Users connect to the wireless AP (AE) operating in bridge mode or they connect direct via ethernet to switch. Aquire a IP address and routing from dnsmasq to forward traffic to the Pi4 (Rasbian). The Pi4 has a wireless connection to the Internet, default route to wlan0 and routing turned on in the kernel. Using nftables, outbound traffic is source natted to the outbound address of the wlan0 interface. Traffic flows nicely from Users to the Internet and back again.
Implementation
The device is a Raspberry Pi 4 running Rasbian Buster with no configured networking. Once I updated wpa_supplicant it joined the wireless network and configured DNS, routing and wlan0. This is how I began. My surprise was the entire /etc/network/interfaces was empty. The dhcpcd daemon was looking after all the dynamic configuration and guides point me to its configuration for setting a static address on eth0. This was problematic as it always adds a default route, even if you don't specify one. So, in the end, I had to tell it to ignore eth0 with denyinterfaces option. I wasn't able to find any network manager so I manually created eth0 in interfaces.d.
Then configured dnsmasq software as the DHCP server on eth0 to handling DNS queries and handing out addresses and client routes. Then the routing kernel tweaks were done. So that covered DNS, DHCP client & server, routes & routing but last and not least was addressing. Found out iptables is being depreciated in Debian Buster so use nftables. Didn't know how to write netfilter rules as you can see from my single masquerade rule.
The relevant configuration is listed below, any and all assistance greatly appreciated. Note this is not the entire configuration, just what I added to each of the files. I did try to have dhcpcd create eth0 using an inform option. It created the interface but nothing worked so I went back to interfaces.d/eth0. In the case of ../interface.d/eth0 this was a new file.
Code: Select all
# dhcpcd had already pickup the wireless network and configured a default route and
# somehow provided DNS even though resolv.conf says 127.0.0.1 ??
# Here I tell it to ignore eth0 so I can configure manually.
/etc/dhcpcd.conf
denyinterfaces eth0
# the loopback and wlan0 interfaces already existed courtesy of dhcpcd?
/etc/network/interfaces.d/eth0
auto eth0
iface eth0 inet static
address 192.168.99.1
netmask 255.255.255.0
/etc/dnsmasq.conf
interface=eth0
listen-address=127.0.0.1
domain=mydomain.com
dhcp-range=192.168.99.10,192.168.99.250,6h
/etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="MyLocalNetwork"
psk=xxxxxxxxxxxxxxxxx
}
/etc/sysctl.conf
net.ipv4.ip_forward=1
/etc/nftables.conf
table ip nat {
chain PREROUTING {
type nat hook prerouting priority 0; policy accept;
}
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
masquerade
}
}