View on GitHub

Raspberry Pi 3 as a Simple WiFi Access Point

Pi as a wifi bridge providing safe subnet to wifi and Ethernet



The Raspberry Pi 3 has a built in WiFi radio. This makes using it easier than ever. This guide will start with a basic Raspbian build, connected to a wired network, and add WiFi access point capabilities. I sometimes use this approach for building an IoT subnet.

Next up?

After reading this guide, you may be interested in reading:

Parts List

  • Raspberry Pi 3
  • 16GB (or larger) class 10 MicroSD card
  • Mini-USB power
  • Ethernet cable


Start with a Raspberry Pi image. This is an image saved after following the RPi Initial Setup Guide. This may be either a Lite image or a full desktop image.

  1. Write the image to the MicroSD.
  2. Connect Pi to your Internet
  3. Install dnsmasq and hostapd
  4. Configure wlan0
  5. Configure hostapd
  6. Configure dnsmasq
  7. Iptables forwarding
  8. Load, Test and Reboot
  9. Conclusion.


This guide mostly follows the guide from frillip. If this is not available, try this PDF version.

Write the image

Write the image to the MicroSD as described in the RPi Initial Setup Guide. Insert the MicroSD into the Pi and boot.

Connect Pi to your Internet

Use an Ethernet cable to connect the pi to the network. DHCP will assign the pi an IP address. Find the address of your pi from your network's DHCP server.

  • SSH to the pi at that IP address or yourpiname.local

Install dnsmasq and hostapd

More about dnsmasq and hostapd.

  • sudo apt-get update
  • sudo apt-get upgrade
  • sudo apt-get install dnsmasq hostapd

Configure wlan0

  • Inform dhcpd to ignore wlan0 by editing sudo nano /etc/dhcpcd.conf
    • To the end add denyinterfaces wlan0
    • This must be ABOVE any interface lines you may have added
  • Configure the wlan IP, sudo nano /etc/network/interfaces
    • the wlan0 section should be changed to:
allow-hotplug wlan0  
iface wlan0 inet static  
  • Restart dhcpcd with sudo service dhcpcd restart
  • Reload wlan0 with sudo ifdown wlan0; sudo ifup wlan0

Setup hostapd

  • sudo nano /etc/hostapd/hostapd.conf
    • add the following


# Use WPA2

# Change these to your choice
# This is the name of the network
# The network passphrase

TIP: If the passphrase is too short, hostapd won't start.

  • Now edit the default configuration, sudo nano /etc/default/hostapd
    • Replace #DAEMON_CONF="" with DAEMON_CONF="/etc/hostapd/hostapd.conf"

Configure dnsmasq

  • Rename the current configuration, sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
  • Create and edit the new configuration, sudo nano /etc/dnsmasq.conf
    • Add the following
interface=wlan0       # Use interface wlan0  
listen-address=   # Specify the address to listen on  
bind-interfaces      # Bind to the interface
server=       # Use Google DNS  
domain-needed        # Don't forward short names  
bogus-priv           # Drop the non-routed address spaces.  
dhcp-range=,,12h # IP range and lease time  

Iptables forwarding

IMPORTANT: This section is optional.

Forwarding is required if any devices connected to your this access point need to connect to the Internet. I do not forward for many IoT devices which I expect to act as an isolated network.

  • Enable IP Forwarding
    • sudo nano /etc/sysctl.conf at bottom add net.ipv4.ip_forward=1
    • sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
  • If you have not already completed Persistant iptables, do so now
  • Required View WiFi Access Point rule set to complete iptables setup

Load, Test and Reboot

Load the services and test availability, connection and forwarding.

  • sudo service hostapd start
  • sudo service dnsmasq start
  • Use any WiFi client to connect to your new rpi3 access point
  • Verify connection of various services such as SSH
  • If you chose IP Forwarding, verify that your connected device is able to connect to the Internet
  • Once you have verified everything, sudo reboot now
  • Retest everything with the rebooted pi


You now have a working WiFi access point which may be used to extend your wired network or as a hub for local IoT devices.