desumoyo
Posts: 3
Joined: Thu Jan 31, 2013 4:56 pm

[HOWTO] Rasberry Pi as a wired router with webmin as web ui.

Thu Jan 31, 2013 5:54 pm

First of all, Credit : I used myself this tutorial : http://ubuntuforums.org/showthread.php?t=926001 that I have slightly adapted to Raspbian + RPi.

What do you need :

You need two ethernet card, so you need an USB to Ethernet adapter, if you don't have one yet, I encourage you to get the Apple one ( http://store.apple.com/us/product/MC704 ... r?fnode=58 ) , Its expensive but it do its jobs, without needing a powered hub, it work out of box and performance are great.

A USB keyboard and mouse, this is only for the configuration part
A monitor connected to your RPi, same, only for first configuration.

Installation :

(I consider that you already has a working, up to date installation of Raspbian, if its not the case, look at the official documentation !, I also consider that you changed default password, if not, DO IT NOW !)

You need to install those package :

Code: Select all

sudo apt-get install bind9 dhcp3-server perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libdigest-md5-perl apt-show-versions libapt-pkg-perl
When its done, you can download and install Webmin, it can take a while on the dpkg -i since this is a big package and the raspberry pi is a bit slow, it doesnt mean that you're Pi is frozen, just wait.

PS : I used Webmin 1.610, since this is the latest version available at the moment, feel free to use an updated version !

Code: Select all

cd ~/
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.610_all.deb
sudo dpkg -i webmin_1.610_all.deb
We finished with package installation !

Now, we need to know what interface gonna do what, first thing is to get name of the interface, for this you can use ifconfig -a, in theory, eth0 is the raspberry pi built-in interface and eth1 is the external USB adapter.

A good idea is to use the external USB>ETH adapter as the DSL side and to use built-in network card as the lan side.

You need to uncomment this line

Code: Select all

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
on /etc/sysctl.conf and to reboot.

The tricky part now is that you need a browser, on the RPi, to get access to the webmin configuration, since network is not configured yet, you can use the built-in in raspbian browser, midori, with X.org started, however don't disconnect the external usb to ethernet adapter, use a hub to connect a mouse and a keyboard or simply exchange keyboard with mouse usb when needed, it should not be long anyway !

Webmin interface is available from https://127.0.0.1:10000 , Use the same login and password than for your user !

First thing to do is to attribute a static ip to the lan side network card, for me it gonna be "eth0", Click on "Networking" then "Network Configuration" then on "Network Interface" and finally on the lan side interface name (In my case, eth0).

Set configuration like this :

Code: Select all

Activate at boot? Yes
IPv4 Address : Static configuration :
IPv4 address : 192.168.*.1
Netmask : 255.255.255.0
Broadcast : 192.168.*.1
(You can use the number you want on *, usually, home router use 0 or 1, but every number up to 253 should work, personally, I use 9, however this is important to use the same at every step of this tutorial !)

Then click on "Save and Apply".

Second thing to do is to configure DHCP, for this we go at "Server > DHCP Server> Add a new subnet"

Code: Select all

Subnet description : What you want
Network address : 192.168.*.0
Netmask :255.255.255.0
Address ranges : What you want, you can use "192.168.*.100 - 192.168.*.200" like the other howto say if you want to
Click on create, and then click on 192.168.*.0 in the subnet and shared network part, you should see almost same option than the previous screen, but with some new button at the bottom, clic on the "Edit Client Option" one, and on the new screen, configure these settings :

Code: Select all

"Subnet mask" - 255.255.255.0
"Default routers" - 192.168.*.1
"Broadcast address" - 192.168.*.255
"DNS servers" - 192.168.*.1
Then click on "Save", click on "Save" again at the next screen, scroll down and click on "Edit network interface", select the name of the interface you use for lan (eth0 in my case) from the list and click save !

The server DHCP is now ready, you can click on the "Start Server" button !

Now, last step, firewalling/nat !

On the left menu, click on "Linux Firewall", check the radio button for "No network address translation" and select the internet face lan card name (In my case, eth1), Check the box "Enable firewall at boot time", click "Setup Firewall". and finally click on "Apply Configuration".

From here you should have a working router with DHCP and DNS, I invite you (Do it, its important !) to read the base tutorial ( http://ubuntuforums.org/showthread.php?t=926001 ) "Configuring the firewall (or "Why I stopped worrying and learned to love IPtables")" at "Setting up the firewall" step to enhance security of your router !

Desumoyo

randrade
Posts: 79
Joined: Thu Dec 27, 2012 8:42 pm
Contact: Website

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Sat Feb 02, 2013 2:53 pm

Instead of downloading the Webmin package and installing it, just add the repo to apt so that you can update it easily. You can use this script I posted on my blog:

Code: Select all

sudo echo "deb http://download.webmin.com/download/repository sarge contrib" | sudo tee -a /etc/apt/sources.list
sudo echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" | sudo tee -a /etc/apt/sources.list
cd /root
sudo wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
sudo apt-get clean

desumoyo
Posts: 3
Joined: Thu Jan 31, 2013 4:56 pm

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Wed Feb 06, 2013 11:27 am

randrade wrote:Instead of downloading the Webmin package and installing it, just add the repo to apt so that you can update it easily. You can use this script I posted on my blog:

Code: Select all

sudo echo "deb http://download.webmin.com/download/repository sarge contrib" | sudo tee -a /etc/apt/sources.list
sudo echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" | sudo tee -a /etc/apt/sources.list
cd /root
sudo wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
sudo apt-get clean
Sound like a better option.

About performance of the Pi as a router, well I use it at home since I posted the howto and up to now, no problem at all, great speed in both local and internet (100MBps)

Desumoyo

killerbobjr
Posts: 5
Joined: Thu Feb 07, 2013 6:44 am

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Thu Feb 07, 2013 6:52 am

Are you actually getting above 50Mbs duplex? I can get 100Mbs+ half duplex (from the Pi or to the Pi), but never above 50Mbs across the Pi (one external machine to another external machine, with the Pi as a simple router between them, using a USB gigabit ethernet adapter and the built-in ethernet port).

desumoyo
Posts: 3
Joined: Thu Jan 31, 2013 4:56 pm

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Thu Feb 07, 2013 1:29 pm

I can send a file at 11MB/second between two PC behind the pi (screenshot : http://i.imgur.com/cfmo4Km.png ) so, yes :)

killerbobjr
Posts: 5
Joined: Thu Feb 07, 2013 6:44 am

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Thu Feb 07, 2013 4:56 pm

Dammit! The ARM drivers for my SMSC based adapter must be screwy. Your Apple adapter uses an ASIX chipset, but ASIX's drivers don't support 64-bit OSX (last I checked). My SMSC adapter works great in 64-bit OSX however, and I can transfer around 220Mbs on my Mac. I can only surmise that the drivers in Raspbian are borked when duplexing over the USB bus since half duplexing seems to work okay.

I'll see if I can get a debugging compile of the driver working and track down the problem.

solutionssquad
Posts: 15
Joined: Wed Jun 06, 2012 2:56 pm

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Fri Apr 12, 2013 3:24 am

Ok, after 6 hours of trying this, I give!
I have followed the directions and all is fine but I can not get online.
Any help is GREATLY appreciated.

Background:
ETH0 is going to computer.
ETH1 is going to cable modem.
I can surf, and ping from the Pi.
I can not surf or ping from a computer despite getting an IP address.
This also applied to pinging 8.8.8.8.
Here's my configs:

eth0 Link encap:Ethernet HWaddr b8:27:eb:19:a0:83
inet addr:192.168.1.1 Bcast:192.168.1.1 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15904 errors:0 dropped:0 overruns:0 frame:0
TX packets:3625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:941516 (919.4 KiB) TX bytes:693982 (677.7 KiB)

eth1 Link encap:Ethernet HWaddr 00:25:9c:5c:cf:9d
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:101387 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:111886084 (106.7 MiB) TX bytes:525441 (513.1 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4145 (4.0 KiB) TX bytes:4145 (4.0 KiB)

root@raspberrypi:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

route:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

User avatar
terrycarlin
Posts: 70
Joined: Thu Jun 14, 2012 10:42 pm

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Fri Apr 12, 2013 4:56 pm

Did you set up your default gateway? Your routing table only has an entry for your internal network.
If it ain't broke, take it apart and see how it works.

solutionssquad
Posts: 15
Joined: Wed Jun 06, 2012 2:56 pm

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web

Wed Apr 17, 2013 12:48 pm

I'm not all that good with Linux.
How would I do that?
Also, would I be able to accomplish a dual wan setup on all this?

Thank you!

User avatar
JoanTheSpark
Posts: 33
Joined: Sun Feb 21, 2016 5:36 am

Re: [HOWTO] Rasberry Pi as a wired router with webmin as web ui.

Wed Nov 08, 2017 9:23 am

Just in case someone stumbles upon this and needs it too.
  • the dhcp3-server package has changed to isc-dhcp-server
  • the bind9 package wants a sudo apt-get update before it works (at least on my RPi 3) with Jessie
So the first command(s) in the OP would need to change to this to make it work these days:

Code: Select all

sudo apt-get update
sudo apt-get install bind9 isc-dhcp-server perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libdigest-md5-perl apt-show-versions libapt-pkg-perl
After that it worked for me - webmin that is (direct access on machine with browser) - not all the modules/services needed to actually get a DHCP/DNS-router working or the access from LAN.

My setup:
  • ppp0 > WAN (USB modem)
  • eth0 > LAN
  • LAN 192.168.1.x/24, broadcast on 192.168.1.255
  • router/dns/dhcp: 192.168.1.254
Be aware that with Jessie and now Stretch network settings changed for how it's described in the OP or around the net:
https://raspberrypi.stackexchange.com/q ... ip-address
my /etc/dhcpcd.conf file thus looks like this (no dns/router defined on purpose):

Code: Select all

profile static_eth0
static ip_address=192.168.1.254/24

interface eth0
fallback static_eth0
from this: https://wiki.archlinux.org/index.php/dh ... interfaces

/etc/interfaces is unchanged from it's original state, except for the firewall rules (will be added by webmin when you set it up), which make it look like this for eth0:

Code: Select all

...
iface eth0 inet manual
	post-up iptables-restore < /etc//iptables.up.rules
...
.
Setting up a static IP is bonkers with dhcpcd controlling the interface now vs isc-dhcp-server depending on it starting up - I always have to manually start the server after the Pi has booted - follow this to pass this hurdle:
viewtopic.php?f=36&t=170758

The OP doesn't cover the DNS-forwarding/caching settings for bind9 in /etc/bind/named.conf.options, while mine look like this now (didn't touch the other include files, settings via webmin gui uses several submenus, I just modified the file):

Code: Select all

acl goodclients {
   192.168.1.0/24;
   localhost;
   localnets;
};

options {
	directory "/var/cache/bind";
	dnssec-enable yes;
	dnssec-validation yes;
	auth-nxdomain no;
	listen-on-v6 {
		any;
	};
	recursion yes;
	allow-query {
		goodclients;
	};
	forwarders {
		8.8.8.8;
		8.8.4.4;
	};
from this: https://www.digitalocean.com/community/ ... untu-14-04

Also, if you want to access webmin from the LAN (headless RPi DHCP/DNS router) make sure the SSL settings in webmin are sufficient (might have to do with the order of installing webmin vs ssl packages) per this:
https://sourceforge.net/p/webadmin/disc ... /7a5ffa9d/
I got 'ssl_error_rx_record_too_long' otherwise in web browsers on the LAN trying to access the router/webmin via https.

Still, thanks a lot all involved!

Return to “Networking and servers”