Raspberry Pi Routing Tables
This is the last set of steps required to turn a Raspberry Pi into a wifi repeater. If you want to see all the steps, start with “Raspberry Pi Wifi Repeater“. When you get to this page you should already have done the following:
- Configured both network interfaces,
- Set up hostapd (a daemon which lets a host become an Access Point), and
- Installed and configured a DHCP server.
Now we configure the routing tables. I have to give credit for this information to user Dryfire117 at https://pastebin.com/A4jUp2Nq. The main idea is that we will first clear the routing tables, then set them, then save them to a file that can be automatically loaded at boot time.
- First, we need to enable IP forwarding by the Linux kernel, by editing the file /etc/sysctl.conf and uncommenting the line:
net.ipv4.ip_forward=1
You will probably have to be root or use sudo to edit this file. Once you’ve made the change, give the command
$ sudo sysctl --system ....
Or you can simply wait for the next reboot, as this change will now take effect every time the machine boots. - Next we will create a set of routing tables which can be loaded automatically at boot time. An easy way to do this is to create a couple of different scripts to perform steps of the process.
- First, create this script to clear the existing routing tables:
#!/bin/sh IPTABLES="$(which iptables)" # RESET DEFAULT POLICIES $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT # FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t mangle -F $IPTABLES -t mangle -X
Run this script (as root, of course) to clear out any existing routing rules.
- Then create another script to set up the desired routing tables so that outbound traffic is routed to the internet.
#!/bin/sh IPT=/sbin/iptables INET_IFACE=wlan0 INET_ADDRESS=192.168.1.99 AP_IFACE=wlan1 # Flush the tables $IPT -F INPUT $IPT -F OUTPUT $IPT -F FORWARD $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT # Allow forwarding packets: $IPT -A FORWARD -p ALL -i $AP_IFACE -o $INET_IFACE -j ACCEPT $IPT -A FORWARD -i $INET_IFACE -o $AP_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT # Packet masquerading $IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
The upstream interface is wlan0 here, but if you want to use a wired ethernet connection you can change that to eth0.
Running this script will set up the desired routing tables until the next reboot.
- To make this configuration persistent beyond the next reboot we can capture a snap-shot of the routing tables with the command
$ sudo iptables-save > /etc/network/iptables
Then we can simply add one line to the network configuration in the file /etc/network/interfaces to cause this saved routing table to be used when the interface is started. To do so add to the entry for the interface used by hostapd the linepost-up iptables-restore < /etc/network/iptables
- First, create this script to clear the existing routing tables:
this has been working flawlessly for me and has been a learning experiance. PLEASE FINISH IT 🙂 thanks.
Thank you. I’m sorry I have not had time to finish the write-up, but I’ll try to get to it when I can. It helps to know someone else actually found it useful. I’ve mainly been writing these for my own memory.
Mr Myers:
Please continue with your writings as they are very useful and I’m looking for solutions for a captive portal and your web page got me past the first part of getting the RPi4 Wireless up and running. I really like your style and content, direct and to the point. THANK YOU.
Thank you. I will try to set aside some time this summer to keep working on it.
Hello,
Thank you for the great information. I have the following question, is it possible to use DHCP address instead of static one for INET_ADDRESS=192.168.1.99, as I am getting different IPs from the ISP
I think you would have to determine the address given out by DHCP and then put that in the file in place of 192.168.1.99 and then run the script.
Actually, looking at the script shows that it’s just issuing repeated `iptables` commands, so after running the script and it uses the 192.168.. address you could simply give another `iptables` command with the address you were issues by DHCP.