Create your firewall with Ufw
1 Install prerequisites
Plug your Pi into the Ethernet port on your router, then connect via SSH or ideally open Terminal on the Pi. Install the necessary programs by running: sudo apt-get install dnsmasq hostapd Next, run the following to open the configuration file: sudo nano /etc/dhcpcd.conf Add these lines to the very bottom of the file: interface wlan0 static ip_address= 172.24.1.1/24 Press Ctrl+X, Y, then Return to save and exit.
2 Establish your static IP
Open your network interfaces configuration with: sudo nano /etc/ network/interfaces . Find the line iface wlan0 inet static and change it to iface wlan0 inet manual . Press Return to start a new line, then paste the following: address 172.24.1.1 netmask 255.255.255.0 network 172.24.1.0 broadcast 172.24.1.255 Place a # at the start of the line beginning wpa-conf . Save and exit in the same way as before.
3 Create an access point
Open the hostapd.conf file by running: sudo nano /etc/hostapd/ hostapd.conf , then paste the following: interface=wlan0 driver=nl80211 ssid=piVPN hw_mode=g channel=1 macaddr_acl=0 auth_algs=1 ignore_ b road cast_s sid =0 wpa=2 wpa_key_mgmt= WPA-PSK wpa_p ass phrase= raspberry 231 wpa_p air wise= T KIP rsn_p air wise= C CM P Change the SSID, passphrase and network encryption as you see fit. Next run: sudo nano /etc/default/hostapd . Find the line starting #DAEMON_CONF=”” . Remove the # at the start of the line and change it to: DAEMON_CONF=”/etc/hostapd/hostapd.conf”
4 Configure dnsmasq
Move the old dnsmasq configuration file with: sudomv/etc/dns ma sq. conf/etc/dns ma sq. conf. orig Then create a new one by running: sudo nano /etc/dnsmasq.conf Paste in the following text:
interface= wlan0 listen-address=172.24.1.1 bind-interfaces things elsewhere server=8.8.8.8 domain-needed bogus-priv dhcp-range= 172.24.1.50,172.24.1.150,12h Save and exit. Now run: sudo nano /etc/sysctl.conf Find the line starting“net.ipv4.ip_ forward =1” and remove the# at the start. Save, exit, and reboot the Pi.
5 Set up IPV4 forwarding
Open Terminal on your Pi and run: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED, E STABLISH ED-j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT su dos h-c“ip tables-save >/ etc/i pt ables.ipv4.n at” Next, run: sudo nano /etc/rc.local Paste the following two lines just above the line reading exit 0 iptables-restore </ etc/i pt ables.ipv4.n at /usr/sbin/hostapd /etc/hostapd/hostapd.conf
6 Enable the firewall
Run the following commands, one after the other: sudo update-rc.d hostapd enable sudo update-rc.d dnsmasq enable Reboot the Pi. To install and then enable the firewall run the following: sudo apt-get install ufw gufw sudo ufw enable You may wish to configure the firewall at this stage – see Configuring yourFirewall on the previous page.