Internet Sharing Script

Shares an internet connection from one network interface to another by turning the destination interface into a Wi-Fi access point. Configures IP forwarding, NAT via iptables, DHCP via dnsmasq, and creates a WPA2 AP with hostapd.

Requirements

Tool	Purpose
hostapd	Wi-Fi access point
dnsmasq	DHCP (with drop-in conf support)
iptables	NAT / packet forwarding
iw / ip	Interface management
rfkill	Unblock Wi-Fi adapter if needed
nmcli (NetworkManager)	Save and restore Wi-Fi connection state

sudo apt install dnsmasq hostapd rfkill network-manager iproute2 iptables

dnsmasq drop-in support

The script writes a drop-in file to /etc/dnsmasq.d/nic-sharing.conf and never modifies /etc/dnsmasq.conf. Ensure your dnsmasq configuration includes:

conf-dir=/etc/dnsmasq.d/,*.conf

This line is present and uncommented by default on Debian/Ubuntu. The script will warn at runtime if it cannot detect it.

Usage

sudo ./nic_sharing.sh on  <src_iface> <wifi_iface> --ssid <SSID> --pass <PASS> [options]
sudo ./nic_sharing.sh off <src_iface> <wifi_iface>

Argument	Description
on|off	Enable or disable sharing
<src_iface>	Interface with internet access (e.g. eth0, wg0, tun0)
<wifi_iface>	Wi-Fi interface to use as access point (e.g. wlan0)

Options (on only)

Option	Description	Default
--ssid <SSID>	Wi-Fi network name	required
--pass <PASSWORD>	WPA2 passphrase (8–63 chars)	required
--band <2.4|5>	Radio band	2.4
--channel <N>	Wi-Fi channel	6 (2.4 GHz) or 36 (5 GHz)
--dns <IP>	DNS server advertised to clients via DHCP	none
--domain <DOMAIN>	Search domain advertised to clients via DHCP	none

Examples

# Basic sharing — 2.4 GHz
sudo ./nic_sharing.sh on eth0 wlan0 --ssid "MyAP" --pass "MyPassword123"

# 5 GHz with custom DNS and search domain
sudo ./nic_sharing.sh on eth0 wlan0 \
  --ssid "MyAP" --pass "MyPassword123" \
  --band 5 --channel 36 \
  --dns 10.0.0.10 --domain corp.example.com

# Disable sharing and restore previous state
sudo ./nic_sharing.sh off eth0 wlan0

Behaviour

Enabling (on)

1. Validates the Wi-Fi interface and arguments.
2. Unblocks the Wi-Fi adapter if soft-blocked by rfkill.
3. Saves the current ip_forward value and the Wi-Fi connection state.
4. Disconnects the Wi-Fi interface from any active network.
5. Enables IP forwarding and adds NAT + FORWARD iptables rules.
6. Assigns 192.168.60.1/24 to the Wi-Fi interface.
7. Writes /etc/dnsmasq.d/nic-sharing.conf and restarts dnsmasq.
8. Writes /etc/hostapd/nic-sharing.conf and starts hostapd in background.

If any step fails, all changes are rolled back automatically.

Disabling (off)

1. Stops hostapd by PID (falls back to pkill if the PID file is absent).
2. Removes the dnsmasq drop-in and restarts dnsmasq.
3. Removes the iptables NAT and FORWARD rules.
4. Restores ip_forward to its value before on was run.
5. Flushes the Wi-Fi interface address and brings it down.
6. Reconnects the Wi-Fi interface if it was connected before on.
7. Clears the runtime state file.

Notes

• Passphrase security: the passphrase is passed as a command-line argument and will be visible in ps aux during the brief setup window. For higher-security environments consider reading it from an environment variable or a file.
• Subnet: the gateway address 192.168.60.1 and DHCP range 192.168.60.10–50 are hardcoded. Ensure they do not conflict with your existing network.
• 5 GHz support: requires a Wi-Fi adapter that supports AP mode on 5 GHz (hw_mode=a). Not all adapters or drivers support this. Check with iw phy and iw list.
• ip_forward: the script saves and restores the prior ip_forward value, so disabling sharing will not affect other active NAT or routing sessions.

Troubleshooting

# Check hostapd and dnsmasq logs
sudo journalctl -u hostapd
sudo journalctl -u dnsmasq

# Verify Wi-Fi adapter AP mode support
iw list | grep -A 10 "Supported interface modes"

# Inspect runtime state
cat /run/nic-sharing.state

License

MIT