Picture

Samuel's Website

Set up a router with ArchLinux ARM

Samuel Forestier — 19 November 2016
The goal of this article is to set up completely a router with a Raspberry Pi running on ArchLinux. The procedure may be easily adapted to the Raspbian OS.

Let's assume that you have an interface wlan0 connected to Internet, and on another interface eth0 some computers ready to reach it !
If your configuration is not exactly this, don't hesitate to modify the interfaces names with your case.

For the beginning, we have to enable the IP forwarding on the Pi. Edit this file:
# nano /etc/sysctl.d/30-ipforward.conf
... add in there the following content:
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
Since this step, let's assume that your router will create a subnetwork 192.168.42.0/24. Change this information in the future as the one you need.

We've to set up the "devices" interface, and assign an IP address to your router, on this subnetwork:
# ip link set up dev eth0
# ip addr add 192.168.42.1/24 dev eth0
In order to load this interface at boot, with a static IP, you'll need to edit this file:
# nano /etc/netctl/eth0-router
... and paste this (apply some changes on it if you have to):
Description='A basic static configuration for the subnetwork interface'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.42.1/24')
We've to make this configuration loaded on boot:
# netctl enable eth0-router
Now, let's configure the firewall to secure the router, and enable the connection forwarding for the devices, and in order to allow DHCP and DNS requests:
# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
# iptables -I INPUT -p udp --dport 67 -i eth0 -j ACCEPT
# iptables -I INPUT -p udp --dport 53 -s 192.168.42.0/24 -j ACCEPT
# iptables -I INPUT -p tcp --dport 53 -s 192.168.42.0/24 -j ACCEPT
Let's here save the rules in the good file:
# iptables-save > /etc/iptables/iptables.rules
Now let's make iptables starting on boot automatically:
# systemctl enable iptables

At this point, your router is supposed to route, but your devices won't have an IP automatically, let's install and set up a DHCP server on your router:
# pacman -S dhcp
Now let's configure this server (you may wanna change the Google DNS server IP by yours or some others):
# nano /etc/dhcpd.conf
... add the following (don't forget to change the addresses if you have to):
option domain-name-servers 8.8.8.8, 8.8.4.4;
option subnet-mask 255.255.255.0;
option routers 192.168.42.1;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.2 192.168.42.253;
}

# Don't listen to the other interface !
subnet 192.168.1.0 netmask 255.255.255.0 {
}
With these lines, the DHCP server won't listen to the other subnetwork (192.168.1.0 in this example), and should give addresses between 192.168.42.2 and 192.168.42.253.

Identically as above, let's make DHCPD running on boot:
# systemctl enable dhcpd4

That's all ! Your devices should have access to Internet through your little router after a reboot. You are now able to build your own firewall rules, and do some others things easily :wink: