasq
# Verify Wi-Fi adapter AP mode support
iw list | grep -A 10 "Supported interface modes"
# Inspect runtime state
cat /run/nic-sharing.state
```
## License
MIT