Return to Level1Techs.com

Raspberry Pi Router in Bridge Mode

My apartment recently changed our internet service (without asking) and it kinda screwed somethings up for me. I had somewhat crappy internet but it was good enough for non-competitive games on ethernet and my FreeNas server running Nextcloud and a couple other plugins. It was a simple set up with everything plugged into the provided modem/router combo unit.

Then they decided to change to a wifi only provider. The wifi is faster but I have no way to get internet to my server (luckily my desktop has wifi). I do happen to have a raspberry pi (model 3b), usb to gigabit ethernet adapter, and a gigabit switch laying around.

I want to install Fedora Server 27 (only because that’s what I am most familiar with) on my pi and set it up as a router. I have seen a couple videos showing how this is done but I have not seen any that take in WiFi on the WAN side. Also networking is not my strong suit but I love tinkering with stuff and am willing to learn.

Is this possible?? Has anyone done this before and has advice?? halp!

At least some of what you need is possible to do easily using the pi.

Internet can be got to the server using the raspberry pi like a glorified wifi adapter. I do this often on my laptops when working on a headless raspberry pi without an available ethernet network.

It can be done using networkmanager (nmtui will work for this, so a graphical environment is not required if you are not running one), creating a new ethernet connection (call it something like wifi to ethernet) and setting the ipv4 setting to “shared to other computers”. What this will do is make the computer (pi in your case) act like a router on the ethernet interface, with the wifi interface acting like it is wan. I think this works fine if you plug the pi into a switch for multiple devices.

Where things may not be ideal is that it hosts a dhcp server that provides ip addresses (mine does so in the 10.42.0.* range) to other devices on the ethernet network. Requests to the internet from these devices will be sent through the wifi connection of the pi. This means that if a device is connected to the ISP’s wifi network, it will not be able to communicate with the devices on the pi’s network and vice aversa (without having to go through some way to bridge the NAT).

There is probably another way to do this but actually bridge the interfaces so that devices on wifi can still communicate with ethernet devices, but I do not have one in my mind right now, I will reply again if I do.

I can provide screenshots and better instructions for the networkmanager & nmtui approach if you would like.

3 Likes

That’s perfectly ok with me. I don’t think device discovery is blocked on the new wifi but I don’t want my neighbors to see my server anyway.

I will try this out and let you know how it goes! Thank you!

P.S. nmtui seems so much nicer than nmcli

Is there a way to change the range? Like make it use the 192.160.0.0/24? I believe the wifi defaults to 10. something as it is now

Wait, so the router from your ISP does not have an ethernet port? I’ve never heard of such a thing! I would contact them and insist that they provide one. Assuming you pay for your connection yourself and it doesn’t come with the apartment somehow, anyway.

If not, I wouldn’t use a RPi, I would get a standard SOHO router from Asus or Netgear or whatever and put it in bridge mode.

Looks like you can use a custom dnsmasq config for the networkmanager interface’s dhcp server.

Edit: I was unable to get dnsmasq to start with my config parameters on my machine. https://unix.stackexchange.com/questions/322741/how-to-get-dnsmasq-private-nameserver-to-work-with-networkmanager may have more information about how to set startup parameters for dnsmasq from networkmanager, I am currently unable to test them.

1 Like

Yeah, I was pretty upset about the whole deal. And you have to manually add every device by their MAC address and all these other stupid things. I don’t know how much arguing I can do since the Internet Access was included with the cost of rent. What is even more confusing is that I have a D-Link SOHO router and still have the original ISP Modem-router that can be put into bridged mode. The problem is that I can’t see either one of them anymore, even when my pc is plugged directly into them…

You should be able to put the D-link in bridge mode and then use its ethernet ports for your wired network.

That would be preferred, but I can’t find either routers anymore and I have no idea why. Plus I think this Pi project will be fun and informative

You can easily setup a router using bridged mode, albeit i cannot advice it.
For some reason atleast from my experiences on the raspberry pies, bridged mode gets wierd when you mix, wifi and eth on the same bridge,
really wierd.
before i destroyed my bridge, then the eth just ran butter smooth, but god forbid me i ran a wifi connection simultanously, it’d litterally crash my
whole network.
Honestly you would proberly be better off making a raspberry pi gateway, which gateway’ed cabled home network/hostapd’ed a wifi, then
just connected to the wifi on a seperate connection through feks. wifi.

machineX->raspberryPi->interwebz

I don’t understand why you’d want to bridge your network with the ISP network (have to firewall everything separately, or on L2), and not just have your own LAN and a router that happens to have a wifi wan interface (much more common setup)?

1 Like

Maybe I’m not using the right terminology as networking is not really my thing. I just want my raspberry pi to take in WiFi from my ISP and spit out ethernet to my LAN.

So, you basically need working wifi on the pi, a driver in the shape of kernel modules that probably load a wifi firmware blob, some tools like iw a wpa_supplicant to help with connecting and crypto and a DHCP client like dhcpcd or dhclient. You can set all this up with networkmanager or with systemd-networkd or manually, up to you.

Then you need a working lan connection, setup a static local IP on lan, no gateway.

Then you need the router bits:
specifically you need to enable ipv4 forwarding in the kernel.
You’ll also need DHCP and DNS serving probably for your lan devices, dnsmasq do both.
You’ll also need to configure iptables for NAT, iptables -t nat -A -o wlanifname -j MASQUERADE
… and on the subject of iptables, while setting everything up, try and get things working with default policy of accept for the first time, then start buttoning things down.

You can use miniupnpd to provide automatic port forwarding for packets incoming to wifi interface towards your lan. (iptables DNAT rules get added that rewrite the dst ip to a lan ip)

There’s various wikis for example Arch and Gentoo that describe all of these, and sometimes even describe different choices for these things, e.g. you can use unbound and isc dhcpd or even dnsmasq for DHCP only and unbound for DNS… If you wanted to use encrypted DNS from cloudflare 1.1.1.1 … sometimes you’ll see various frontends to iptables… Most are pointless if you don’t know how iptables works to begin with.

You might even see references on how to setup your pi wifi to additionally also work as an accesspoint at the same time (you’ll need to use iw and hostapd and probably something else to have the system apply iw configuration and start hostapd automatically); then you’d want to bridge this other network wifi interface to your lan and setup IP and firewall and whatever on your bridge

1 Like