Raspberry PiにUSB Wifi LANインターフェースを取り付け、ルータとして利用するための方法。
■ イメージ図
イーサネットとWifiを逆にしたWifiアクセスポイント機能付きルータについては、『Raspberry Piでルータを構築』に掲載している。
■ LAN側のネットワーク設定
/etc/network/interfaces
auto lo
iface lo inet loopback
# Wifi
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp
iface wlan0 inet dhcp
# Ethernet LAN
auto eth0
iface eth0 inet static
address 172.29.1.1
netmask 255.255.255.0
network 172.29.1.0
broadcast 172.29.1.255
gateway 172.29.1.1
post-up route del default dev $IFACE
iface lo inet loopback
# Wifi
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp
iface wlan0 inet dhcp
# Ethernet LAN
auto eth0
iface eth0 inet static
address 172.29.1.1
netmask 255.255.255.0
network 172.29.1.0
broadcast 172.29.1.255
gateway 172.29.1.1
post-up route del default dev $IFACE
最後の1行を忘れると、default routeがeth0側となってしまう。
■ LAN側DHCPサーバの設定
dhcpサーバをインストールする
$ sudo apt-get install isc-dhcp-server
dhcpサーバの設定
/etc/dhcp/dhcpd.conf
〜 略 〜
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
〜 略 〜
subnet 172.29.1.0 netmask 255.255.255.0 {
range 172.29.1.100 172.29.1.150;
option broadcast-address 172.29.1.255;
option routers 172.29.1.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "raspberrypi";
option domain-name-servers 8.8.8.8, 8.8.4.4, 192.168.1.1;
}
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
〜 略 〜
subnet 172.29.1.0 netmask 255.255.255.0 {
range 172.29.1.100 172.29.1.150;
option broadcast-address 172.29.1.255;
option routers 172.29.1.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "raspberrypi";
option domain-name-servers 8.8.8.8, 8.8.4.4, 192.168.1.1;
}
■ パケット転送の設定
/etc/sysctl.conf
〜 略 〜
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
〜 略 〜
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
〜 略 〜
■ iptablesの設定
ルールの初期化と、IPマスカレードの設定。設定値をファイルに書き出す。
$ sudo iptables -t nat -F
$ sudo iptables -t filter -F
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
$ sudo iptables-save > /etc/iptables
$ sudo iptables -t filter -F
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
$ sudo iptables-save > /etc/iptables
起動時にiptables設定を読み込むようにする
/etc/network/if-pre-up.d/iptables
#!/bin/sh
iptables-restore < /etc/iptables
iptables-restore < /etc/iptables
ファイル属性の変更
$ sudo chown root:root /etc/network/if-pre-up.d/iptables
$ sudo chmod 755 /etc/network/if-pre-up.d/iptables
$ sudo chmod 755 /etc/network/if-pre-up.d/iptables
この状態でRaspberry Piを再起動するとルータとして機能する。
