Updated: May 3, 2021
Among many other uses of Raspberry Pi, it can also be used to make a DIY routed wifi access point in your home lab network. Now, why would I require a wifi access point for my home lab network?
The network setup shown below allows me to achieve two goals:
Ability to access my Home Lab from anywhere in my house.
Provide a network segmentation and access control between devices inside my home lab network and devices that connect to the internet.
I used the RPi4B 4GB model RaspberryPi, however, the 2GB model would also serve the purpose . Refer the steps below to build your own home lab/ home network "Routed Wifi Access Point" using a RaspberryPI:
Use the desktop version of Raspbian OS image for this project. The reason why I am suggesting the desktop version is because you would have to manually set IP address to the different RPi network interfaces during this setup. This makes SSH a less convenient option.
Connect your RPi to a monitor, keyboard and mouse.
Connect the eth0 interface of your RPi to your internal/lab network
Ensure wlan0 or the wifi interface of the RPi is connect to the internet; for now
Update your RPi
sudo apt update sudo apt full-upgrade
6. RPi needs 'hostapd' in order to work as an access point. Install 'hostapd'
sudo apt install hostapd
7. Enable the Wifi access point service and set it to start when the RPi boots
sudo systemctl unmask hostapd sudo systemctl enable hostapd
8. Install 'dnsmasq' to enable the RPi to provide network management services such as DNS and DHCP
sudo apt install dnsmasq
9. Finally install 'netfilter-persistent' and it's plugin 'iptables-persistent'. This allows the RPi to store firewall rules and reload them when the RPi boots up
sudo DEBIAN_FRONTEND=noninteractive apt install -y netfilter-persistent iptables-persistent
10. We have completed the download and install of all required services for this project. Now, disconnect the wlan0 interface from the internet.
11. Now we setup the RPi to route traffic from wlan0 interface to the eth0 interface. We assign static IP addresses to wlan0 and eth0 by editing the dhcpcd.conf file.
12. Add the following lines to the end of the file 'dhcpcd.conf'
#Static_IP_for_etho interface eth0 static ip_address=<enter an IP address as per you lab network subnet>/<subnet CIDR> #Static_IP_for_wlan0 interface wlan0 static ip_address=<enter the Default gateway IP of your planned external network>/<subnet CIDR>
13. Now we need to enable IP routing service in our RPi. For this we create the file 'routed-ap.conf'
sudo nano /etc/sysctl.d/routed-ap.conf
14. Now add the following lines to the file and save it
15. Now we need to enable the RPi to be able to forward traffic from the foreign wifi network to our internal lab network. To enable this, we add a 'Maquerading' firewall rule
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
16. Save the current firewall rules to netfilter-persistent, so that the rules are loaded during RPi boot-up
sudo netfilter-persistent save
17. Let us configure the DNS and DHCP services using the 'dnsmasq' service. The dnsmasq comes with a default configuration file. However, it has too many configuration options, majority of which we will not be using for this project. Let us rename it first
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
18. Now let us create the new dnsmasq.conf file
sudo nano /etc/dnsmasq.conf
19. Add the following line to the file and save it
interface=wlan0 #listening_interface dhcp-range=<start-ip>,<end-ip>,<external network subnet mask>,<lease time in hours> #the_dhcp_ip_pool_for_external_network domain=<yourdomain> address=</gw.yourdomain/external_nw_default_gatewayip>
20. Ensure wireless operation
sudo rfkill unblock wlan
21. Now we configure the wifi access point. For this we create the 'hostapd.conf' file
sudo nano /etc/hostapd/hostapd.conf
22. Add the following lines to this file and save it:
country_code=<yourcountrycode e.g. IN> interface=wlan0 ssid=<name of your wireless access point> hw_mode=g channel=7 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=<enter you wireless access point password> wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
23. Reboot the RPi and your routed wireless access point is ready!!
sudo systemctl reboot