How to set up Alpine as a wireless router

From Alpine Linux
Revision as of 12:43, 3 January 2021 by Rickyrockrat (talk | contribs)
Jump to: navigation, search

Pi Zero W Wireless Router

This is a page to describe building a Wireless Access Point with two wired ethernet ports for building a home router that connects to the internet with one wired port, and internal Lan with the second wired port and the on-board WiFi.

The intent is to provide this:

                                    |<-->eth1 <-->| 
Internet <--> eth0 <-->FireWall<-->br0           Internal<--> ssh,bind,dhcp, with ssh reverse ssh connections.


I generally run Debian and when forced by Red Hot Irons, Red Hat. This is my first foray into Alpine. So far I am very impressed. I mirrored the 3.12 armhf repos so I had things local when I needed them. Word to the wise. That is 13G of apk files.
One *really* nice feature of Alpine is apk, the yum/apt replacement:

  • It is simple, short, and to the point.
  • The same tool provides *repo* level dependency reporting!
  • Install of single packages without repo signing (I never did get the signing correct, but I can install).


  • Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
  • make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
  • the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
  • untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G.
  • make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time.
  • install openssh, openssh-server, openssh-client, openssh-server-common,
  • install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools.
ssh config

The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup
AddressFamily inet
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowUsers Som123X Extern4524User
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no


apk notes:

  • Create and index and check dependencies on a list of apk files: apk index -o APKINDEX.unsigned.tar.gz *.apk
  • Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
  • remove a package: apk del iw
  • repository lists are in: /etc/apk/repositories
 * Local URL: /media/mmcblk0p1/apks
 * Remote URL:

FAT16/32 limits
Alpine Linux Bridge
Connect to wireless AP
dnsmasq listen restrictions
Disable IPV6
dnsmasq Docs
HostApd Docs
[rsync:// Alpine Repos]
Set Static DNS names
Reverse SSH tunnel

Pi Specific

Pi Wifi Repeater
WiFi Bridge
Alpine Install
PiZeroW Install
Classic Sys Install on Pi

Not Related, but Interesting

AP and Managed Mode

Package List

Put these in the apks/armhf directory on the 256M Fat partition:

iptables-1.8.4-r2.apk openssh-8.3_p1-r1.apk iptables-openrc-1.8.4-r2.apk openssh-client-8.3_p1-r1.apk abuild-3.6.0-r1.apk iw-5.4-r0.apk openssh-keygen-8.3_p1-r1.apk alpine-base-3.12.3-r0.apk kbd-bkeymaps-2.2.0-r2.apk openssh-server-8.3_p1-r1.apk alpine-baselayout-3.2.0-r7.apk libacl-2.2.53-r0.apk openssh-server-common-8.3_p1-r1.apk alpine-conf-3.9.0-r1.apk libattr-2.4.48-r0.apk openssh-sftp-server-8.3_p1-r1.apk alpine-keys-2.2-r0.apk libblkid-2.35.2-r0.apk openssl-1.1.1i-r0.apk alpine-mirrors-3.5.10-r0.apk libc-utils-0.7.2-r3.apk patch-2.7.6-r6.apk apk-tools-2.10.5-r1.apk libcap-2.27-r0.apk pcsc-lite-libs-1.8.26-r0.apk attr-2.4.48-r0.apk libcom_err-1.45.6-r0.apk pkgconf-1.7.2-r0.apk bash-5.0.17-r0.apk libcrypto1.1-1.1.1i-r0.apk ppp-atm-2.4.8-r2.apk bash-completion-2.10-r0.apk libcurl-7.69.1-r3.apk ppp-chat-2.4.8-r2.apk bonding-2.6-r4.apk libedit-20191231.3.1-r0.apk ppp-daemon-2.4.8-r2.apk bridge-1.5-r4.apk libev-4.33-r0.apk ppp-l2tp-2.4.8-r2.apk bridge-utils-1.6-r0.apk libgcc-9.3.0-r2.apk ppp-minconn-2.4.8-r2.apk busybox-1.31.1-r19.apk libmnl-1.0.4-r0.apk ppp-passprompt-2.4.8-r2.apk busybox-extras-1.31.1-r19.apk libnftnl-1.1.6-r0.apk ppp-passwordfd-2.4.8-r2.apk busybox-initscripts-3.2-r2.apk libnftnl-libs-1.1.6-r0.apk ppp-pppoe-2.4.8-r2.apk busybox-suid-1.31.1-r19.apk libnl3-3.5.0-r0.apk ppp-radius-2.4.8-r2.apk c-ares-1.16.1-r0.apk libpcap-1.9.1-r2.apk ppp-winbind-2.4.8-r2.apk ca-certificates-20191127-r4.apk libssl1.1-1.1.1i-r0.apk readline-8.0.4-r0.apk ca-certificates-bundle-20191127-r4.apk libstdc++-9.3.0-r2.apk scanelf-1.2.6-r0.apk chrony-3.5.1-r0.apk libtls-standalone-2.9.1-r1.apk signature.tar.gz chrony-openrc-3.5.1-r0.apk libusb-1.0.23-r0.apk ssl_client-1.31.1-r19.apk curl-7.69.1-r3.apk libuuid-2.35.2-r0.apk tar-1.32-r1.apk dbus-libs-1.12.18-r0.apk lzip-1.21-r0.apk tcpdump-4.9.3-r2.apk dnsmasq-2.81-r0.apk mii-tool-1.60_git20140218-r2.apk tree-1.8.0-r0.apk e2fsprogs-1.45.6-r0.apk musl-1.1.24-r10.apk tzdata-2020c-r1.apk e2fsprogs-libs-1.45.6-r0.apk musl-utils-1.1.24-r10.apk usb-modeswitch-2.6.0-r1.apk ethtool-5.6-r0.apk ncurses-libs-6.2_p20200523-r0.apk vlan-2.2-r0.apk ez-ipupdate-3.0.10-r9.apk ncurses-terminfo-base-6.2_p20200523-r0.apk wireless-tools-30_pre9-r1.apk fakeroot-1.24-r0.apk net-tools-1.60_git20140218-r2.apk wpa_supplicant-2.9-r5.apk haveged-1.9.8-r1.apk network-extras-1.2-r0.apk wpa_supplicant-openrc-2.9-r5.apk haveged-openrc-1.9.8-r1.apk nghttp2-1.41.0-r0.apk zlib-1.2.11-r3.apk hostapd-2.9-r2.apk nghttp2-libs-1.41.0-r0.apk hostapd-openrc-2.9-r2.apk openrc-0.42.1-r11.apk