Raspberry Pi Access Point Routing

Raspberry Pi Access Point Routing

This is the last step required to turn a Raspberry Pi into a WiFi Access Point. If you want to see all the previous steps, start with “Raspberry Pi Wifi Access Point“.   When you get to this page you should already have done the following:

  1. Configured both network interfaces,
  2. Set up hostapd (a daemon which lets a host become an Access Point), and
  3. Installed and configured a DHCP server.

I originally followed more complicated instruction from user Dryfire117 at pastebin.com, 1 and then later became aware of a simpler way to do the same thing which is documented on the Raspberry Pi website.2 I think the way presented below is just as simple as the latter.

  1. First, we need to enable IP forwarding by the Linux kernel, by editing the file /etc/sysctl.conf and uncommenting the line:

    You will  need to be root or use sudo to edit this file.  An alternative is to put this single line in the file/etc/sysctl.d/routed-ap.conf.   Either way, this will take effect at the next reboot.

  2. Next we will use iptables to set up routing rules to do Network Address Translation (NAT), and then add a default route.   To do so for the wired interface simply add the following two lines to the file eth0 in the directory /etc/network/interfaces.d/:
    post-up  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    post-up  route add default gw  eth0

    As you might suspect, commands given after the “post-up” keyword are performed after the interface has successfully been brought up.  The IP address after “gw” is the gateway address for the upstream network.

    For the wireless network, wlan1, just add the same two lines to the file wlan1 in the same directory, but changing the interface name, of course, and the gateway address if necessary.

I have tested using both upstream interfaces at the same time, but you really can’t. When both eth0 and wlan1 are brought up it seems that they compete and the IP masquerading setting for only one of them takes effect. That’s actually good, because if you delay one to let the other finish, so that you have IP masquerading set up for both interfaces, then it just doesn’t work (at least not if they are both on the same upstream network).


  1. How to: Make a Raspberry Pi Powered Wifi Repeater by Dryfire117, https://pastebin.com/A4jUp2Nq
  2. Setting up a Raspberry Pi as a routed wireless access point, https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md
Print Friendly, PDF & Email