How-to make a Raspberry Pi 3 as a 3G/4G router

20161107_231344 

In this article we will explain how to configure and use our Raspberry Pi 3 to act as a 3G/4G Wi-Fi Router

Installing the required packages

First of all we need to install the DHCP Server, hostapd (for create a Wi-Fi AP) and usb-modeswitch (for the 3G/4G modem).

sudo apt-get install usb-modeswitch usb-modeswitch-data hostapd isc-dhcp-server

 

Configure DHCP Server

We proceed now to configure the DHCP Server in order to release IPs to our clients through Wi-Fi (wlan0).
Let’s start by configuring the DHCP subnet, IP range and DNS Server to push to the clients

/etc/dhcp/dhcpd.conf

#
# Configuration file for ISC dhcpd for Debian 
# 
# 
# The ddns-updates-style parameter controls whether or not the server will 
# attempt to do a DNS update when a lease is confirmed. We default to the 
# behavior of the version 2 packages ('none', since DHCP v2 didn't 
# have support for DDNS.) 
ddns-update-style none; 

default-lease-time 600; 
max-lease-time 7200; 

# If this DHCP server is the official DHCP server for the local 
# network, the authoritative directive should be uncommented. 
authoritative; 

# Use this to send dhcp log messages to a different log file (you also 
# have to hack syslog.conf to complete the redirection). 
log-facility local7; 

# Internal subnet. 
subnet 10.5.5.0 
netmask 255.255.255.0 { 
  range 10.5.5.26 10.5.5.50;
  option domain-name-servers 8.8.8.8, 8.8.4.4; 
  option domain-name "local-network"; 
  option routers 10.5.5.1; 
  option broadcast-address 10.5.5.255; 
  default-lease-time 600; 
  max-lease-time 7200; 
}

After configuring the DHCP subnet we should specify on which interface/interfaces the DHCP Server should listen, for doing this we edit the following file and insert the interface in the “INTERFACES” section:

/etc/default/isc-dhcp-server

# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts 
# 
# This is a POSIX shell fragment 
# 

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). 
#DHCPD_CONF=/etc/dhcp/dhcpd.conf 

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). 
#DHCPD_PID=/var/run/dhcpd.pid 

# Additional options to start dhcpd with. 
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead 
#OPTIONS="" 

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? 
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1". 
INTERFACES="wlan0"

 

Configure Wi-Fi AP

We configure now hostapd in order to setup a Wi-Fi network for the clients like Smartphone, Laptop, Tablets, etc..
If doesn’t already exist create a file under “/etc/hostapd/hostapd.conf”

touch /etc/hostapd/hostapd.conf

Then inside the file put the following configuration and change the field ssid (replace <your-ssid-here>) and wpa_passphrase (replace <password-here>) with a Wi-Fi name to show to your devices and the password for access to the Wi-Fi

### Wireless network interface ###
interface=wlan0

### Driver ###
driver=nl80211

### Network name SSID ###

ssid=<your-ssid-here>

### Set frequency to 2.4 Ghz ###
hw_mode=g

### Channel number ###
channel=4

### Enable Wi-Fi N ###
ieee80211n=1

### Enable WMM ###
wmm_enabled=1

### Enable 40 Mhz channels ###
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]

### Allow all MAC Address ###
macaddr_acl=0

### Use WPA Auth ###
auth_algs=1

### Require clients to know the network name ###
ignore_broadcast_ssid=0

### Use WPA2 ###
wpa=2

### Enable Pre-Shared Key ###
wpa_key_mgmt=WPA-PSK

### Network key ###
wpa_passphrase=<password-here>

### Use AES ###
rsn_pairwise=CCMP

Now we should tell to the which configuration file the init script should use, in order to do this we need to edit the file “/etc/default/hostapd” and comment out the parameter “DAEMON_CONF=” and fill it with the path to the previously created hostapd configuration file. At the end the file should be like that:

# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
# -d show more debug messages (-dd for even more) 
# -K include key data in debug messages 
# -t include timestamps in some debug messages 
# 
# Note that -B (daemon mode) and -P (pidfile) options are automatically 
# configured by the init.d script and must not be added to DAEMON_OPTS. 
# 
#DAEMON_OPTS=""

 

Configure the network interface and Firewall (iptables) rules

We configure now the interface wlan0 in the file “/etc/network/interfaces” in order to disable the automatic configuration through wpa_supplicant and assign a static IP to the wlan0 interface and make it as a default gateway for the clients.
Comment the section “iface wlan0 inet manual” and “wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf”.

# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

allow-hotplug wlan0

#iface wlan0 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface wlan0 inet static
  address 10.5.5.1
  netmask 255.255.255.0
  network 10.5.5.0
  broadcast 10.5.5.255

allow-hotplug wlan1

iface wlan1 inet manual
  wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

We need now to setup our Raspberry Pi as a “Router” so we should now enable the packets forwarding into the kernel with:

sudo echo 1 > /proc/sys/net/ipv4/ip_forward

But this will only enable temporary the packet forwarding so in order to make it permanent we should edit the file “/etc/sysctl.conf” and add (or comment out if exist)

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

The configuration is almost finished, we need only to setup the iptables rules

iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -A FORWARD -i usb0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o usb0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -j DROP

Save the current iptables rule with

iptables-save > /etc/iptables.ipv4.nat

We configure the rule to be loaded at boot by edit the file “/etc/rc.local” and add at the end of the file (before the “exit 0) the following lines:

iptables-restore < /etc/iptables.ipv4.nat

Why “usb0” interface in the iptables rules?
Probably you are asking why I’ve chosen the usb0 interface in the iptables rules instead of ppp0. I’ve chosen usb0 because my 3G key (a ZTE MF730) is switched by the usb-modeswitch project as an USB Ethernet interface (this happens also for some Huawei 3G/4G key).

 

Starting the services

The configuration now is ended so let’s start the services!
First of all restart the networking in order to apply the modification

[email protected]:~# /etc/init.d/networking restart

Then start or restart if running the DHCP Server service

[email protected]:~# /etc/init.d/isc-dhcp-server restart

Start hostapd

[email protected]:~# /etc/init.d/hostapd restart

We are done! Now you should see your Wi-FI Network and able to connect to it. You can also use now use multiple devices through your 3G/4G USB key.