Raspberry Pi Access Point Routing
This is the last step required to turn a Raspberry Pi into a WiFi Access Point. If you want to see all the previous steps, start with “Raspberry Pi Wifi Access Point“. When you get to this page you should already have done the following:
- Configured both network interfaces,
- Set up hostapd (a daemon which lets a host become an Access Point), and
- Installed and configured a DHCP server.
I originally followed more complicated instruction from user Dryfire117 at pastebin.com, 1 and then later became aware of a simpler way to do the same thing which is documented on the Raspberry Pi website.2 I think the way presented below is just as simple as the latter.
- First, we need to enable IP forwarding by the Linux kernel, by editing the file /etc/sysctl.conf and uncommenting the line:
You will need to be root or use sudo to edit this file. An alternative is to put this single line in the file/etc/sysctl.d/routed-ap.conf. Either way, this will take effect at the next reboot.
- Next we will use iptables to add a routing rule to do Network Address Translation (NAT), and then add a default route. This is simply done by editing the configuration file for the upstream interface in the directory /etc/network/interfaces.d/ – either eth0 for a wired upstream interface, or wlan1 for a wireless upstream interface. Either way, add the following two lines to the file as part of the configuration for that interface:
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up route add default gw 192.168.1.1 eth0
As you might suspect, commands given after the “post-up” keyword are performed after the interface has successfully been brought up. The IP address after “gw” is the gateway address for the upstream network.
- Reboot and verify that it’s all working, or to debug it if it isn’t.
I have tested using both upstream interfaces at the same time, but you really can’t. When both eth0 and wlan1 are brought up it seems that they compete and the IP masquerading setting for only one of them takes effect. That’s actually good, because if you delay one to let the other finish, so that you have IP masquerading set up for both interfaces, then it just doesn’t work (at least not if they are both on the same upstream network).
- How to: Make a Raspberry Pi Powered Wifi Repeater by Dryfire117, https://pastebin.com/A4jUp2Nq ↩
- Setting up a Raspberry Pi as a routed wireless access point, https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md ↩