Raspberry Pi Routing Tables

This is the last set of steps required to turn a Raspberry Pi into a wifi repeater. If you want to see all the steps, start with “Raspberry Pi Wifi Repeater“.   When you get to this page you should already have done the following:

  1. Configured both network interfaces,
  2. Set up hostapd (a daemon which lets a host become an Access Point), and
  3. Installed and configured a DHCP server.

Now we configure the routing tables. I have to give credit for this information to user Dryfire117 at https://pastebin.com/A4jUp2Nq.  The main idea is that we will first clear the routing tables, then set them, then save them to a file that can be automatically loaded at boot time.

  1. First, we need to enable IP forwarding by the Linux kernel, by editing the file /etc/sysctl.conf and uncommenting the line:
    net.ipv4.ip_forward=1
    

    You will probably have to be root or use sudo to edit this file. Once you’ve made the change, give the command
    $ sudo sysctl --system ....
    Or you can simply wait for the next reboot, as this change will now take effect every time the machine boots.

  2. Next we will create a set of routing tables which can be loaded automatically at boot time. An easy way to do this is to create a couple of different scripts to perform steps of the process.
    1. First, create this script to clear the existing routing tables:
      #!/bin/sh
      IPTABLES="$(which iptables)"
      # RESET DEFAULT POLICIES
      $IPTABLES -P INPUT ACCEPT
      $IPTABLES -P FORWARD ACCEPT
      $IPTABLES -P OUTPUT ACCEPT
      $IPTABLES -t nat -P PREROUTING ACCEPT
      $IPTABLES -t nat -P POSTROUTING ACCEPT
      $IPTABLES -t nat -P OUTPUT ACCEPT
      $IPTABLES -t mangle -P PREROUTING ACCEPT
      $IPTABLES -t mangle -P OUTPUT ACCEPT
      # FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS
      $IPTABLES -F
      $IPTABLES -X
      $IPTABLES -t nat -F
      $IPTABLES -t nat -X
      $IPTABLES -t mangle -F
      $IPTABLES -t mangle -X
      

      Run this script (as root, of course) to clear out any existing routing rules.

    2. Then create another script to set up the desired routing tables so that outbound traffic is routed to the internet.
      #!/bin/sh
      IPT=/sbin/iptables
      INET_IFACE=wlan0
      INET_ADDRESS=192.168.1.99
      AP_IFACE=wlan1
      # Flush the tables
      $IPT -F INPUT
      $IPT -F OUTPUT
      $IPT -F FORWARD
      $IPT -t nat -P PREROUTING ACCEPT
      $IPT -t nat -P POSTROUTING ACCEPT
      $IPT -t nat -P OUTPUT ACCEPT
      # Allow forwarding packets:
      $IPT -A FORWARD -p ALL -i $AP_IFACE -o $INET_IFACE -j ACCEPT
      $IPT -A FORWARD -i $INET_IFACE -o $AP_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Packet masquerading
      $IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
      

      The upstream interface is wlan0 here, but if you want to use a wired ethernet connection you can change that to eth0.

      Running this script will set up the desired routing tables until the next reboot.

    3. To make this configuration persistent beyond the next reboot we can capture a snap-shot of the routing tables with the command
      $ sudo iptables-save > /etc/network/iptables
      Then we can simply add one line to the network configuration in the file /etc/network/interfaces to cause this saved routing table to be used when the interface is started. To do so add to the entry for the interface used by hostapd the line

      post-up iptables-restore < /etc/network/iptables
    Print Friendly, PDF & Email