quick introduction into forwarding your connection from one interface to another
This guide explains how you can share your internet connection with other devices using NAT and setup a DHCP server so connected devices are automatically configured.
Afterwards you can connect to the device via e.g. ethernet and you automatically get an IP address via DHCP and all traffic will be tunneled and forwarded through the device.
This guide will not cover:
The following names will be used throughout the guide and can be changed according to your setup.
|wlan0||connected to an internet uplink|
|eth0||device that the connection will be forwarded to|
|10.0.0.1||IP address of eth0|
|10.0.0.0/24||subnet of eth0|
This section contains alternative titles and topics of this article that can be used to build a search index.
raspberry pi raspberrypi dnsmasq dhcp static share sharing bridge bridging reverse router nat wifi wlan
eth0 needs a static IP Address, because there is no DHCP server to get an address from. (If there is, skip this step.)
Create a file named /etc/network/interfaces.d/eth0_static with this content:
auto eth0 allow-hotplug eth0 iface eth0 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255
By default the DHCP client will overwrite these settings. Tell them to not care about eth0. Insert this line into /etc/dhcpcd.conf:
There is no DHCP server behind eth0. We have to create one. (If there is, skip this step.)
Install dnsmasq. Create a file named /etc/dnsmasq.d/dhcp_server.conf with this content:
interface=eth0 # use interface eth0 listen-address=10.0.0.1 # explicitly specify the address to listen on bind-interfaces # Bind to the interface to make sure we aren’t sending things elsewhere server=184.108.40.206 # the DNS server to be used. this one is run by digitalcourage e.v.; feel free to change it domain-needed # Don’t forward short names bogus-priv # Never forward addresses in the non-routed address spaces. # Assign IP addresses between 10.0.0.50 and 10.0.0.150 with a 12 hour lease time dhcp-range=10.0.0.50,10.0.0.150,12 dhcp-option=3,10.0.0.1 # gateway which is connected to the internet -- this computer
All incoming traffic on eth0 should be forwarded and NATed to the uplink wlan0.
Forwarding has to be enabled in the kernel.
Uncomment or insert this line into /etc/sysctl.conf:
This will only be loaded on boot. Reload the file now using:
Execute the following commands:
sudo iptables -t filter -A FORWARD -i eth0 -j ACCEPT sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
These rules are not persistent by default, so install iptables-persistent and then execute:
iptables-save > /etc/iptables/rules.v4
Things i do when things go wrong.