Wednesday, July 6, 2016

Configure Raspberry Pi as a router (ethernet and wifi) on Jessie

I used these instructions to create a router with 2 ethernet and 1 wireless connection.  These instructions can be modified for more wireless or more ethernet connections.  I was setting up eth1 as the WAN connection, eth0 and wlan0 as LAN connections.  Wlan0 was to broadcast DHCP from the PI, eth0 would have static IP, and DHCP on this netowrk would be from an external DHCP server.

Pi model B+ running Raspbian Jessie;
Wireless USB dongle;
USB Ethernet Adapter.
In this example I used a Wi-Pi adapter, and a TP-Link UE300
rfkill: a wireless utility
zd1211-firmware: common firmware that works with many Wi-Fi dongles
hostapd: the hostap wireless access point daemon
hostap-utils: supplemental hostap tools
iw: wireless configuration utility
isc-dhcp-server: ISC implementation of DHCP
bridge-utils:  used for connecting multiple Ethernet devices together

Connect to the Pi via SSH

Install requirements by using the command:

sudo apt-get update -y
sudo apt-get install rfkill zd1211-firmware hostapd hostap-utils iw bridge-utils isc-dhcp-server -y

Jessie may have iw preinstalled -- if it does and is updated, running the command above will automatically skip it.

Connect the wifi dongle and USB Ethernet adapter

Use the command lsusb to ensure that the USB wireless dongle is being detected

pi@gw:~ $ lsusb
Bus 001 Device 004: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Use the command iw list to ensure that the adapter has a supported interface mode of AP
Supported interface modes:
         * IBSS
         * managed
         * AP
         * AP/VLAN
         * WDS
         * monitor
         * mesh point

Use ifconfig to identify which interface is which:


Based on the IP Addresses, I could identify eth0 as my LAN connection, and eth1 will be my WAN connection.

Create a backup of /etc/network/interfaces, and edit the file:

sudo cp /etc/network/interfaces /etc/network/interfaces.orig
sudo nano /etc/network/interfaces

Modify the file as appropriate. 

source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback

allow-hotplug eth0
auto eth0
iface eth0 inet static

allow-hotplug eth1
auto eth1
iface eth1 inet static

allow-hotplug wlan0
auto wlan0
iface wlan0 inet static

Take a backup of /etc/hostapd/hostapd.conf and edit the file (it it doesn’t exist, create the file).

sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig
sudo nano /etc/hostapd/hostapd.conf

Modify the file as appropriate

wpa_pairwise=CCMP TKIP

Backup and modify /etc/default/hostapd

sudo cp /etc/default/hostapd /etc/default/hostapd.orig
sudo nano /etc/default/hostapd

Edit the DAEMON_CONF=”” line to point to the hostadp.conf file modified earlier.


Configure DHCP
Create a backup of /etc/dhcp/dhcpd.conf and edit it

sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig
sudo nano /etc/dhcp/dhcpd.conf

Make the following changes as appropriate

option domain-name "";
default-lease-time 86400;
option subnet-mask;
max-lease-time 172800;
option broadcast-address;
option routers;

subnet netmask {
option domain-name-servers,;

Backup and edit /etc/default/isc-dhcp-server and setup the interface to broadcast DHCP on

sudo cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.orig
sudo nano /etc/default/isc-dhcp-server

Find and edit the INTERFACES line to the interface to broadcast DHCP on.


(If you wanted to broadcast DHCP on eth0 as well you could add it in here)

Enable routing and Nat

sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
sudo nano /etc/sysctl.conf

Edit the file to add the line (or uncomment it)


Enable the translation immediately
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Configure IPTables for NAT

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

sudo iptables-save

If this is the first time modifying iptables, install iptables-persistent by running

sudo apt-get install iptables-persistent

If prompted to make the rules persistent, select YES
If you already have iptables-persistent installed, you can save the iptables rules by running the command

sudo iptables-save

make the changes permanent (starts hostapd and dhcp on boot)

sudo update-rc.d hostapd enable 
sudo update-rc.d isc-dhcp-server enable
save the iptables setup and restore on boot
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" 
Edit the /etc/network/interfaces file and add the following to the end.
up iptables-restore < /etc/iptables.ipv4.nat

Reboot the device and test

1 comment:

  1. FastestVPN provides security and performance no matter which platform you use. With VPN for Router, get the best VPN protection across all connected devices.