User avatar
raynehwang
Posts: 4
Joined: Fri Mar 04, 2016 6:07 am
Location: Shanghai, China

How to make RPi a router with firewall?

Thu Mar 24, 2016 12:37 pm

Hi all, recently I wanna make a router with my raspberry pi, so I googled the solution.But I found that most of those solutions seemed to simply bridge the wlan0 interface with br0 using brctl. I'm wondering if I can make the Pi a real router to create a LAN where all packets going out must pass through the Pi so that the Pi can filter out some packets?
I know hostapd can craete an AP, dhpcd can serve as DHCP server, iptables can do the NAT, but does this require some special functionality of the wireless adapter?
THANKS all !

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: How to make RPi a router with firewall?

Thu Mar 24, 2016 2:08 pm

Greetings.
It's great to see someone from homeland here. 你好 ♫ 我人在张江~

I'm using a Pi as the router.
I subscribed China Telecom's FTTH, so only a Pi is not enough, I also have an ONU whose model is TP LINK TL-EP 110.
No special capability is needed on adapters.

For the filtering part, so you feel the government is still not good enough on that, and you need more?
There are two programs able to do that: common one is "iptables", and the "tc".
You need to tell us what are you trying to filter out.

Maybe I don't get your idea anyway, it would be better if you could describe what are you trying to achieve more specifically.

ghodan
Posts: 118
Joined: Fri Sep 18, 2015 6:05 am

Re: How to make RPi a router with firewall?

Thu Mar 24, 2016 2:13 pm

allfox wrote: For the filtering part, so you feel the government is still not good enough on that, and you need more?
:D :D :D :D
Thx for the first laugh i had today.

User avatar
cheez
Posts: 13
Joined: Wed Mar 23, 2016 5:27 pm
Location: Iowa

Re: How to make RPi a router with firewall?

Thu Mar 24, 2016 2:19 pm

..
Last edited by cheez on Sun Mar 27, 2016 1:48 pm, edited 1 time in total.

Heater
Posts: 18610
Joined: Tue Jul 17, 2012 3:02 pm

Re: How to make RPi a router with firewall?

Thu Mar 24, 2016 3:26 pm

If I wanted to make a router/firewall WIFI access point out of a Raspberry Pi I would be taking a serious look at OpenWRT for the Raspberry Pi. https://wiki.openwrt.org/toh/raspberry_ ... spberry_pi

OpenWRT supports all that and provides a nice web user interface.

Or I'd be looking at webmin viewtopic.php?f=36&t=6096
Memory in C++ is a leaky abstraction .

User avatar
raynehwang
Posts: 4
Joined: Fri Mar 04, 2016 6:07 am
Location: Shanghai, China

Re: How to make RPi a router with firewall?

Fri Mar 25, 2016 2:14 am

allfox wrote:Greetings.
It's great to see someone from homeland here. 你好 ♫ 我人在张江~

I'm using a Pi as the router.
I subscribed China Telecom's FTTH, so only a Pi is not enough, I also have an ONU whose model is TP LINK TL-EP 110.
No special capability is needed on adapters.

For the filtering part, so you feel the government is still not good enough on that, and you need more?
There are two programs able to do that: common one is "iptables", and the "tc".
You need to tell us what are you trying to filter out.

Maybe I don't get your idea anyway, it would be better if you could describe what are you trying to achieve more specifically.
Thanks 张江男~
Actually I'm trying to make a router for a new protocol with IP as the underlay. I plan to design a special format for the payload of IP packets(exactly like TCP over IP) and such format carries the routing information so when the router receives the packets it knows how to forward the packets

User avatar
raynehwang
Posts: 4
Joined: Fri Mar 04, 2016 6:07 am
Location: Shanghai, China

Re: How to make RPi a router with firewall?

Fri Mar 25, 2016 2:59 am

微信截图_20160325104123.png
微信截图_20160325104123.png (23.27 KiB) Viewed 58448 times
cheez wrote:I am using a Pi2 as a router/firewall.
Your title and first sentence state "router" and "firewall", but then near the end you mention wireless access point.
Is the AP really required, or is just a router/firewall sufficient?
There are many threads on the internet of people having glitches with Pi wifi, constantly dropping or resetting. I too ran into this problem when initially I tried using the Pi as the AP. It was too glitchy. While perhaps I could accept it, I knew I would never hear the end of it from the wife and kids. So I ended up using a normal AP with the Pi acting as just the router/firewall portion. (My wireless router was not a model compatible with dd-wrt, so I wasn't able to use that option.) The AP handles the wifi signal (and much more stable at doing it), and the Pi is the network gateway, dhcp, etc.
The built in nic is the WAN side, and I added a usb Ethernet dongle for the LAN side, which is plugged into the AP/switch combo.
Now I can do whatever controlling and monitoring I want.

But to answer your question - no, the wireless adapter does not require any special functionality. The hostapd software would handle that.
Thanks cheez,
I do understand your solution. I thought AP was just used to relay and bridge, but when people refer to an AP, they are actually talking about a wireless router.
Some of my statement might confused you, but here is what I really want
微信截图_20160325104123.png
微信截图_20160325104123.png (23.27 KiB) Viewed 58448 times
What I have tried is, I connect eth0 of Pi to a router's LAN port, and I could see the IP of the Pi's eth0 is 192.168.1.107. And then I plugged the USB WiFi dongle to the Pi and bridge eth0 with wlan0 using brctl and hostapd, yes I did get an SSID on my iPhone and it could access the Internet. But I found that the IP of my iPhone was 192.168.1.108, which was still allocated by the wireless router instead of Pi's dhcpd. I thought that means what my Pi did was simply bridge and create an AP, all the packets between my iPhone and the router went through the Pi, but logically the Pi and iPhone were at the same heirarchy.

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: How to make RPi a router with firewall?

Fri Mar 25, 2016 2:36 pm

I just back to home.

To make a Pi router:
0 - Delete all bridge stuff.
1 - Give wlan0 a static IP. It must in a different IP subnet than eth0.
2 - Run hostapd and DHCP on wlan0.
3 - Enable IP packet forwarding, by editing /etc/sysctl.conf. Uncomment net.ipv4.ip_forward=1.
4 - Because wlan0 is in a private address space, you need NAT: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
5 - Make sure the routing table is right: eth0 should be the default output interface.

Maybe I forgot something, well. 8-)

Good luck on the new protocol.

pcowner
Posts: 4
Joined: Mon Apr 17, 2017 3:08 am

Re: How to make RPi a router with firewall?

Mon Apr 17, 2017 4:01 pm

hello,

Is it possible to set RPi as a router and connect to it (to the Internet, through it) with a laptop using wired Ethernet cable (and put my laptop into Airplane mode). In this case Rpi will use a usb WiFi add-on card? What do I need and how to do it?

johnoo
Posts: 3
Joined: Fri Oct 05, 2018 7:27 pm

Re: How to make RPi a router with firewall?

Fri Oct 05, 2018 7:43 pm

I hope I do not cross any forum's rules but I have a just simple question. In plain English: Is RasPi powerful enough to be router/firewall?
Longer version:
I am asking because I have an old SMC router and it has minimum RAM minimum processing power and it works. I guess router/firewalls like Draytek ones have slightly better specs, but I think they are not as strong as RPi. But I have little to no knowledge about networks.

I was thinking of bringing proper 3g/4g modem, good gigabit switch and good wifi with proper aerials and it can be a proper router or possibly with some extra buttons or touch display a MiFi so asking again. Do you have good experience with RasPi as router/firewall or at least router and what do you think about MiFi idea?

User avatar
DougieLawson
Posts: 41777
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to make RPi a router with firewall?

Fri Oct 05, 2018 8:26 pm

It's not ideal as a router as there's only a single USB 2.0 host with the four USB sockets and the Ethernet all sharing the same 480Mb/s USB 2.0 bus. The RPI3B+ has GB ethernet but you can't run it at full 1000Mb/s speed.
Languages using left-hand whitespace for syntax are ridiculous

DMs sent on Twitter/LinkedIn will be answered next month.
Fake doctors - are all on my foes list.

The use of crystal balls and mind reading is prohibited.

johnoo
Posts: 3
Joined: Fri Oct 05, 2018 7:27 pm

Re: How to make RPi a router with firewall?

Sat Oct 06, 2018 7:06 am

Ok. Thanks for the answer. I have more questions but they are probably too broad (i.e what makes cheap routers better hw for network equipment than RasPi) so I probably need to read more ...
Anyway thanks

User avatar
DougieLawson
Posts: 41777
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to make RPi a router with firewall?

Sat Oct 06, 2018 9:24 am

A router is an embedded Linux system with a single purpose and the hardware interfaces needed to function.

The Raspberry Pi is a general purpose SBC and they've had to compromise on the hardware interfaces to keep the cost down to $35.

The dedicated hardware is obviously a better choice for network routing.
Languages using left-hand whitespace for syntax are ridiculous

DMs sent on Twitter/LinkedIn will be answered next month.
Fake doctors - are all on my foes list.

The use of crystal balls and mind reading is prohibited.

johnoo
Posts: 3
Joined: Fri Oct 05, 2018 7:27 pm

Re: How to make RPi a router with firewall?

Sun Oct 07, 2018 4:52 am

Once again thank you for an explanation.

Kind Regards
Johnoo

Return to “General discussion”