Creating a 3G hotspot with the Raspberry Pi
Router
The Raspberry Pi is intended to serve as both a router and a firewall, which means it should send data packets to the Internet and protect the internal network from outside attacks at the same time. Setting up these capabilities requires a bit of work. First, you need to add the line net.ipv4.ip_forward=1
to the /etc/sysctl.conf
configuration file. After a restart, this option becomes active and forwards network packets at the kernel level.
In the firewall commands in Listing 5, the last line saves the configuration in /etc/iptables.3ghotspot
. The system then automatically loads the configuration when installing the Internet interface in Listing 3 (line 8). You can check for open ports [5] to make sure the system presents the smallest possible attack surface to the outside. Further information on this topic is available in the Debian firewall wiki [6] and from other sources, as well.
Listing 5
Firewall Commands
$ sudo iptables -A FORWARD -i ppp0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT $ sudo iptables -A FORWARD -i br0 -o ppp0 -j ACCEPT $ sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE $ sudo iptables-save > /etc/iptables.3ghotspot
The Internals
After you have established a connection to the outside, it is time to take a look at the internal network. The Rasp Pi used as an access point and router generates its own network. As explained earlier, you join WiFi and Ethernet together to form a bridge (Listing 3, lines 10-17). You should also provide the IP address of the router and the private network (e.g., 192.168.100.0/24 in this example). The bridge-utils package in Listing 1 is there only for purposes of documentation. Unlike Bananian for the Banana Pi [7], which some users prefer for its better performance, this package is already installed on Raspbian.
To generate a WiFi access point, the system needs access point software from the hostapd package. Unfortunately, a glitch in the hardware turns up here, in that not all WiFi chips support access point (AP) mode. Therefore, before you get a USB WiFi dongle, you should do some research to find out whether the one you want supports this mode. Moreover, some chip sets won't function with the standard Hostapd from Raspbian, even if a set does offer AP mode. In case of doubt, you can run some simple tests with:
sudo iw list
If an error message like nl802ll not found appears, then the current version of Hostapd does not support the chip you have chosen. The "WiFi AP Mode with the Realtek RTL8192 Chip" box describes how to get the WiFi chips running.
WiFi AP Mode with the Realtek RTL8192 Chip
The Realtek RTL8192 and earlier chips are found in many moderately priced WiFi sticks, such as the Edimax EW-7811Un, which is very popular among Rasp Pi users. The Realtek chip is small in size, low priced, and offers good reception. It can handle access point mode, but it does not work with the current version of Hostapd delivered with Raspbian.
Because Realtek makes the source code available for drivers and Hostapd [8], the workaround for this problem is easy. The forum run by LeMaker [9], the organization that manufactures the Banana Pi, contains an entry describing all of the steps for building an executable version of the hostapd
and hostapd_cli
programs. For the Hostapd daemon to find the alternative binary when it boots, you need to modify the path to the file in the /etc/init.d/hostapd
boot file. Additionally, you should reference the manually installed rtl871xdrv
driver in the configuration file instead of the generic driver, nl80211
, as shown in Listing 6 (line 6).
Listing 6
Hostapd Boot File
01 ssid=rpi-hotspot 02 03 ctrl_interface=/var/run/hostapd 04 interface=wlan0 05 bridge=br0 06 driver=nl80211 07 channel=11 08 09 beacon_int=100 10 hw_mode=g 11 ieee80211n=0 12 wmm_enabled=1 13 ht_capab=[SHORT-GI-20][SHORT-GI-40][HT40-] 14 15 wpa=2 16 wpa_passphrase=secret passphrase 17 wpa_key_mgmt=WPA-PSK 18 wpa_pairwise=TKIP 19 rsn_pairwise=CCMP TKIP 20 max_num_sta=8 21 wpa_group_rekey=86400 22 23 ignore_broadcast_ssid=0
All configuration for Hostapd is in a single file, and you can select the path and the name for this file as you wish (e.g., /etc/hostapd.conf
). So that the service can find the configuration file, you should enter it into /etc/default/hostapd
with DAEMON_CONF
as the variable. It is a good idea to select the channel in line 7 according to local circumstances. A WiFi scanner app like Jaws [10] will do a fine job.
The option exists in line 11 to turn on 802.11n mode by changing the line to ieee80211n=1
. With suitable devices, this will raise the transfer rate levels, which, however, could lead to an unstable connection. Line 16 contains the WiFi password for establishing the connection.
A few problem areas with respect to encryption methods show up in lines 18 and 19, especially for simpler devices like WiFi printers. If you do encounter difficulties, you should be able to figure out how to resolve them by looking over the documentation or doing some simple research online.
You will be able to see whether everything works after restarting Hostapd with the
sudo service hostapd restart
command and taking a look at the list of active WiFi networks in the area. One way of checking on your progress is to use your smartphone. However, you need DHCP and DNS servers before a connection is established, both of which are provided by the network infrastructure service Dnsmasq, which you installed at the beginning.
Buy this article as PDF
(incl. VAT)