Raspberry Pi Access Point Routing
This is the last step required to turn a Raspberry Pi into a WiFi Access Point. If you want to see all the previous steps, start with “Raspberry Pi Wifi Access Point“. When you get to this page you should already have done the following:
- Configured both network interfaces,
- Set up hostapd (a daemon which lets a host become an Access Point), and
- Installed and configured a DHCP server.
I originally followed more complicated instruction from user Dryfire117 at pastebin.com, 1 and then later became aware of a simpler way to do the same thing which is documented on the Raspberry Pi website.2 I think the way presented below is just as simple as the latter.
- First, we need to enable IP forwarding by the Linux kernel, by editing the file /etc/sysctl.conf and uncommenting the line:
net.ipv4.ip_forward=1
You will need to be root or use sudo to edit this file. An alternative is to put this single line in the file/etc/sysctl.d/routed-ap.conf. Either way, this will take effect at the next reboot.
- Next we will use iptables to add a routing rule to do Network Address Translation (NAT), and then add a default route. This is simply done by editing the configuration file for the upstream interface in the directory /etc/network/interfaces.d/ – either eth0 for a wired upstream interface, or wlan1 for a wireless upstream interface. Either way, add the following two lines to the file as part of the configuration for that interface:
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up route add default gw 192.168.1.1 eth0
As you might suspect, commands given after the “post-up” keyword are performed after the interface has successfully been brought up. The IP address after “gw” is the gateway address for the upstream network.
- Reboot and verify that it’s all working, or to debug it if it isn’t.
I have tested using both upstream interfaces at the same time, but you really can’t. When both eth0 and wlan1 are brought up it seems that they compete and the IP masquerading setting for only one of them takes effect. That’s actually good, because if you delay one to let the other finish, so that you have IP masquerading set up for both interfaces, then it just doesn’t work (at least not if they are both on the same upstream network).
References
- How to: Make a Raspberry Pi Powered Wifi Repeater by Dryfire117, https://pastebin.com/A4jUp2Nq ↩
- Setting up a Raspberry Pi as a routed wireless access point, https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md ↩
Actually, looking at the script shows that it’s just issuing repeated `iptables` commands, so after running the script and it uses the 192.168.. address you could simply give another `iptables` command with the address you were issues by DHCP.
Hello,
Thank you for the great information. I have the following question, is it possible to use DHCP address instead of static one for INET_ADDRESS=192.168.1.99, as I am getting different IPs from the ISP
I think you would have to determine the address given out by DHCP and then put that in the file in place of 192.168.1.99 and then run the script.
Mr Myers:
Please continue with your writings as they are very useful and I’m looking for solutions for a captive portal and your web page got me past the first part of getting the RPi4 Wireless up and running. I really like your style and content, direct and to the point. THANK YOU.
Thank you. I will try to set aside some time this summer to keep working on it.
this has been working flawlessly for me and has been a learning experiance. PLEASE FINISH IT 🙂 thanks.
Thank you. I’m sorry I have not had time to finish the write-up, but I’ll try to get to it when I can. It helps to know someone else actually found it useful. I’ve mainly been writing these for my own memory.