Go to file
2021-04-07 14:51:39 -04:00
etc added files 2021-04-04 00:24:51 +01:00
install.sh udpated install.sh 2021-04-07 14:51:39 -04:00
README.md udpated readme 2021-04-06 11:31:49 -04:00

RaspAProuter

This was inspired since my mother-in-law is using Calyx Institute for the internet and the new hotspot (LineZone2) they have supports USB tethering.

Calyx works where they live and my father-in-law isn't ready to afford StarLink (thank you Elon BTW).

One Line command (use at your own discretion)

curl https://git.leffler.media/Leffler.Media-LLC/RaspAProuter/raw/branch/master/install.sh | bash


Removed un-needed items

apt purge iptables


Install required items

apt install bridge-utils hostapd firewalld dnsmasq


Add country code to enable wifi

echo 'country=US' | tee -a /etc/wpa_supplicant/wpa_supplicant.conf


Enable IP Forwarding

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf


Find NICs

It's usually safe to assume that eth0 is the on-board NIC | wlan0 is the on-board wifi

ip a to find the NICs


Now we create the bridge

nano /etc/network/interfaces

allow-hotplug eth1
auto eth1
iface eth1 inet dhcp

auto eth0
allow-hotplug eth0
iface eth0 inet manual

# automatically connect the wireless interface, but disable it for now
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual

# create a bridge with both wired and wireless interfaces
auto br0
iface br0 inet static
        address 192.168.5.1
        netmask 255.255.255.0
        bridge_ports eth0 wlan0
        bridge_fd 0
        bridge_stp off
  1. It probably wouldn't hurt to reboot now. Hopefully all is working.

Now run rfkill list to make sure that you see the wifi is Soft blocked: no on the WLAN interface which will probably be 0


Add firewalld rules

firewall-cmd --zone=home --add-interface=br0
firewall-cmd --zone=public --add-interface=eth1
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=home --add-service=dns
firewall-cmd --zone=home --add-service=dhcp
firewall-cmd --zone=home --add-service=ssh
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --runtime-to-permanent

Configure DNS Masq

sed -i 's/#interface=/interface=br0/g' /etc/dnsmasq.conf

Find dhcp-range and make if what you'd like. I did the following

sed -i 's/#dhcp-range=192.168.0.50,192.168.0.150,12h/dhcp-range=192.168.5.50,192.168.5.150,4h/g'


Time to configure hostapd. File is in repo for example. nano /etc/hostapd/hostapd.conf

Now we need to specify the config for the hostapd daemon

echo 'DAEMON_CONF="/etc/hostapd/hostapd.conf"' >> etc/default/hostapd


Now we can enable all services

systemctl enable dnsmasq hostapd


We can can reboot again and hopefully it's going to be working

reboot