Create your firewall with Ufw
1 INSTALL PREREQUISITES
Plug your Pi into the Ethernet port on your router, then connect via SSH or ideally open Terminal on the Pi. Install the necessary programs by running:
sudo apt-get install dnsmasq hostapd Next, run the following to open the configuration file:
sudo nano /etc/dhcpcd.conf Add these lines to the very bottom of the file: interface wlan0 static ip_ address=172.24.1.1/24 Press Ctrl-X, Y, then Return to save and exit.
2 SET STATIC IP
Open your network interfaces configuration with:
sudo nano /etc/network/ interfaces Find the line ‘iface wlan0 inet static’ and change it to:
iface wlan0 inet manual Press Return to start a new line, then paste the following: address 172.24.1.1 netmask 255.255.255.0 network 172.24.1.0 broadcast 172.24.1.255 Place a ‘#’ at the start of the line beginning ‘wpa-conf’. Save and exit in the same way as before.
3 SET UP ACCESS POINT
Open the hostapd.conf file by running:
sudo nano /etc/hostapd/ hostapd.conf Paste the following: interface=wlan0 driver=nl80211 ssid=piVPN hw_ mode=g channel=1 macaddr_ acl= 0 auth_ algs=1 ignore_ broadcast_ ssid= 0 wpa=2 wpa_ key_ mgmt= WPA-PSK wpa_ passphrase=raspberry231 wpa_ pairwise=TKIP rsn_ pairwise=CCMP Change the SSID, passphrase and network encryption as you see fit. Next run:
sudo nano /etc/default/ hostapd Find the line starting #DAEMON_CONF=”. Remove the ‘#’ at the start of the line and change it to:
DAEMON_CONF=”/etc/hostapd/ hostapd.conf”
4 CONFIGURE DNSMASQ
Move the old dnsmasq configuration file with:
sudo mv /etc/dnsmasq.conf / etc/dnsmasq.conf.orig Then create a new one by running:
sudo nano /etc/dnsmasq.conf Paste in the following text: interface=wlan0 listen-address=172.24.1.1 bind-interfaces things elsewhere server=8.8.8.8 domain-needed bogus-priv dhcprange=172.24.1.50,172.24.1.150, 12h Save and exit. Now run:
sudo nano /etc/sysctl.conf Find the line starting ‘net.ipv4.ip_ forward=1’ and remove the ‘#’ at the start. Save, exit and reboot the Pi.
5 SET UP IPV4 FORWARDING
Open Terminal on your Pi and run: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c “iptables-save > / etc/iptables.ipv4.nat” Next, run:
sudo nano /etc/rc.local Paste the following two lines just above the line reading ‘exit 0’:
iptables-restore < /etc/ iptables.ipv4.nat
/usr/sbin/hostapd /etc/ hostapd/hostapd.conf
6 SET UP FIREWALL
Run the following commands, one after the other:
sudo update-rc.d hostapd enable
sudo update-rc.d dnsmasq enable Reboot the Pi, and reopen Terminal. To install and then enable the firewall, run the following: sudo apt-get install ufw gufw sudo ufw enable You may wish to configure the firewall at this stage — see ‘Configuring your firewall’ on the opposite page.