top of page

Wireless access upgrade to my HomeLab: Using RPi4B!!

Updated: May 3, 2021

Among many other uses of Raspberry Pi, it can also be used to make a DIY routed wifi access point in your home lab network. Now, why would I require a wifi access point for my home lab network?

The network setup shown below allows me to achieve two goals:

  1. Ability to access my Home Lab from anywhere in my house.

  2. Provide a network segmentation and access control between devices inside my home lab network and devices that connect to the internet.

I used the RPi4B 4GB model RaspberryPi, however, the 2GB model would also serve the purpose . Refer the steps below to build your own home lab/ home network "Routed Wifi Access Point" using a RaspberryPI:

  1. Use the desktop version of Raspbian OS image for this project. The reason why I am suggesting the desktop version is because you would have to manually set IP address to the different RPi network interfaces during this setup. This makes SSH a less convenient option.

  2. Connect your RPi to a monitor, keyboard and mouse.

  3. Connect the eth0 interface of your RPi to your internal/lab network

  4. Ensure wlan0 or the wifi interface of the RPi is connect to the internet; for now

  5. Update your RPi

sudo apt update
sudo apt full-upgrade

6. RPi needs 'hostapd' in order to work as an access point. Install 'hostapd'

sudo apt install hostapd

7. Enable the Wifi access point service and set it to start when the RPi boots

sudo systemctl unmask hostapd
sudo systemctl enable hostapd

8. Install 'dnsmasq' to enable the RPi to provide network management services such as DNS and DHCP

sudo apt install dnsmasq

9. Finally install 'netfilter-persistent' and it's plugin 'iptables-persistent'. This allows the RPi to store firewall rules and reload them when the RPi boots up

sudo DEBIAN_FRONTEND=noninteractive apt install -y netfilter-persistent iptables-persistent

10. We have completed the download and install of all required services for this project. Now, disconnect the wlan0 interface from the internet.

11. Now we setup the RPi to route traffic from wlan0 interface to the eth0 interface. We assign static IP addresses to wlan0 and eth0 by editing the dhcpcd.conf file.

12. Add the following lines to the end of the file 'dhcpcd.conf'

	interface eth0
	static ip_address=<enter an IP address as per you lab network subnet>/<subnet CIDR>
	interface wlan0
	static ip_address=<enter the Default gateway IP of your planned external network>/<subnet CIDR>

13. Now we need to enable IP routing service in our RPi. For this we create the file 'routed-ap.conf'

     sudo nano /etc/sysctl.d/routed-ap.conf

14. Now add the following lines to the file and save it


15. Now we need to enable the RPi to be able to forward traffic from the foreign wifi network to our internal lab network. To enable this, we add a 'Maquerading' firewall rule

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

16. Save the current firewall rules to netfilter-persistent, so that the rules are loaded during RPi boot-up

sudo netfilter-persistent save

17. Let us configure the DNS and DHCP services using the 'dnsmasq' service. The dnsmasq comes with a default configuration file. However, it has too many configuration options, majority of which we will not be using for this project. Let us rename it first

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

18. Now let us create the new dnsmasq.conf file

sudo nano /etc/dnsmasq.conf

19. Add the following line to the file and save it

interface=wlan0 #listening_interface
dhcp-range=<start-ip>,<end-ip>,<external network subnet mask>,<lease time in hours> 

20. Ensure wireless operation

sudo rfkill unblock wlan

21. Now we configure the wifi access point. For this we create the 'hostapd.conf' file

sudo nano /etc/hostapd/hostapd.conf

22. Add the following lines to this file and save it:

country_code=<yourcountrycode e.g. IN>
ssid=<name of your wireless access point>
wpa_passphrase=<enter you wireless access point password>

23. Reboot the RPi and your routed wireless access point is ready!!

sudo systemctl reboot


38 views0 comments
bottom of page