In this article we will explain how to configure and use our Raspberry Pi 3 to act as a 3G/4G Wi-Fi Router
Installing the required packages
First of all we need to install the DHCP Server, hostapd (for create a Wi-Fi AP) and usb-modeswitch (for the 3G/4G modem).
sudo apt-get install usb-modeswitch usb-modeswitch-data hostapd isc-dhcp-server
Configure DHCP Server
We proceed now to configure the DHCP Server in order to release IPs to our clients through Wi-Fi (wlan0).
Let’s start by configuring the DHCP subnet, IP range and DNS Server to push to the clients
/etc/dhcp/dhcpd.conf
# # Configuration file for ISC dhcpd for Debian # # # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # Internal subnet. subnet 10.5.5.0 netmask 255.255.255.0 { range 10.5.5.26 10.5.5.50; option domain-name-servers 8.8.8.8, 8.8.4.4; option domain-name "local-network"; option routers 10.5.5.1; option broadcast-address 10.5.5.255; default-lease-time 600; max-lease-time 7200; }
After configuring the DHCP subnet we should specify on which interface/interfaces the DHCP Server should listen, for doing this we edit the following file and insert the interface in the “INTERFACES” section:
/etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server initscript # sourced by /etc/init.d/isc-dhcp-server # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPD_CONF=/etc/dhcp/dhcpd.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPD_PID=/var/run/dhcpd.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="wlan0"
Configure Wi-Fi AP
We configure now hostapd in order to setup a Wi-Fi network for the clients like Smartphone, Laptop, Tablets, etc..
If doesn’t already exist create a file under “/etc/hostapd/hostapd.conf”
touch /etc/hostapd/hostapd.conf
Then inside the file put the following configuration and change the field ssid (replace <your-ssid-here>) and wpa_passphrase (replace <password-here>) with a Wi-Fi name to show to your devices and the password for access to the Wi-Fi
### Wireless network interface ### interface=wlan0 ### Driver ### driver=nl80211 ### Network name SSID ### ssid=<your-ssid-here> ### Set frequency to 2.4 Ghz ### hw_mode=g ### Channel number ### channel=4 ### Enable Wi-Fi N ### ieee80211n=1 ### Enable WMM ### wmm_enabled=1 ### Enable 40 Mhz channels ### ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] ### Allow all MAC Address ### macaddr_acl=0 ### Use WPA Auth ### auth_algs=1 ### Require clients to know the network name ### ignore_broadcast_ssid=0 ### Use WPA2 ### wpa=2 ### Enable Pre-Shared Key ### wpa_key_mgmt=WPA-PSK ### Network key ### wpa_passphrase=<password-here> ### Use AES ### rsn_pairwise=CCMP
Now we should tell to the which configuration file the init script should use, in order to do this we need to edit the file “/etc/default/hostapd” and comment out the parameter “DAEMON_CONF=” and fill it with the path to the previously created hostapd configuration file. At the end the file should be like that:
# Defaults for hostapd initscript # # See /usr/share/doc/hostapd/README.Debian for information about alternative # methods of managing hostapd. # # Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration # file and hostapd will be started during system boot. An example configuration # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz # DAEMON_CONF="/etc/hostapd/hostapd.conf" # Additional daemon options to be appended to hostapd command:- # -d show more debug messages (-dd for even more) # -K include key data in debug messages # -t include timestamps in some debug messages # # Note that -B (daemon mode) and -P (pidfile) options are automatically # configured by the init.d script and must not be added to DAEMON_OPTS. # #DAEMON_OPTS=""
Configure the network interface and Firewall (iptables) rules
We configure now the interface wlan0 in the file “/etc/network/interfaces” in order to disable the automatic configuration through wpa_supplicant and assign a static IP to the wlan0 interface and make it as a default gateway for the clients.
Comment the section “iface wlan0 inet manual” and “wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf”.
# interfaces(5) file used by ifup(8) and ifdown(8) # Please note that this file is written to be used with dhcpcd # For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf' # Include files from /etc/network/interfaces.d: source-directory /etc/network/interfaces.d auto lo iface lo inet loopback iface eth0 inet manual allow-hotplug wlan0 #iface wlan0 inet manual # wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf iface wlan0 inet static address 10.5.5.1 netmask 255.255.255.0 network 10.5.5.0 broadcast 10.5.5.255 allow-hotplug wlan1 iface wlan1 inet manual wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
We need now to setup our Raspberry Pi as a “Router” so we should now enable the packets forwarding into the kernel with:
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
But this will only enable temporary the packet forwarding so in order to make it permanent we should edit the file “/etc/sysctl.conf” and add (or comment out if exist)
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
The configuration is almost finished, we need only to setup the iptables rules
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE iptables -A FORWARD -i usb0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o usb0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -j DROP
Save the current iptables rule with
iptables-save > /etc/iptables.ipv4.nat
We configure the rule to be loaded at boot by edit the file “/etc/rc.local” and add at the end of the file (before the “exit 0) the following lines:
iptables-restore < /etc/iptables.ipv4.nat
Why “usb0” interface in the iptables rules?
Probably you are asking why I’ve chosen the usb0 interface in the iptables rules instead of ppp0. I’ve chosen usb0 because my 3G key (a ZTE MF730) is switched by the usb-modeswitch project as an USB Ethernet interface (this happens also for some Huawei 3G/4G key).
Starting the services
The configuration now is ended so let’s start the services!
First of all restart the networking in order to apply the modification
[email protected]:~# /etc/init.d/networking restart
Then start or restart if running the DHCP Server service
[email protected]:~# /etc/init.d/isc-dhcp-server restart
Start hostapd
[email protected]:~# /etc/init.d/hostapd restart
We are done! Now you should see your Wi-FI Network and able to connect to it. You can also use now use multiple devices through your 3G/4G USB key.