In Scene 4 of our Raspberry Pi Wi-Fi Repeater series, we dive into setting up IP forwarding, installing a firewall with iptables, and configuring a Wi-Fi access point. Learn how to forward packets, set up IP masquerading, and debug with tcpdump. Perfect for tech enthusiasts looking to extend their network range! Subscribe for more step-by-step tutorials and check out our website for additional resources. #RaspberryPi #WiFiRepeater #Networking #TechTutorial
New Scene Introduction 00:00:00
Video Editing for Recording Time 00:00:04
Camera Battery Concern 00:00:10
IP Forwarding Setup 00:00:12
IP Forwarding Explanation 00:00:34
Configuration File Access 00:01:24
Editing System Control File 00:01:40
Enabling IP Forwarding 00:02:03
Firewall Installation 00:02:40
IP Tables Installation 00:03:04
IP Masquerading Setup 00:03:33
IP Tables Rules Configuration 00:03:49
Making Firewall Rules Persistent 00:05:03
Access Point Setup Introduction 00:06:11
Network Manager Configuration 00:06:32
Setting SSID and Password 00:07:14
Wireless Security Settings 00:08:24
IP Address Configuration 00:10:17
Verifying Connection Settings 00:11:43
Debugging with TCP Dump 00:12:32
Installing TCP Dump 00:13:39
Monitoring Network Interfaces 00:14:00
SSH Debugging Shortcut 00:15:24
Testing Access Point 00:16:48
Virtual Machine Testing 00:17:02
Call to Subscribe 00:17:44
QR Code and Website Promotion 00:18:21
Thanks for watching!
Find us on other social media here:
- https://www.NeuralLantern.com/social
Please help support us!
- Subscribing + Sharing on Social Media
- Leaving a comment or suggestion
- Subscribing to our Blog
- Watching the main “pinned” video of this channel for offers and extras
Okay, we’ve started a new scene here.
I just cut the video.
I edited it a little bit so that we could, so that I could have more recording time before
the camera dies.
The camera is going to take a poop.
Anyway, so next we need to set up IP forwarding because what’s going to really happen is when
you send a request, let me see if I can find that image real fast.
Where the heck is that?
No, I’m not.
It’s right here.
So this is the after image.
image. So if you think about it, what’s going to happen is when your clients send a signal,
you know, to the Pi, the Pi is not the internet, the Pi is just connected to your router.
The Pi then needs to forward the data, the packets, whatever to its other interface. So
this is like, you know, wireless LAN one, and this is like wireless LAN zero, if you recall.
ability to forward packets between interfaces so that we can get the packets to wireless LAN
zero and then they’ll eventually end up being sent to the router. So that’s the basic idea of
what we’re doing now. And then also IP masquerading. So I’m going to close this and then go back to
Let’s see. So there’s a configuration file called system control in the etc directory.
So we can do cat system control dot configuration.
A lot of its stuff is a braid out or I guess like not configured by default.
So if we edit it, what’s going on there?
Dude, what is happening?
You see that?
Oh, I did pseudo nano, pseudo nano.
That was dumb.
So a lot of these options are just they’re commented out.
You know, they’re not like enabled.
commented out you know they’re not like enabled so this is a good idea for security purposes but
we definitely need to forward so
i’m going to uncomment net.ipv4.ip forward equals one to enable ipv ip forwarding on ipv4 and then
i’m going to uncomment the next one for ipv6 forwarding even though no word even though we’re
It’ll be a pain in the butt if you start trying to set up IPv6 on your own later and you forget to come back to this file.
So that’s what I’m going to do.
So we can immediately apply the changes with this command if we want to.
I’m just going to put it on the screen real fast.
But we don’t need to because I’m going to do a reboot after we set this up.
So the next thing we need is we actually need to install a firewall so that we can keep persistent firewall rules
that will help us IP masquerade. At least this is the way I know how to do it. So by default,
this operating system doesn’t actually have IP tables installed. The pie is totally open and
unprotected. Kind of weird, but okay. So I’m going to go sudo apt install IP tables so I can get a
firewall. And then I’m going to install install IP tables persistence. Actually, let’s do persistent
later so that we don’t have to do any other commands. When you install persistent, it’ll
it’ll grab whatever’s already in there and just make it persistent so you don’t
even have to remember extra commands if you’re wondering why we’re installing a
firewall at this point it’s not necessarily to protect the PI although
we can use that to protect the PI pretty soon or like later but it’s really so
that we can have masquerading work which is in this case it’s very closely
related to forwarding data from the two network adapters so I’m gonna go so we
installed iptables I’m going to say iptables list all the rules are empty everything is open the
firewall is really letting everything through so then I’m going to do sudo iptables network
address translation post routing if the source is coming from oh yeah if the source is coming
from your access point and it’s trying to go out to the to the ethernet adapter that’s wrong that’s
that’s wrong that’s not going to work for our purposes eventually
we’ll say the judgment is that it’s okay to masquerade
um we should replace this with wireless LAN zero also so that they both work
basic idea is if a client of the pi access point is sending information into the pi like it’s it’s
making a web request then we’re saying it’s okay to masquerade as that ip address as we send the
as that IP address as we send the data along to either the ethernet port or the wireless LAN port.
So I put both of those in there because I want it to work for both.
You may only need to put wireless LAN 0 or whatever your adapter is
for the one that’s making the primary connection to the original router.
So now let’s make the rules permanent with IP tables save.
Oh wait, no, we don’t even necessarily need to use save if we just install persistent
after we did it.
Whoops.
App install persistent because I think it’ll ask us if we want to save the rules right
now.
Yeah, right.
Okay.
So I’m going to say, yeah, so I can save myself some commands.
Yeah, go ahead and save them.
If you installed persistence right away, you could either uninstall them and then reinstall
them, I guess.
the command is basically this to take whatever rules are currently inside of iptables and then
just send them into that saved rules file and then you would do the same thing for the v6 if
you wanted ipv6 double check what has been saved with this command so we’ll say sudo cat and then
that’s the file where the rules are saved so it’s telling me yeah they are saved so if i reboot the
rules should still be there now. And then we have enough time to set up the access point.
We are very, very, very close. Yeah, it’s probably actually going to work now.
Set up the access point. And
yeah, I’ll show you how to do a debug thing after this. I’m not going to do it
so you can see, but I’ll show you how to do it. Anyway, so let’s set up the access point. Remember,
access point. Remember, we’re only connected with one of the radios right now. So pseudo network
manager, command line interface connection show, and we’re only connected as a client. So now we
need to do this pseudo network manager command line interface connection add not device Wi Fi
connect, but connection add, the type is going to be Wi Fi. And then we’re going to specify the
interface name as wireless LAN one, that’s the dongle that we installed earlier. And then we’re
so that’s mode AP and then I’m just gonna set the connection name to become
access points you can obviously set this to whatever you want it doesn’t really
matter and then we have to set the SSID probably this should be different than
your main router because we’re not doing like WDS you know roaming access points
or anything like that this is gonna be a totally separate access point with a
totally separate network we’re just gonna eventually make it work so that we
seamlessly so that it’ll feel like one network but it’s technically another
subnet at least so choose something for your SSID that your neighbors won’t call
the police about I’m gonna do well la de fricking and then we’ll set a password
so I’m gonna just make up a random password right now in another window and
This thing is not working.
Hello?
Okay, I’m just going to copy paste a random password.
So I’ll set the, let’s see, what is it?
80211 wireless security.
Oh, you know what?
It’s probably easier if I just do this from inside network manager.
So I added the connection.
The SSID is well loudy freaking dot.
Then I can just kind of show the connections become access point is not up yet.
So I’m going to edit it.
Connection edit become access points.
So now it’s, I don’t know, for me, it’s a little bit easier to edit all these things.
So I’m going to do set 802.11.
is kind of like you know the wireless family of standards dot band oh for the band depending on
your dongle uh you might want 2.4 gigahertz or 5 gigahertz also depending on your country
for me i’m gonna try to get this on 5 gigahertz so that is band a uh i think the other band is either
actually you know what network manager will tell me yeah bg i was gonna say just g by itself yeah
gigahertz at least for this then I’m going to do set the wireless security property of the key
management and I’m going to set it to basically a pass pass key or like a pass phrase some of
these settings are probably going to be out of date by the time you watch this video so you might
want to go look up the latest or ask me a million times to provide an updated video I guess although
kind of kind of over it to be honest i hope this works for everybody because regardless i’m eating
an entire pizza by myself when this is finished let’s see group let’s see proto group pairwise
um so we’re just type we’re just typing stuff now now psk so that’s the uh the password so then
i’m gonna paste the random password that i just came up with and then uh hit enter to get that
And then we’re going to set up the IP address.
Remember, this is another adapter.
We still need to set its IP address.
So IPv4.addresses,
I’ve got to do set, sorry.
Addresses 192.168.5.1, which is what we decided on.
And then block 24, yes to manual.
And then I’m going to set its gateway to nothing.
Oh, the gateway has to be empty.
I made this mistake earlier.
mistake earlier if you actually set the gateway to something like you probably want to do 192.168.1.1
if you do that then the access point will tell all of its clients that the gateway is 1.1
but the problem is they can’t actually access 1.1 so they’ll just be offline so you need to make
sure probably that the gateway is empty so we’ll do print ipv4 notice how the gateway is empty
DNS is empty DNS searches empty they all should just be empty because we want
the information to come from elsewhere at least on that on that so uh you know we want DNS mask to
tell them everything if those have values you can basically say remove ipv4 dot addresses and then
it should work so let’s see what else do I have to add addresses gateway DNS DNS search and then
11 wireless security just to double check it.
Make sure that you’ve entered all the right values
and then print the IPv4 block again just to double check it
and then hit save.
If you have an error here, you might want to type fix, verify,
or maybe just go look at all the settings again.
But I saved it.
It seems to have worked.
So I can now quit.
And then, oh, actually, maybe I should tell it to start automatically.
Let me just double check.
Print the connection properties.
properties. Does it say auto connect? Yes. Okay. So now the access point should automatically come
up whenever, uh, whenever the pie boots, if we’re lucky, we’re incredibly close right now.
So I’m going to do, I’m going to open up another window and I just want you to kind of see what’s,
what’s going on here. Um, or how I was debugging my connection. Cause in the beginning, when I was
first learning how to do this, I was like, where are the packets going? Is it even trying?
trying so for me I made several windows like this if your terminal doesn’t split
windows too bad for you mine is called terminator you can find it pretty easily
it’s sudo apt install terminator but what I what you want to do is SSH into
the Ethernet of the PI three times so I’m gonna do that and then oh god is that
figured something out. So you want to do it three times and then you want to label each window.
So this window is going to be wireless LAN zero. Depending on your terminal, you might have to do
labeling differently. Wireless LAN one and then I’m going to do Ethernet zero on this one.
So they all, we have three terminals, one for each interface, network interface. And I’m basically
to watch packets on every single interface.
So inside of the Pi, I’m going to first say sudo apt install tcp dump.
That’s a special program that lets you watch packets as they’re traveling all around your
network cards and stuff like that.
So sudo apt install tcp dump.
Then the command is sudo tcp dump and then dash i to specify an interface.
And then we’ll specify ethernet zero here.
and then uh here we’ll specify wireless LAN zero we’ll just match the windows that’s why
i labeled the windows and then here we’ll do wireless LAN one uh and then so what you’ll
want to do is hit enter on each of these windows and you’ll see like a huge stream of data you want
to uh filter the data by something that’s useful for you otherwise it’ll be like way too much data
I filtered it by ICMP echo and then what I was doing is I was basically just pinging servers like
I was pinging inside of the Pi I was having it ping itself and then I was having it ping like
my router then I was trying to have it ping clients and then I was having the clients ping the Pi
and ping the router and then finally start pinging the internet you’re just doing pings all over the
place in order to try to narrow down what might be wrong with your situation if you follow this
tutorial probably it’ll be fine but like for me you know I like to debug and things were going
wrong when I was first learning this so this was super super helpful I just want you to know
here’s a problem though every time you reboot the pi let me do that right now you do sudo reboot
every time you reboot the pi you lose connection uh connections to all the other windows so then
you have to like log back into the pi and then type out the command all over again so instead a nice
Instead, a nice shortcut could be something like this.
SSH into the pie.
SSH pie at 192.168.1.123.
And then in quotes or single quotes,
I’m gonna do single quotes on the outside
and then double quotes on the inside
because you kind of have to use different quotes.
Now what’s gonna happen is when I go into the pie,
it’s gonna log into the pie
and immediately start doing the TCP dump for me.
that means when when I get booted I just have to I just have to hit the up arrow and I can
immediately go back into the pi and I don’t have to type out the commands again let me show you
real fast with a slightly different way so I’m going to go ssh pi at 192.168.1.123 and then do
a single quote and instead of doing tcp dump I’m just going to type echo by itself so notice how
I didn’t echo anything. Hello. It logs in, it prints hello, and then it logs out. So now
I’m kicked out of the Pi. Let’s pretend that we lost internet or network. I just hit the up arrow
and hit enter. So it’s like so fast. You don’t have to type all those letters again.
So I’m not going to debug here. I’ll do that in another window if I really need to, but
I just wanted you to know. And it’s fun. It’s fun to know when things are really starting to work.
probably rebooted. Now let’s try some, well, we know that the PI’s network works for itself. So
now the next step is how can we prove that this access point actually works? Oh my gosh.
I think I’m going to cut the video so that I can show you that it works
by logging into a virtual machine that’s inside of this virtual machine that I’m recording on.
It’s probably going to be super slow. We’ll see what happens. Okay. So I’m going to cut the scene
Okay, so I’m gonna cut the scene right now. When I come back, we’ll be logging into a virtual machine.
it would really mean the world to me and it’ll help make more videos and grow this community.
So we’ll be able to do more videos, longer videos, better videos, or just I’ll be able to keep making videos in general.
So please do me a kindness and subscribe.
You know, sometimes I’m sleeping in the middle of the night and I just wake up because I know somebody subscribed or followed.
It just wakes me up and I get filled with joy.
That’s exactly what happens every single time.
So you could do it as a nice favor to me or you could troll me if you want to just wake me up in the middle of the night.
if you want to just wake me up in the middle of the night, just subscribe.
And then I’ll just wake up.
I promise that’s what will happen.
Also, if you look at the middle of the screen right now,
you should see a QR code, which you can scan in order to go to the website,
which I think is also named somewhere at the bottom of this video.
And it’ll take you to my main website,
where you can just kind of like see all the videos I published,
and the services and tutorials and things that I offer,
and all that good stuff.
suggestion for uh uh clarifications or errata or just future videos that you want to see please
leave a comment or if you just want to say hey what’s up what’s going on you know just send me
a comment whatever i also wake up for those in the middle of the night i get i wake up in a cold
sweat and i’m like it would really it really mean the world to me i would really appreciate it so
again thank you so much for watching this video and um enjoy the cool music as as i fade into the
into the darkness which is coming for us all.
Thank you.
