Aug 112012
 

QuickLinks
Part 1 – How to create a wireless network on your RPi
Part 2 – How to make your RPi into a Wireless Access Point
Part 3A – Issues with HostAPD ? Click here
Part 3B – Issues with HostAPD ? Click here!

In Part 3, we will turn the Raspberry Pi into a router. The Pi will use the ethernet port as the “WAN” port, and the wireless adapter as the “LAN” side of things.
First thing we need to do is to enable packet forwarding.
In the file /etc/sysctl.conf, we need to uncomment the following line (should be line 28).

#net.ipv4.ip_forward=1

After changing that, run this command to re-read the sysctl.conf file

sysctl -p

We will also need to install the iptables utilities if they are not already installed, and alter the dnsmasq.conf file so that dnsmasq will assign a gateway to the computers.

Firstly we install iptables.

apt-get install iptables

Then we will add this line to dnsmasq.conf.
The IP address is the same one we gave to the WiFi adapter back in Part 1

dhcp-option=3,10.0.0.1

We will need to create an iptables script to tell the Raspberry Pi to forward packets from the WiFi interface to the LAN interface. This script will need to run at startup in order for it to be a router.
I have created the following file in /etc/network/if-up.d/ called router. By placing the script in that directory, it will be run every time the Raspberry Pi comes online.
This file contains the following lines

iptables -F
iptables -X

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i wlan0 -j ACCEPT
iptables -A OUTPUT -o wlan0 -j ACCEPT

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -j ACCEPT

After creating this file, make it executable by using this command

chmod +x /etc/network/if-up.d/router

Once that router.sh file has been run, it should start forwarding traffic from the WiFi Interface to the LAN interface !

** UPDATE **
As a few people have found out, the IP address of the Pi does not get set correctly until you take down wlan0 and bring it back up after hostapd starts.
I have not found out why yet, but the workaround I am currently using consists of editing /etc/init.d/hostapd, and modifying the start case statement to include ifdown wlan0 && ifup wlan0 at the end of it.
I failed to copy the statement I am talking about, but if you’re familiar with scripting it shouldn’t be too hard to figure out. Otherwise I’ll get the code I modified up here soon.

** UPDATE 2 **
Looks like a Pi user has successfully gotten hostapd running on the realtek devices.
Info can be found here


If you have found this post useful, please consider donating by pressing on the button below. Donating will help keep this site up and running :)




Share

  72 Responses to “How To : Use The Raspberry Pi As A Wireless Access Point/Router Part 3”

  1. Hi
    Would it be possible to set it up, so that act as an access point, but at the same time connects to the network using the WiFI instead of the ethernet port?

    I.e.. I’m often in a Hotel where you’ll have to pay for internet access and most of the time you can only connect with one device, having the RPi connecting to the Hotel network and then act as an access point for my devices would be pretty cool….

    If it could create a VPN tunnel using OpenVPN to my home network, would even make it cooler…

    Any ideas, TIA

    /Søren

  2. Hello,
    I would like to make web page, which will be working as splash (welcome) screen for clients who connect to my AP. AP (RPi) don’t have (continuous) access to Internet.
    Could you tell me, How shuld I configure the IPtables.

    Thanks!

    • Do you mean you want the RPi to be able to display a webpage ?
      Just need to run a webserver to display the page

      • I want to run a webserver and anybody who connect to my AP (RPi +WiFi) would be redirected to webpage hosted on it.
        Eg. If you have mobile / smartphone and choose my wlan network, you wouldn’t type anything, but my page appear in a browser.

        I solved my problem with command :
        sudo iptables -t nat -A PREROUTING -d 0/0 -p tcp –dport 80 -j DNAT –to 10.0.0.1:80

        Perhaps I didn’t describe my problem enough precisely.
        Thansk,

        • Ahh i see.
          Well your solution is exactly what I would’ve done :)

        • Hello,
          I always get an error message, when I use this command:
          # iptables -t nat -A PREROUTING -d 0/0 -p tcp –dport 80 -j DNAT –to 192.168.2.1:80
          -> iptables v1.4.14: multiple -d flags not allowed
          and with the command:
          # iptables -t nat -A PREROUTING -d 0/0 -p tcp –-dport 80 -j DNAT –to 192.168.2.1:80
          -> Bad argument ’192.168.2.1:80′

          Any idea?

  3. Is it possible to do the opposite
    Pi will use the ethernet port as the “LAN” port, and the wireless adapter as the “Wan” side of things.

    • Yes there is. Just follow part 3 But swap the lan and wifi

      • Great tutorial. I’m using this to connect an ethernet music player to my wifi via the RasPi.
        One question though, if I connect using this method, will the Pi still be able to access the internet also as its own device, or will it just have to work as a router and do nothing else? If so, I might go the extra mile and make a bridge to allow me to still be able to connect with the Pi.

  4. If this was all set up and working fine, is there any reason why eth0 could not be connected to a remote PPTP VPN server and devices connecting to the wifi essentially access the internet through the VPN server?

    Looks a very useful tutorial, thank you for taking the time to write it.

  5. Hey,

    I managed to set everything up after reading your great tutorial, but now I experience disconnects. Sometimes a connection holds for 2h or even more and sometimes one 20-30 min. Afterwards I am not able to connect again. For testing purposes I than put wlan0 down and up again, reset the ip and restarted hostapd and dnsmasq. It then seemed to work again (until the next reconnect), but it is not a solution. As I am fairly new to all this, could you tell me which log files I could check to find the culprit?

    • You can check the syslog. I don’t recall off the top of my head whether hostapd has a log file, but if it did it would probably in /var/log.

      Which version of the Pi do you have ?

      • I have the normal model B. As I don’t see mount points it is rev. 1, I guess.
        But I think, I found the reason. It seems to be the WIFI-Dongle or the driver to be more specific.
        Somewhere I found that adding dwc_otg.microframe_schedule=1 to the cmdline.txt may help, so I am trying that right now. If the connection survives the next two days, I consider the problem solved, so let’s hope the best^^

        I will keep you informed.

        Best regards,

  6. Great tutorial! I have two wifi dongles attached with traffic routing from one to the other. Will come in handy the next time I’m in an airport lounge.

    I ran into a problem with the router.sh script. The file wouldn’t execute while other files in the if-up.d directory came up just fine. The problem is apparently in the name. It can’t contain a period. Changing the name to “router-sh” solved the problem.

    Thanks again!

  7. Thanks for the great tutorial! Was easy to get my RaspberryRouter running ;-)

    But do you experience many lost packages as well?
    When I ping the raspberry then I have on average 25% lost.

    Pinging 10.0.0.1 with 32 bytes of data:
    Reply from 10.0.0.1: bytes=32 time=2ms TTL=64
    Request timed out.
    Reply from 10.0.0.1: bytes=32 time=2ms TTL=64
    Reply from 10.0.0.1: bytes=32 time=2ms TTL=64

    Ping statistics for 10.0.0.1:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

    I cannot think of anything to solve that… Or is there something I could do?

    • Oh sorry I forgot to mention that I have a Raspberry Pi model B rev2. And a RT5370.

    • Try a longer ping. Say 100 packets. Also, whats the signal.strength from your laptop ? is there any interference on the channel ?

      The cheapie rt5370 adapters aren’t very powerful so you’ll need to be close to use the wifi reliably.

      • Thank you for the quick answer.

        Yes I tried with 100 packets a few times (16%, 10% and 20% loss).
        My laptop (Win7) is right next to the raspberry pi.
        The signal strenght is good (-52 dBm).
        And there is no interference on the channel, because there is no other Wifi in this area.

        I just tried an old hackintosh that I still have here, and with that one I tried a couple of times and always 0% loss !???

        • Maybe its windows then haha.

          Not sure about that sorry. You might have to look into tweaking the windows WiFi.

          • Haha might be that it is Windows ;-)

            Anyway while surfing I’ve not even realized that packets are lost! So no problem here.

            But you are right the RT5370 might be a bit weak.
            Now I have 2 computers and 2 phones connected and the phones loose the connection quite often but reconnect immediately.

            Someone recommendation or good experiences with an wifi adapter?

          • There are more powerful RT5370s out there. Its just the cheap ones tend to be weaker. Have a look on ebay or dealextreme. There are 1000mw ones out there, which is 10x more powerful !

  8. my pi is creating hotspot properly but the problem is connecting to that network in windows it says problem with the access point ….so im not able to connect to my pi’s network and ssh wirelessly…:(
    you have any idea..? please help me out.!!

    • Can any other devices connect at all ?
      I have the same issue on some of my devices not connecting to my RaspAP as well so I’m trying to work out why.
      Do you have a monitor connected to the Pi at all as well so you can see the output ?
      Maybe try connecting without security and see if that helps ?

  9. i just want to ssh wirelessly in to my pi using my usb wifi attached to pi….for that should i need to follow all three parts of the tutorial which is given here..? im new to this please help me..!!
    -thank you

    • Just Part 1.
      I’m assuming you have 2 devices, your Pi with the USB Dongle, and your Laptop with WiFi ?
      What have you got setup so far ?

  10. yeah iam using 3 device as u told and wen i try with the open network also it says limited access in windows and when i ping my pi’s ip in cmd it says destnation host unreachable…:( ..!!!
    im using dns masq for for forwarding ip address…!!1 :( but ill not working is it because its not forwarding ip address….???

  11. auto lo
    iface lo inet loopback
    iface eth0 inet static
    address 192.168.137.30
    netmask 255.255.255.0
    gateway 192.168.137.1
    iface default inet dhcp

  12. this is my etc network interfaces file

  13. Hi,

    I followed the tutorial (part 1 and 3) in order to turn my RPi into a wireless router, but I’ve encountered some problems.
    First problem: My network doesn’t show up on the list when I scan for wireless networks with my laptop — the network is hidden for some reason. I can still connect to it, though.
    Second problem: I have no internet access on my laptop when I connect to Raspberry Pi (and yes, Raspberry Pi is connected to the internet via eth0). I can ping Raspberry Pi from my laptop, I can ping my laptop from Raspberry Pi, but I can’t ping anything else from my laptop. I’ve tried running traceroute on few sites and found out that packets go no further than raspberry pi. (I also modified some files in hope I’ll solve the problem. No such luck for me…)

  14. Oh, I got my RPi to work as a router. Just a note: please fix the iptables script. There should be one more line in that script:

    iptables -A FORWARD -o wlan0 -j ACCEPT

    Network still remains hidden, though (at least on linux).

    • Are you trying to host something on the Pi ? I didn’t have any issues with my script…strange.

      I’ll add a note in though, thanks.

  15. Hi,

    just on hint:
    In the router.sh there must be the first line

    #!/bin/sh

    otherwise i got an error: exec format error

    If someone – like me – works just with copy and paste the script won’t run without this first line… :-)

    Great tutorial – now my Raspi works very fine as a router!

  16. Hi,

    first of all: Great tutorial! I’ve just been searching for something like your work!

    I have a simple (maybe stupid) question:

    What is the difference between bridging wifi to ethernet (and vice versa) like described in part 2 and turning the RPi into a router like described in part 3?

    Would it not be enough to do either part 2 or part 3? As I see, in both cases the wifi requests get connected with the ethernet. Or am I missing something?

    Thank you again for this tutorial and for reading my comment (including stupid questions ;) )

    • No such thing as a stupid question :)
      Bridging Ethernet -> wifi means that all packets stay on the same logical network, even though they are using a different medium to get to their destination.

      Routing means that there are 2 networks, and the Pi will act as the junction point in between those 2 networks.
      This allows things like shaping, packet filtering, port redirecting to occur between 1 network and the Pi’s Wireless network.

      Both essentially do the same thing, i.e. both broadcast the ethernet network out on the Pi’s wifi. But the router will have more say over where the packets go

  17. Hello,

    i created the files and configs like this tutorial advices for router wlan0 to ethernet.
    sad that it seems no reply from ethernet is forwarded to connected wlan client.

    i connect a laptop wlan to raspberry pi. hostapd and dnsmasq running. but the laptop do not show requested website.
    In the log of dnsmasq says
    Feb 12 20:50:37 raspberrypi dnsmasq[2021]: query[A] www.hosteurope.com from 10.0.0.51
    Feb 12 20:50:37 raspberrypi dnsmasq[2021]: forwarded www.hosteurope.com to 192.168.178.1
    Feb 12 20:50:37 raspberrypi dnsmasq[2021]: reply www.hosteurope.com is 80.237.128.168
    Feb 12 20:50:39 raspberrypi dnsmasq[2021]: query[A] www.hosteurope.com from 10.0.0.51
    Feb 12 20:50:39 raspberrypi dnsmasq[2021]: cached www.hosteurope.com is 80.237.128.168

    10.0.0.51 is laptop client and 192.168.178.1 is ethernet router raspberry pi connect to.

    i think reply do not get forwarded from ethernet to client?
    Something missing in iptables configuration?

    Appreciate your help!
    sorry for my patchy english!

    • Can your laptop ping anything on the internet, or anything in the 192.168.178.0 network ? ?
      Can you run iptables -L and paste what comes up ?

      • Hello,

        No, the laptop cannot ping hosts in the internet as 173.194.69.94 and in the local net 192.168.178._ I only ping raspberry pi but no other computers.

        sudo iptables -L makes this output
        Chain INPUT (policy ACCEPT)
        target prot opt source destination

        Chain FORWARD (policy ACCEPT)
        target prot opt source destination

        Chain OUTPUT (policy ACCEPT)
        target prot opt source destination

        Does this give information about what is going wrong?
        Gracias for your help

        • Iptables doesnt seem to be setup…
          Also what’s the configuration of your network ?

          • SirLagz,

            only a idea: The rout.sh script needs root permission, correct?
            Maybe it is not run with this permission but with user level permission?
            If not root the script returns several times this
            iptables v1.4.14: can't initialize iptables table `filter': Permission denied (you must be root)
            Perhaps iptables or your kernel needs to be upgraded.

            The configuration of my network is following. A router (192.168.178.1) is connected to internet and to a switch which connects a few computers in network 192.168.178._ .
            Raspberry pi is connected by eth0 to router through switch (as 192.168.178.31) and can get reached by computers in 192.168.178._ network. It provides wlan0 with ip 10.0.0.1 because I followed your tutorial ;)
            A laptop connects to wifi from raspberry pi and tries to reach internet through wlan0 (10.0.0.1), eth0 (192.168.178.31), switch and router (192.168.178.1). Like written laptop cannot ping computers of 192.168.178._ network and neither internet hosts.

          • Remove the . in the script name if the script is in /etc/network/if-up.d
            In this case, you’re probably better off turning the Pi into a bridge (part 2) rather than a router as you don’t need the router capability.
            Also saves you having to try and configure iptables.

          • Indeed, the dot made this problem!
            Unbelievible that a character in a comment line can prevent the whole script.

            Now it works and iptables -L looks like
            Chain INPUT (policy ACCEPT)
            target prot opt source destination
            ACCEPT all -- anywhere anywhere
            ACCEPT all -- anywhere anywhere

            Chain FORWARD (policy ACCEPT)
            target prot opt source destination
            ACCEPT all -- anywhere anywhere

            Chain OUTPUT (policy ACCEPT)
            target prot opt source destination
            ACCEPT all -- anywhere anywhere
            ACCEPT all -- anywhere anywhere

            Maybe you want to add this to your how-to so that one can see how it should be when doing iptables -L?
            Thank to you!

  18. Hi SirLagz,

    I’m trying to share my internet connection on my Pi (WiFi-connection) via ethernet to an Xbox 360. But I haven’t been able to pull this off. I followed you instruction (only Part 3) as you stated in a previous comment about the same topic and I’ve also swapped eth0 and wlan0 because I’m trying to forward my wlan connection.

    What I haven’t got working as well was dnsmasq thus I couldn’t edit the dnsmasq.conf file.

    I’m not getting any errors from iptables and/or my Pi though, and Raspbmc is still working just fine (with internet access). But my Xbox won’t find the network. What am I doing wrong? Am I missing something?

    Thanks in advance,
    Tinu

    • So are you trying to connect the XBox to the Pi via Ethernet ?

      Are you using RaspBMC as the base ?
      Is the XBOX getting an IP address ?
      Can you check the syslog on the Pi to see if it’s requesting an IP Address ?

      • Yes, the xbox is connected to the Pi via Ethernet and the Pi is connect to the LAN via WiFi.
        I’am using Raspbmc as the base yes. But the Xbox fails when trying to connet to the network.

        The syslog spits out:
        Mar 13 02:02:03 raspbmc dhclient: Listening on LPF/eth0/b8:27:eb:a8:57:f8
        Mar 13 02:02:03 raspbmc dhclient: Sending on LPF/eth0/b8:27:eb:a8:57:f8
        Mar 13 02:02:03 raspbmc dhclient: Sending on Socket/fallback
        Mar 13 02:02:03 raspbmc dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
        Mar 13 02:02:06 raspbmc dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
        Mar 13 02:02:09 raspbmc dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7

        • Can you paste the output of ifconfig once it’s all setup ?
          sounds like something isn’t right if it’s trying to get an IP address on eth0

          • Ok, I’ve been trying some more and I was finally able to install dnsmasq.

            Here are all the files I changed and the log files: http://pastebin.com/jvT7dv1y

            Now my Pi seems to have lost connection to the internet (LAN still working fine) – can’t ping google – and my Xbox won’t connect either. But if I shut down the Xbox and reboot the Pi the internet seems to work just fine again. Looking at the syslog the ip-config seems to fail? What the heck am I doing wrong here – seems like I messed things up quite a bit!?

          • Can you also post the contents of your /etc/network/interfaces file ?

  19. Thanks for the tutorial!

    I had the same problem mentioned at the end of your blog (“As a few people have found out, the IP address of the Pi does not get set correctly until you take down wlan0 and bring it back up after hostapd starts.”)

    I found this command on another blog:

    sudo update-rc.d hostapd enable

    That command put the hostapd startup ahead of the networking startup. After this, the RaspberryPi wireless router started up fine.

    • Interesting.
      The apt-get install command should do that automatically, but nevertheless if it helped you then great find !
      Thanks for the tip !

  20. Hello
    A very useful post along with your othe related post.
    I have been using a wireless router (d-link) as a go between for an arduino with Ethernet shield attached and an iPad. The arduino is the host and the router relays information between the iPad and the arduino using osc. They need to be configured with each others IP address supplied within the range of the router. Works very well.

    I thought a rasberry pi with a wireless adapter might do the same thing. If so, instead of connecting to the Internet, can I connect to the arduino (via Ethernet) and use the wireless to send/receive with the pi handling the transfer. If so, which is LAN and which is WAN?

    Hope you can help.
    Thanks
    Nick

    • Yes, you can do that.
      Setup the Pi like the configuration specified in this post, but swap eth0 and wlan0 where you see them

      LAN would be the Ethernet
      WAN would be the WiFi USB device

  21. [...] create a Wireless Network On Your RPi Part 2 — How to make your RPi into a Wireless Access Point Part 3 — How to make your RPi into a Router Part 3B – Issues with HostAPD ? Click [...]

  22. Hi,

    Not sure what I am doing wrong, but cannot seem to get it to work. Can you please supply each config file to google docs or something similar (or possibly create a script that executes it all?)

    • Perhaps if you supplied the errors you were coming across, then that would help ?
      All configuration files I’ve used I’ve posted on these 3 parts.

  23. Thanks for a great tutorial.

    I have a Pi and an all-in-one network printer (HP m1536dnf) which can be connected to the network via ethernet.

    My problem is that my printer is located in a place too far away from my router and I do not want to pull a long LAN cable across 2 rooms.

    What I am trying to do is to use the Pi a my “LAN cable” to hook up my printer wirelessly to the network.

    I think I have some idea from your tutorial but am not sure what is the best/easiest way to do it.

    Thanks again.

    Rob

    • IMHO, The easiest way is to pull the LAN cable.
      If you can find out what ports the network printer wants to use to talk to all the computers, you can setup the Pi as a router, with the wireless part of the router being wlan0, and the ethernet being eth0. So pretty much the reverse of what this post does.

      To find out what ports the network printer uses, you can run a wireshark dump when trying to print to that printer, and then note down all the DPT and SPT lines that have the IP address of the printer.

  24. Hi, my raspberry is connected to a display and it is directly connected to a router , both the raspberry and router configured with a static IP address. But initially i could ssh but after few hours when i ping i get the reply saying that “destination host unreachabe” il have to reboot the pi if to get the network back. But i want the network to be up all the time ? can i know how can i do this ?
    is there any timeout like after few hours it will go off the network

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>