User Tools

Site Tools


Convert your Raspberry Pi into a Router

Today we are going to convert our raspberry pi into an effective router to create a new local subnet where we can safely host our servers and their services.

The device we are going to use is a Raspberry Pi 3b model with latest Raspbian installed, but any device with *nix, an ethernet adapter and 1 free usb slot (either 2.0, 3.0, usb c, micro usb) with usb-to-ethernet support compiled, should work (most systems have this compiled by default, so it should not be a problem).


a small device (in this case a Pi), a usb-to-ethernet cable (to create a new physical address), a switch (in case you want to extend your connections), ethernet cables (with different sizes, depends on your setup)


a usb hub just in case your device only has 1 usb slot.

Let's get things started!

  1. Connect the your small device to a working router (any router with internet access would do the work), connect it using the onboard ethernet adapter. In this case the gateway interface will be eth0
  2. Connect your usb-to-ethernet dongle to any free usb slot on your device.
  3. You should see a new interface (`ip addr`), our subnet will be on eth1. If you don't see the new interface, make sure your system supports usb-to-ethernet)
  4. Connect a small ethernet cable from the usb-to-ethernet to a switch (for providing networking to other devices)
I highly recommend you do this operations on a physical screen
connected to your device, and a usb keyboard.
Some operations over SSH could make you lose access.

I also recommend you to remove network-manager, netplan, or any networking auto-configuration software, as our server will be configured statically in a way that is supported by most *nix systems.

Start by installing `isc-dhcp-server` package, which is a dhcp server so we can automatically assign ips to our local sub-network on eth1.

apt-get install isc-dhcp-server

Modify /etc/default/isc-dhcp-server to tell isc-dhcp-server to use your eth1 interface. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required).

vim /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
# Path to dhcpd's PID file (default: /var/run/
# Additional options to start dhcpd with.
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".

We will be using the network for our new subnet, but you can use anyone you want!
Modify our dhcpd configuration on /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcpd.conf
# time in seconds, setup to your needs
default-lease-time 600;
max-lease-time 7200;
subnet netmask {
  # the range of ips to give to clients
  # set at your own needs
  # i guess this can be omitted
  option subnet-mask;
  # this is important i guess
  option broadcast-address;
  # we are going to be, the router
  option routers;
  # you will be the dns server too
  option domain-name-servers;
  # otherwise, you can simply not configure a dns server and use any other
  #option domain-name-servers;
# an example of dhcp reservation by mac address
host adevicename {
  hardware ethernet 01:23:45:6a:bc:de;
  fixed-address; # .130 is just an example

Set yourself (the router) a static ip address:

ifconfig eth1 up
ip addr add dev eth1

Configure iptables to route traffic from eth1 to eth0 and viceversa:

# postrouting to our gateway interface eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# this should in theory, block incoming packets that were not established first
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# enable ip forwarding if you haven't done yet
echo 1 > /proc/sys/net/ipv4/ip_forward

To finish the setup, restart the isc-dhcp-server

systemctl restart isc-dhcp-server

We will be using dnsmasq as our DNS Server, because it is very easy to install and configure.

apt-get install dnsmasq

Configure the dns server:

vim /etc/dnsmasq.conf
# bind on custom interface or ip
# log dns queries and dhcp requests
# expand /etc/hosts hosts to your dns
# forward dns request to this ip
# when you can't resolve an address
# if omitted, dnsmasq will use resolvconf to return
# the dns configuration inherited by the dhcp server

Restart the dnsmasq server

systemctl restart dnsmasq

Connect your server or laptop to the switch you've configured earlier, and wollah!


docu/tutos/net/rpi_to_router.txt · Last modified: 2020/02/09 22:24 by admin