NAT+ tropf ABSTRACT quick introduction into forwarding your con‐ nection from one interface to another This guide explains how you can share your internet connection with other devices using NAT and setup a DHCP server so connected devices are automatically configured. 1. Preface 1.1. Goal Afterwards you can connect to the device via e.g. eth‐ ernet and you automatically get an IP address via DHCP and all traffic will be tunneled and forwarded through the de‐ vice. 1.2. Limitations This guide will not cover: • connecting to an existing network (see: wpa_supplicant) • creating a wifi hotspot 1.3. Conventions & Preconditions The following names will be used throughout the guide and can be changed according to your setup. 1.4. Indexing This section contains alternative titles and topics of this article that can be used to build a search index. search tags: 4 December 2020 ‐2‐ raspberry pi raspberrypi dnsmasq dhcp static share sharing bridge bridging reverse router nat wifi wlan alternative titles: • how to set up a router • how to turn wifi into ethernet • sharing a network connection 2. Setting a Static IP Address eth0 needs a static IP Address, because there is no DHCP server to get an address from. (If there is, skip this step.) 2.1. Setting the Actual Address Create a file named /etc/network/inter‐ faces.d/eth0_static with this content: auto eth0 allow‐hotplug eth0 iface eth0 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 2.2. Preventing DHCP From Interfering By default the DHCP client will overwrite these set‐ tings. Tell them to not care about eth0. Insert this line into /etc/dhcpcd.conf: denyinterfaces eth0 3. DHCP Server There is no DHCP server behind eth0. We have to create one. (If there is, skip this step.) Install dnsmasq. Create a file named /etc/dns‐ masq.d/dhcp_server.conf with this content: 4 December 2020 ‐3‐ interface=eth0 # use interface eth0 listen‐address=10.0.0.1 # explicitly specify the address to listen on bind‐interfaces # Bind to the interface to make sure we aren’t sending things elsewhere server=46.182.19.48 # the DNS server to be used. this one is run by digitalcourage e.v.; feel free to change it domain‐needed # Don’t forward short names bogus‐priv # Never forward addresses in the non‐routed address spaces. # Assign IP addresses between 10.0.0.50 and 10.0.0.150 with a 12 hour lease time dhcp‐range=10.0.0.50,10.0.0.150,12 dhcp‐option=3,10.0.0.1 # gateway which is connected to the internet ‐‐ this computer 4. Forwarding All incoming traffic on eth0 should be forwarded and NATed to the uplink wlan0. 4.1. Enable Forwarding Forwarding has to be enabled in the kernel. Uncomment or insert this line into /etc/sysctl.conf: net.ipv4.ip_forward=1 This will only be loaded on boot. Reload the file now using: sysctl ‐p 4.2. Setup iptables Execute the following commands: sudo iptables ‐t filter ‐A FORWARD ‐i eth0 ‐j ACCEPT sudo iptables ‐t nat ‐A POSTROUTING ‐o wlan0 ‐j MASQUERADE These rules are not persistent by default, so install iptables‐persistent and then execute: iptables‐save > /etc/iptables/rules.v4 4 December 2020 ‐4‐ 5. Troubleshooting Things i do when things go wrong. • reboot • sudo systemctl restart networking • check config files • ip a • rewrite config files, srsly • ip r (especially check the default route) • apropos [problem], man [program] • get upset • dmesg (look for link is not ready without link becomes ready afterwards) • sudo ss ‐tulpn 4 December 2020