Description
Core Pi may seem an odd exercise but the point is to use a pi as the central point in providing Internet and initial setup for other pies in a wifi only environment. Core Pi connects to the Internet via wifi, provides a wifi access point, and acts as a DHCP router for a pi direct connected with Ethernet cable.
Recent Raspbian versions are ready for SSH connection over Ethernet cable. Core Pi takes advantage of that to ease initial connection and setup. I am using this in a learning lab environment with Chromebooks.
This guide assumes that 2 WiFi adapters will be used, one for access point service and one for Internet access. It also assumes that another pi, not fuly set up, may be connected to it via eth0.
Next up?
After reading this guide, you may be interested in reading:
Parts List
- Raspberry Pi 2
- 8GB (or larger) class 10 MicroSD card
- Two USB WiFi dongles (second wifi is optional)
- See the discussion Which Wifi USB adapters
- Pi Case
- Mini-USB power
- Ethernet cable
Overview
Start with a Raspberry Pi image. This is an image saved after following the RPi Initial Setup Guide, RPi WiFi Access Point Guide, and RPi Desktop Mods. The image should not be Lite. If you do not have such an image, start with a Raspbian image and follow the aforementioned guides before returning here.
Procedures
Write the image
Write the image to the MicroSD as described in the RPi Initial Setup Guide. Insert the MicroSD into the Pi and boot.
Connect to the Pi
Since your pi already acts as a wifi access point, connect to its SSID. Now use SSH to connect to it using either hostname.local or its IP address. If you used the settings given in RPi WiFi Access Point Guide, the IP address is 192.168.42.1.
Connect the Pi to your WiFi Internet
In this guide, I will use the desktop but nmcli may be used as discussed in the RPi Initial Setup Guide - NetworkManager CLI. VNC was discussed in RPi Initial Setup Guide - Connect to the Pi using VNC
NOTE: There are many security problems in current vnc implementations. Permit access to vnc servers on the local network only.
vncserver -nolisten tcp -nevershared -dontdisconnect :1
- From your browser connect to the pi's VNC
- Using the dialogs, connect to your Internet wifi SSID
Setup the DHCP server
sudo nano /etc/default/isc-dhcp-server
INTERFACES="eth0 wlan1"
- Now edit the DHCP configuration file,
sudo nano /etc/dhcp/dhcpd.conf
# ADD interface wlan1; TO WIFI ACCESS POINT CONFIG
subnet 192.168.42.0 netmask 255.255.255.0 {
interface wlan1;
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
# ADD THE BELOW TO CONFIG FOR ETH0
subnet 192.168.84.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.84.10 192.168.84.50;
option broadcast-address 192.168.42.255;
option routers 192.168.84.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
Set a static IP on eth0
- Take the interface down,
sudo ifdown eth0
sudo nano /etc/network/interfaces
- Comment
#iface eth0 inet manual
- Add
iface eth0 inet static
address 192.168.84.1
netmask 255.255.255.0
Configure NAT
- Verify IP Forwarding was enabled earlier
cat /etc/sysctl.conf
should contain net.ipv4.ip_forward=1cat /proc/sys/net/ipv4/ip_forward
shoule be 1
- Update iptables rules,
sudo nano /etc/iptables.test.rules
# BEFORE THE COMMENT # Reject all other inbound # ADD
# Allow forwarded from eth0 to permit NAT and Core Pi
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
- Load the rules,
sudo iptables-restore < /etc/iptables.test.rules
- Verify rules,
sudo iptables -L
andsudo iptables -S
- Save rules for booting,
sudo -i
iptables-save > /etc/iptables.up.rules
exit
Connect and Test
First, down and up the interfaces then restart the services.
- Down and then up the interfaces,
sudo ifdown wlan1
sudo ifdown eth0
sudo ifup eth0
sudo ifup wlan1
- Restart the DHCP server,
sudo service isc-dhcp-server restart
- Restart hostapd,
sudo service hostapd restart
- Check their statuses
- View logged output from the DHCP server and also from iptables,
tail -F /var/log/syslog
. This may be helpful if troubleshooting is needed.
Next, connect to the interfaces and verify proper functioning of hostapd and dhcp.
- Connect to the wifi ap
- Connect with an Ethernet cable to the pi
- View the active DHCP leases with,
cat /var/lib/dhcp/dhcpd.leases
. - Use arp to more easily view active addresses,
arp
. - Verify that VNC and SSH work as expected with the DHCP assigned addresses.
Add a guest user
Core Pi may be accessed as a via point for novices. Novices should not have permission to run root commands. Only the pi user, with a strong password, should have root access.
sudo adduser guest
- Enter a new password for guest, perhaps raspberry
- Complete other information or skip as you choose
- Accept the new user
The guest must now be given permission to connect using ssh.
sudo nano /etc/ssh/sshd_config
- Add guest to AllowUsers
- Should look like this
AllowUsers pi guest
- Should look like this
- Reload the sshd_config,
sudo service ssh reload
Install additional packages
- Make it easier to match pies to IPs,
sudo apt-get install avahi-utils
- Add the ability to resize partitions and therefore disk images on other SD cards.
sudo apt-get install gparted
Conclusion
CorePi is ready to use for serving as a wifi router, network master, and pi setup station. It would be relatively easy to write some scripts to automatically set up any unconfigured pi connected to eth0. I do not plan on writing such scripts since my CorePi will be used in learning how to set up a pi.
Remember to save your image file as CorePi.