Welcome back to Linux Networking Mastery!
We’ve now built a solid progression from basics through services, monitoring, and advanced wired features:
- Part 1 – network stack basics and inspection tools
- Part 2 – interface and IP configuration (temporary + persistent via Netplan, nmcli, systemd-networkd)
- Part 3 – routing tables, static/policy routing, namespaces, simple router setup
- Part 4 – name resolution, systemd-resolved, per-link/global DNS, troubleshooting
- Part 5 – firewalls with nftables, firewalld, ufw, stateful rules
- Part 6 – services (hardened SSH, Nginx basics, NFS/Samba shares, DHCP with dnsmasq)
- Part 7 – monitoring (
ss,tcpdump,iperf3,iftop), troubleshooting workflows - Part 8 – bonding, VLANs, bridges, WireGuard
In this part we cover wireless networking — one of the most visible (and sometimes frustrating) aspects of modern Linux usage, especially on laptops, embedded devices, and home servers acting as access points.
We’ll look at:
- Connecting as a client using modern tools (
nmcli,wpa_supplicant,iw) - Troubleshooting common wireless issues
- Turning a Linux machine into a Wi-Fi access point (hotspot) with
hostapd
1. Client Wireless Configuration
Modern Linux desktops and laptops almost always use NetworkManager for Wi-Fi. Servers or minimal installs may use wpa_supplicant directly or iwd (Intel’s lightweight alternative, increasingly popular in 2026).
Using NetworkManager (nmcli)
List available networks:
nmcli device wifi list
Connect to an open network:
nmcli device wifi connect "MyGuestWiFi"
Connect to WPA2/WPA3 network (most common):
nmcli device wifi connect "MyHomeWiFi" password "supersecret123"
Connect with specific options (e.g., hidden SSID, 5 GHz band preference):
nmcli device wifi connect "HiddenNet" password "passw0rd" hidden yes band 5g
See saved connections:
nmcli connection show
Modify or delete:
nmcli connection up "MyHomeWiFi"
nmcli connection delete "OldNetwork"
Lower-Level: iw + wpa_supplicant (servers, embedded, manual control)
Scan for networks:
sudo iw dev wlp2s0 scan | grep -E "SSID|freq|signal"
Typical manual connection sequence:
Create
/etc/wpa_supplicant.conf:ctrl_interface=DIR=/var/run/ WPA_GROUP=wheel update_config=1 network={ ssid="MyHomeWiFi" psk="supersecret123" key_mgmt=WPA-PSK priority=1 } network={ ssid="MyGuestWiFi" key_mgmt=NONE priority=0 }Start wpa_supplicant:
sudo wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.confRequest IP (DHCP):
sudo dhclient wlp2s0
Modern minimal setups increasingly use iwd (iNet Wireless Daemon) — lighter and faster than wpa_supplicant:
sudo systemctl start iwd
iwctl
device list
station wlan0 scan
station wlan0 get-networks
station wlan0 connect "MyHomeWiFi"
2. Troubleshooting Wireless Issues
Common problems and fixes (2026 perspective):
No networks visible
→rfkill list→rfkill unblock wifi
→ Check kernel module loaded:lsmod | grep -E "iwlwifi|ath9k|mt76|brcmfmac"Connection fails / auth errors
→ Check logs:journalctl -u NetworkManager -forjournalctl -u wpa_supplicant
→ Wrong PSK → regenerate QR code or test with phone hotspot
→ WPA3 transition mode issues → force WPA2 in AP settings temporarilyVery slow / unstable
→ Check signal:iw dev wlp2s0 link(look atsignal,tx bitrate)
→ Interference → change channel on AP or force 5 GHz
→ MTU mismatch (especially WireGuard over Wi-Fi) → lower to 1400
→ Power management:iwconfig wlp2s0 power offor
iw dev wlp2s0 set power_save offDriver/firmware issues
Most modern chipsets (Intel AX/BE, MediaTek MT792x, Qualcomm ath11k) have excellent mainline support in kernel 6.1–6.12.
For bleeding-edge hardware → check linux-firmware.git or distro backports.
3. Creating a Wi-Fi Access Point (Hotspot)
Use hostapd + DHCP + NAT + forwarding.
Install:
sudo apt install hostapd dnsmasq iptables-persistent # Debian/Ubuntu
sudo dnf install hostapd dnsmasq # Fedora/RHEL
Basic /etc/hostapd/hostapd.conf:
interface=wlp3s0
driver=nl80211
ssid=LinuxHotspot2026
hw_mode=g # or a for 5 GHz if supported
channel=6
wpa=2
wpa_passphrase=hotspot1234
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
Start manually to test:
sudo systemctl stop NetworkManager # important!
sudo ip link set wlp3s0 up
sudo hostapd /etc/hostapd/hostapd.conf
Persistent setup (common pattern):
Disable NetworkManager management of the interface:
/etc/NetworkManager/conf.d/99-unmanaged.conf[keyfile] unmanaged-devices=interface-name:wlp3s0Configure static IP on wlp3s0 (via Netplan/nmcli/systemd-networkd)
Enable IP forwarding (from Part 3):
sudo sysctl -w net.ipv4.ip_forward=1NAT masquerade (nftables example):
sudo nft add table ip nat sudo nft add chain nat postrouting { type nat hook postrouting priority 100 \; } sudo nft add rule nat postrouting oifname "enp0s3" masqueradeRun dnsmasq for DHCP:
/etc/dnsmasq.confsnippet:interface=wlp3s0 dhcp-range=192.168.88.50,192.168.88.150,255.255.255.0,12h dhcp-option=3,192.168.88.1 dhcp-option=6,1.1.1.1Start services:
sudo systemctl enable --now hostapd dnsmasq
Hands-On Exercises
- Scan and connect to multiple Wi-Fi networks using
nmcliandiwctl— compare logs. - Intentionally break a connection (wrong password, power management) and diagnose with
journalctl,iw dev ... link,dmesg. - Set up a basic access point on a spare wireless card; connect phone/laptop and verify internet sharing (if upstream interface has connectivity).
Safety note: Disabling NetworkManager on the wireless interface can lock you out on laptops — use VMs or have wired/console fallback.
What's Next?
In Part 10 (final technical post) we bring everything together with container and virtualization networking: Docker & Podman network modes, bridge/macvlan/overlay, libvirt/QEMU bridges, Kubernetes networking concepts, and a capstone multi-container routed application lab.