Setting up a Raspberry Pi for Internet Connection Sharing

Setup Instructions for using Raspberry Pi 3 as a Wireless Access Point

Step 1: Downloading and Preparing the Operating System

Obtain the latest Raspbian Jessie release here: https://www.raspberrypi.org/downloads/raspbian/

You will want to install it on a micro SD card. 8 Gig cards are pretty cheap from Amazon. 32 Gig cards seem to be at the price sweet spot at the time of this writing.

Open a terminal and use diskutil to find the micro SD card.

diskutil list

You'll likely see somthing like this:

MacBook-Pro:~ user$ diskutil list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:          Apple_CoreStorage                         499.2 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *32.1 GB    disk3
   1:             Windows_FAT_32 boot                    52.4 MB    disk3s1
   2:                      Linux                         32.0 GB    disk3s2

Unmount the volume. Note this is different from ejecting the card

MacBook-Pro:~ user$ diskutil unmountDisk disk1

Instead of using disk1, we'll use rdisk1 for the dd command as it's a bit faster. Here's a discussion as to why.

sudo dd if=Desktop/2016-05-10-raspbian-jessie.img of=/dev/rdisk1 bs=1m
password: *

Wait...and wait...and wait.

You can check the progress with:

kill -SIGINFO Process-ID

Where Process-ID is the process id you would find by running a ps -ef command.

You will get a command prompt when it's done. At this point, you can eject the card.

Step 2: Boot your Raspberry Pi and change the default password

Once your Pi is booted, you should run through the Configuration to set your locale settings, expand the filesystem and enable SSH (which should be enabled by default).

If you are going to use this as an access point, you will want to change the password for the default pi user. The existing account is pi:raspberry. You can change the password by opening a terminal as follows: (Note that when you are typing passwords, the characters don't show up)

Raspberrypi:~ user$passwd
Changing password for pi.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Step 3: Set up your Wireless Internet Connection

You can just use the gui to set up the wifi connection as you would on any device.

Step 4: Set a static IP Address for your wired interface

Edit your /etc/dhcpcd.conf using sudo file to include the following at the bottom of the file:

sudo vi /etc/dhcpcd.conf

# Custom static IP address for eth0.
interface eth0
static ip_address=192.168.0.1/24

Step 5: Set the Pi up to forward IPV4 packets

Edit the /etc/sysctl.conf file, looking for the ip_forward flag and set it to 1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Apply the changes to the kernel

sudo sysctl --system

Step 6: Set up the iptables rules to tell your Pi what to do with incoming and outgoing traffic.

create the following two files in your home directory

Filename: resetiptables

#!/bin/sh
 IPTABLES="$(which iptables)"
# RESET DEFAULT POLICIES
 $IPTABLES -P INPUT ACCEPT
 $IPTABLES -P FORWARD ACCEPT
 $IPTABLES -P OUTPUT ACCEPT
 $IPTABLES -t nat -P PREROUTING ACCEPT
 $IPTABLES -t nat -P POSTROUTING ACCEPT
 $IPTABLES -t nat -P OUTPUT ACCEPT
 $IPTABLES -t mangle -P PREROUTING ACCEPT
 $IPTABLES -t mangle -P OUTPUT ACCEPT
# FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS
 $IPTABLES -F
 $IPTABLES -X
 $IPTABLES -t nat -F
 $IPTABLES -t nat -X
 $IPTABLES -t mangle -F
 $IPTABLES -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Set the file permissions so this file can be run

chmod 755 resetiptables

Create the next file

Filename: iptables

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

Set the file permissions so this file can be run

chmod 755 iptables

Run both files

sudo ./resetiptables
sudo ./iptables

Setup the iptables to restore on reboot

sudo iptables-save > temp.txt
sudo mv temp.txt /etc/network/iptables

Add the following line to the bottom of your /etc/network/interfaces file

pre-up iptables-restore < /etc/network/iptables

Step 7: Set up the DNS Forwarding

Set up the DNS to pass along requests using dnsmasq

sudo apt-get install dnsmasq

Reboot the access point. You're done on this machine.

Step 8: Set up the client machine

Edit your /etc/dhcpcd.conf using sudo file to include the following at the bottom of the file:

sudo vi /etc/dhcpcd.conf

# Custom static IP address for eth0.
interface eth0
static ip_address=192.168.0.2/24
static routers=192.168.0.1
static domain_name_servers=192.168.0.1

Reboot the client machine and it should now be online.