Transforming a Linux system into a WiFi router
- IP forwarding opens the gate for the possibility of routing.
- The bridge collapses the wired and wireless interfaces into a single addressable domain.
- The nftables chains install policy at the FORWARD hook, deciding what passes and what drops.
- Conntrack feeds state information into those policy decisions, making simple rules work for complex traffic patterns.
- Masquerade hides the LAN behind the router’s public identity and keeps a translation table in memory.
- dnsmasq announces the router’s presence and hands every new client the information it needs to reach the outside world.
- hostapd converts a client-mode radio into an access point.