Networking

Configure a Raspberry Pi or any Linux as a Wi-Fi router

Any Linux-based operating system can be configured as a real WiFi router with a few simple steps. For example, if we use a Raspberry Pi with the Raspbian operating system (which is still a Linux-based operating system), we can configure it to use its different network interfaces and create a WiFi router with a fairly decent performance, but also we must take into account its port limitations. In this tutorial we are going to teach you how to configure a Raspberry Pi, or any Linux-based operating system, to function as a Wi-Fi router.

Initial steps

The first thing we must do is install the operating system on our Raspberry Pi. In our case we have used the latest version of Raspbian, although any other system can be used (although the commands may vary). Once the operating system is installed on our micro SD, we run it for the first time to complete its installation and configuration (for example, in the case of Raspbian, complete the « sudo raspi-config « wizard ).

Once configured and with the device working and connected to the Internet through RJ-45, we update the software sources, applications and the system by typing:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

Once with our updated system we can continue with the tutorial to configure our Raspberry Pi to function as a router.

Check that our USB Wi-Fi card is detected and works in AP mode

The first thing we will do is check that the device detects the card. To do this we type:

lsusb

And it should appear there listed. Once it appears we will execute another command to verify that the Wi-Fi card can work in AP mode:

iw list

If in the result that appears on the screen we can see the line: Mode: AP, the card is compatible to carry out this configuration, otherwise, we must look for another card whose chipset allows it to be configured as an access point, or AP.

Install required software and dependencies

Most of the necessary software is installed by default in Raspbian, although the only ones that could give us problems are the DHCP server and the access point creation service, which we can install manually (if it is not available) by typing:

sudo apt-get install isc-dhcp-server hostapd

Once we have reached this point we can restart our Raspberry to start with the configuration.

Setting

All configurations are made from the terminal, in text mode. We are going to use the nano editor and always before editing a file we will create a copy of it so that if an error occurs we can restore it.

Configure the DHCP server

The first thing we will configure will be the DHCP server. For this we will edit the following file:

sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig
sudo nano /etc/dhcp/dhcpd.conf

In this file we must look for a series of lines. The following are uncommented by default, we comment them with a # in front of them so that they are no longer enabled and are as follows:

#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

We will look for the #authoritative element; which by default will be commented and we uncomment it to activate it, leaving:

authoritative;

To finish we will configure the network in which the DHCP server will work (in our example in the network 192.168.2.0). To do this, we go to the end of the document and add:

subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.30;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}

We save the changes and close the file.

We will open a new server configuration file, typing:

sudo cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.orig
sudo nano /etc/default/isc-dhcp-server

In this document we will look (at the end) for the INTERFACES = »» line and change it to:

INTERFACES="wlan0"

The DHCP server is already configured. We continue with the tutorial.

Configure the WLAN and Ethernet connection

The first thing we will do is disconnect the Wi-Fi card. To do this we type:

sudo ifdown wlan0

Next we will open the file «interfaces»:

sudo cp /etc/network/interfaces /etc/network/interfaces.orig
sudo nano /etc/network/interfaces

And we will configure it as follows:

auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0

We comment or delete the other lines. We save the changes and close the document. To apply the changes at the moment we must type:

sudo ifconfig wlan0 192.168.2.1

Configure the access point

Once again, we will edit another file by typing:

sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig
sudo nano /etc/hostapd/hostapd.conf

And in this file we delete what there is (if there is something) and paste:

interface=wlan0
ssid=RaspiAP
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

We can change both the SSID by the name we want to give to our network and the channel in channel and the wpa_passphrase with the password, in plain text, that we want to use to connect.

To finish with the configuration we open a new configuration file by typing:

sudo cp /etc/default/hostapd /etc/default/hostapd.orig
sudo nano /etc/default/hostapd

We uncomment and change the line # DAEMON_CONF = »» by:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

We save and close the file to finish. We are almost done, only a few minor settings remain and configure Raspbian so that all this runs at system startup automatically.

Final configurations

Although our router-access point is already configured and functional, we cannot connect to the Internet through it, nor are the configurations executed automatically at startup. For this to work we must follow the last steps that we list below.

Configure packet forwarding

For Raspberry Pi to forward the packets from itself to the router to be able to go to the Internet, we must configure the following elements:

We open and edit the sysctl file:

sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
sudo nano /etc/sysctl.conf

In this document we will look for the line “# net.ipv4.ip_forward = 1” and we will uncomment it, leaving:

net.ipv4.ip_forward=1

We save and close the document. For the changes to take effect immediately, we will type:

sudo sysctl -p /etc/sysctl.conf

We enable NAT by typing:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE

And we save the iptables rules so that the changes persist (we install the following package: sudo apt-get install iptables-persistent and we follow the wizard).

Configure autostart

In order for the access point and the DHCP server to start automatically with our device, we must specifically indicate it and enable the services to be activated together with Raspbian. To do this from the terminal we type:

sudo update-rc.d hostapd enable
sudo update-rc.d isc-dhcp-server enable

Last setting

Before finishing, there is a WPAsupplicant file that can cause problems on some occasions, so to make sure that this does not happen we move it to a safe path by typing:

sudo mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service /home/pi

Our Raspberry Pi already works as a Wi-Fi router

Once we have reached this point we can restart our Raspberry Pi. When it reboots it will automatically create the access point, you can assign IP addresses to the hosts that connect to it and route all traffic from the Wi-Fi card through the network card to the router, as long as we are connected to one.

It is advisable to properly configure the iptables firewall of our Raspberry Pi, in this way, we can allow or deny local traffic from the LAN to the WiFi and vice versa, in addition, we could set up several WiFi access points, for example, we could configure a WiFi network to that is totally isolated from the main network. In home WiFi routers, manufacturers typically create isolated guest WiFi in two different ways:

  • Creating a specific VLAN for the guests, providing a new subnet that is isolated from the main network, and that only has an Internet connection. This way of configuring the guest WiFi networks is the best, the most elegant and the most efficient, because all the guest clients will be in a subnet and will be able to communicate (or not) with each other, but what they will never be able to do is communicate with the main network that is totally separated. For example, a manufacturer that makes use of this is AVM with its FRITZ! Box, thanks to this, we will have a specific subnet for guests, either via WiFi or cable. In this case, through iptables (network layer) we can allow or not communication between the different subnets configured in the router.
  • Making use of ebtables at the link layer level. In this configuration mode, the guest wireless clients will use exactly the same subnet as the main network, therefore, they will share addressing with the computers on the LAN. Thanks to the use of ebtables we will be able to limit the communication of these guests to the main network, allowing or denying access.

In the event that you are interested in building a WiFi access point for guests, our recommendation is to make use of the first method, put a specific AP for guests, create a VLAN in the network and assign them a new IP address completely different from the address of the main network, in this way, they will be isolated correctly.

Leave a Reply

Your email address will not be published.

Back to top button