Making Raspberry Pi as an internet Router (NAT) - hydrogeologger/pyduino GitHub Wiki
Setting up a Raspberry Pi as an access point in a standalone network (NAT)
Raspberry Pi can be used as a wireless access point, running a standalone network. This can be done using the inbuilt wireless features of the Raspberry Pi 3 or Raspberry Pi Zero W, or by using a suitable USB wireless dongle that supports access points.
Note that this documentation was tested on a Raspberry Pi 3, and it is possible that some USB dongles may need slight changes to their settings. If you are having trouble with a USB wireless dongle, please check the forums.
To add a Raspberry Pi-based access point to an existing network, see this section.
In order to work as an access point, the Raspberry Pi will need to have access point software installed, along with DHCP server software to provide connecting devices with a network address. Ensure that your Raspberry Pi is using an up-to-date version of Raspbian (dated 2017 or later).
Warning: must ensure 4G connection working properly (reverse SSH) before your next step
Reference (strongly recommended): https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md
Use the following to update your Raspbian installation:
sudo apt-get update
sudo apt-get upgrade
Install all the required software in one go with this command:
sudo apt-get install dnsmasq hostapd
Since the configuration files are not ready yet, turn the new software off as follows:
sudo systemctl stop dnsmasq
sudo systemctl stop hostapd
Configuring the DHCP server (dnsmasq)
The DHCP service is provided by dnsmasq. By default, the configuration file contains a lot of information that is not needed, and it is easier to start from scratch. Rename this configuration file, and edit a new one:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo vim /etc/dnsmasq.conf
Type or copy the following information into the dnsmasq configuration file and save it:
interface=wlan0 # Use the require wireless interface - usually wlan0
dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h
# Use ISP DNS for resolving names
dhcp-option=option:dns-server,0.0.0.0
So for wlan0, we are going to provide IP addresses between 192.168.4.2 and 192.168.4.20, with a lease time of 24 hours. If you are providing DHCP services for other network devices (e.g. eth0), you could add more sections with the appropriate interface header, with the range of addresses you intend to provide to that interface.
There are many more options for dnsmasq; see the dnsmasq documentation for more details.
Configuring the access point host software (hostapd)
You need to edit the hostapd configuration file, located at /etc/hostapd/hostapd.conf, to add the various parameters for your wireless network. After initial install, this will be a new/empty file.
sudo vim /etc/hostapd/hostapd.conf
Add the information below to the configuration file. This configuration assumes we are using channel 7, with a network name of NameOfNetwork, and a password AardvarkBadgerHedgehog. Note that the name and password should not have quotes around them. The passphrase should be between 8 and 64 characters in length.
interface=wlan0
driver=nl80211
ssid=NameOfNetwork
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
We now need to tell the system where to find this configuration file.
sudo vim /etc/default/hostapd
Find the line with #DAEMON_CONF, and replace it with this:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Start it up
Now start up the remaining services:
sudo systemctl start hostapd
sudo systemctl start dnsmasq
If dnsmasq fail to start, may need to add bind-interface to /etc/dnsmasq.conf and restart dnsmasq
interface=wlan0 # Use the require wireless interface - usually wlan0
bind-interfaces
dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h
# Use ISP DNS for resolving names
dhcp-option=option:dns-server,0.0.0.0
Add routing and masquerade
Edit /etc/sysctl.conf and uncomment this line:
net.ipv4.ip_forward=1
Add a masquerade for outbound traffic on eth0 (outbound eth0 here mean a network that are permanently connected to the internet. !!!If using 3G network, it is necessary to change 'eth0' to the outbound name of 3G!!!):
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Save the iptables rule.
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
Edit /etc/rc.local and add this just above "exit 0" to install these rules on boot.
iptables-restore < /etc/iptables.ipv4.nat
Configuring a static IP
We are configuring a standalone network to act as a server, so the Raspberry Pi needs to have a static IP address assigned to the wireless port. This documentation assumes that we are using the standard 192.168.x.x IP addresses for our wireless network, so we will assign the server the IP address 192.168.4.1. It is also assumed that the wireless device being used is wlan0.
To configure the static IP address, edit the dhcpcd configuration file with:
sudo vim /etc/dhcpcd.conf
Go to the end of the file and edit it so that it looks like the following:
interface wlan0
static ip_address=192.168.4.1/24
**Must ensure 4G dongle working now before restart the dhcpcd daemon and set up the new wlan0 configuration:
sudo service dhcpcd restart
**critical: when you run this script remotely (e.g., using SSH), it is likely that the connection will be disrupted!! **
Reboot
Using a wireless device, search for networks. The network SSID you specified in the hostapd configuration should now be present, and it should be accessible with the specified password.
If SSH is enabled on the Raspberry Pi access point, it should be possible to connect to it from another Linux box (or a system with SSH connectivity present) as follows, assuming the pi account is present:
ssh [email protected]
By this point, the Raspberry Pi is acting as an access point, and other devices can associate with it. Associated devices can access the Raspberry Pi access point via its IP address for operations such as rsync, scp, or ssh.
issuing the command below on a host
cat /var/lib/misc/dnsmasq.leases
or
arp -a -n
is able to find the leased IP addresses to the clients.
Router solution 1: 3G dongle (eth1) as outbound and onboard wifi (wlan0) as router
Below solution is found to be useful on Jessie and Stretch
first, disable wpa_supplicant by either remove /etc/wpa_supplicant/wpa_supplicant.conf, or running the following command
systemctl disable wpa_supplicant
The reason wpa_supplicant needs to be disabled is because it controls wlan0 as a guest, rather than a host. If wpa_supplicant is not disabled, both dhcpcd (configure ip as 192.168.0.1) and wpa_supplicant will fight for controlling the onboard WI-FI, which is demonstrated by showing hotspot during booting, while hotspot disappear after booting is completed.
Router solution 2: antenna Wi-Fi (wlan1) as outbound and onboard Wi-Fi (wlan0) as router
We designed this solution as it appears to be that RPI failed to provide power to network devices as their IP addresses keeps on swapping (wlan0 becomes wlan1) and neither tether nor internet is stable.
The below solution works only for Stretch
first, rename wpa_supplicant as
mv /etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
This suggests that the rule in wpa_supplicant-wlan1.conf only apply to wlan1
Second, make sure /etc/network/interfaces is as simple as (particularly for stretch):
source-directory /etc/network/interfaces.d
PLEASE DO NOT PUT iface wlan0 inet dhcp or iface wlan1 inet manual as they are no longer controlled by interfaces anymore in stretch
Finally, issuing the command (updated TO201214):
systemctl enable [email protected]
TO201214 tested to work well with rpi4-stretch with Wenqiang. However, it is found that rpi0 tends to create a interfce with a name of wlx$mac where $mac is the mac address of the WI-FI dongle.
From above, user will be able to enjoy the routering service provided by Raspberry Pi
----------------------------------------------------------------------------------
NOT NECESSARY Using the Raspberry Pi as an access point to share an internet connection (bridge)
One common use of the Raspberry Pi as an access point is to provide wireless connections to a wired Ethernet connection, so that anyone logged into the access point can access the internet, providing of course that the wired Ethernet on the Pi can connect to the internet via some sort of router.
To do this, a 'bridge' needs to put in place between the wireless device and the Ethernet device on the access point Raspberry Pi. This bridge will pass all traffic between the two interfaces. Install the following packages to enable the access point setup and bridging.
sudo apt-get install hostapd bridge-utils
Since the configuration files are not ready yet, turn the new software off as follows:
sudo systemctl stop hostapd
Bridging creates a higher-level construct over the two ports being bridged. It is the bridge that is the network device, so we need to stop the eth0 and wlan0 ports being allocated IP addresses by the DHCP client on the Raspberry Pi.
sudo vim /etc/dhcpcd.conf
Add denyinterfaces wlan0 and denyinterfaces eth0 to the end of the file (but above any other added interface lines) and save the file.
Add a new bridge, which in this case is called br0.
sudo brctl addbr br0
Connect the network ports. In this case, connect eth0 to the bridge br0.
sudo brctl addif br0 eth0
Now the interfaces file needs to be edited to adjust the various devices to work with bridging. sudo vim /etc/network/interfaces make the following edits.
Add the bridging information at the end of the file.
# Bridge setup
auto br0
iface br0 inet manual
bridge_ports eth0 wlan0
The access point setup is almost the same as that shown in the previous section. Follow the instructions above to set up the hostapd.conf file, but add bridge=br0 below the interface=wlan0 line, and remove or comment out the driver line. The passphrase must be between 8 and 64 characters long.
interface=wlan0
bridge=br0
#driver=nl80211
ssid=hydrogeologger
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=123123123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Now reboot the Raspberry Pi.
There should now be a functioning bridge between the wireless LAN and the Ethernet connection on the Raspberry Pi, and any device associated with the Raspberry Pi access point will act as if it is connected to the access point's wired Ethernet.
The ifconfig command will show the bridge, which will have been allocated an IP address via the wired Ethernet's DHCP server. The wlan0 and eth0 no longer have IP addresses, as they are now controlled by the bridge. It is possible to use a static IP address for the bridge if required, but generally, if the Raspberry Pi access point is connected to a ADSL router, the DHCP address will be fine.
----------------------------------------------------------------------------------
/var/lib/misc/dnsmasq.leases
get all the ip addresses that has been released
reference:
not working case
root@hydrogeologger:/home/pi# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-11-09 18:04:48 AEST; 11min ago
Process: 1085 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 1147 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 1138 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 1135 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 1146 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1146 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: reading /run/dnsmasq/resolv.conf
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: using nameserver 192.168.8.1#53
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: read /etc/hosts - 5 addresses
Nov 09 18:04:48 hydrogeologger dnsmasq[1147]: Too few arguments.
Nov 09 18:04:48 hydrogeologger systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Nov 09 18:08:04 hydrogeologger dnsmasq-dhcp[1146]: DHCPREQUEST(wlan0) 192.168.4.13 bc:a9:20:5c:b0:52
Nov 09 18:08:04 hydrogeologger dnsmasq-dhcp[1146]: DHCPACK(wlan0) 192.168.4.13 bc:a9:20:5c:b0:52 chenmingsiPhone
Nov 09 18:13:29 hydrogeologger dnsmasq-dhcp[1146]: DHCPREQUEST(wlan0) 192.168.4.16 c4:8e:8f:f5:3a:33
Nov 09 18:13:29 hydrogeologger dnsmasq-dhcp[1146]: DHCPACK(wlan0) 192.168.4.16 c4:8e:8f:f5:3a:33 lxm
Nov 09 18:14:27 hydrogeologger dnsmasq[1146]: nameserver 192.168.8.1 refused to do a recursive query
root@hydrogeologger:/home/pi# systemctl status hostapd
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
Loaded: loaded (/etc/init.d/hostapd; generated; vendor preset: enabled)
Active: active (running) since Fri 2018-11-09 18:00:58 AEST; 15min ago
Docs: man:systemd-sysv-generator(8)
Process: 453 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/hostapd.service
└─547 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf
Nov 09 18:08:01 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: associated
Nov 09 18:08:01 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: disassociated
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: associated
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 RADIUS: starting accounting session 5BE53EBA-00000002
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 WPA: pairwise key handshake completed (RSN)
Nov 09 18:11:06 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 WPA: group key handshake completed (RSN)
Nov 09 18:13:29 hydrogeologger hostapd[547]: wlan0: STA c4:8e:8f:f5:3a:33 IEEE 802.11: associated
Nov 09 18:13:29 hydrogeologger hostapd[547]: wlan0: STA c4:8e:8f:f5:3a:33 RADIUS: starting accounting session 5BE53EBA-00000003
Nov 09 18:13:29 hydrogeologger hostapd[547]: wlan0: STA c4:8e:8f:f5:3a:33 WPA: pairwise key handshake completed (RSN)
Nov 09 18:15:58 hydrogeologger hostapd[547]: wlan0: STA c4:8e:8f:f5:3a:33 IEEE 802.11: disassociated
root@hydrogeologger:/home/pi# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-11-09 18:04:48 AEST; 3min 27s ago
Process: 1085 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 1147 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 1138 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 1135 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 1146 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1146 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f64467
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: started, version 2.76 cachesize 150
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Nov 09 18:04:48 hydrogeologger dnsmasq-dhcp[1146]: DHCP, IP range 192.168.4.2 -- 192.168.4.20, lease time 1d
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: reading /run/dnsmasq/resolv.conf
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: using nameserver 192.168.8.1#53
Nov 09 18:04:48 hydrogeologger dnsmasq[1146]: read /etc/hosts - 5 addresses
Nov 09 18:04:48 hydrogeologger dnsmasq[1147]: Too few arguments.
Nov 09 18:04:48 hydrogeologger systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Nov 09 18:08:04 hydrogeologger dnsmasq-dhcp[1146]: DHCPREQUEST(wlan0) 192.168.4.13 bc:a9:20:5c:b0:52
Nov 09 18:08:04 hydrogeologger dnsmasq-dhcp[1146]: DHCPACK(wlan0) 192.168.4.13 bc:a9:20:5c:b0:52 chenmingsiPhone
root@hydrogeologger:/home/pi# systemctl status hostapd
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
Loaded: loaded (/etc/init.d/hostapd; generated; vendor preset: enabled)
Active: active (running) since Fri 2018-11-09 18:00:58 AEST; 7min ago
Docs: man:systemd-sysv-generator(8)
Process: 453 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/hostapd.service
└─547 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf
Nov 09 18:00:58 hydrogeologger systemd[1]: Started LSB: Advanced IEEE 802.11 management daemon.
Nov 09 18:01:21 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: associated
Nov 09 18:01:21 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 RADIUS: starting accounting session 5BE53EBA-00000000
Nov 09 18:01:21 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 WPA: pairwise key handshake completed (RSN)
Nov 09 18:08:01 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: disassociated
Nov 09 18:08:01 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: associated
Nov 09 18:08:01 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: disassociated
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 IEEE 802.11: associated
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 RADIUS: starting accounting session 5BE53EBA-00000002
Nov 09 18:08:03 hydrogeologger hostapd[547]: wlan0: STA bc:a9:20:5c:b0:52 WPA: pairwise key handshake completed (RSN)
root@hydrogeologger:/home/pi# systemctl status dhcpcd
● dhcpcd.service - dhcpcd on all interfaces
Loaded: loaded (/lib/systemd/system/dhcpcd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-11-09 18:00:56 AEST; 8min ago
Process: 364 ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -b (code=exited, status=0/SUCCESS)
Main PID: 375 (dhcpcd)
CGroup: /system.slice/dhcpcd.service
└─375 /sbin/dhcpcd -q -b
Nov 09 18:01:07 hydrogeologger dhcpcd[375]: eth1: rebinding lease of 192.168.8.100
Nov 09 18:01:07 hydrogeologger dhcpcd[375]: eth1: NAK: from 192.168.8.1
Nov 09 18:01:07 hydrogeologger dhcpcd[375]: eth1: soliciting a DHCP lease
Nov 09 18:01:07 hydrogeologger dhcpcd[375]: eth1: offered 192.168.8.100 from 192.168.8.1
Nov 09 18:01:07 hydrogeologger dhcpcd[375]: eth1: probing address 192.168.8.100/24
Nov 09 18:01:12 hydrogeologger dhcpcd[375]: wlan0: no IPv6 Routers available
Nov 09 18:01:12 hydrogeologger dhcpcd[375]: eth1: leased 192.168.8.100 for 86400 seconds
Nov 09 18:01:12 hydrogeologger dhcpcd[375]: eth1: adding route to 192.168.8.0/24
Nov 09 18:01:12 hydrogeologger dhcpcd[375]: eth1: adding default route via 192.168.8.1
Nov 09 18:01:20 hydrogeologger dhcpcd[375]: eth1: no IPv6 Routers available