If you don’t have one, see our article on Raspberry Pi kits.
Contents
Raspi public wifi access point
Flash the system
Download the latest version of Raspian, an operating system based on Debian Linux that is made specifically for Raspberry Pi computers. You then need to “flash” – i.e. install – this system on a microSD card (min 16 GB). The easiest way to do this is to use the Etcher software which is very easy to use. The procedure is strictly the same as for creating a bootable USB key.
Initialize the system
At the first start, the system will ask you to choose the language and to change the password. Choose a strong one.
There is no need to connect to the Wi-Fi network. On the one hand, the Raspberry Pi is already connected to the Internet through the Ethernet cable. On the other hand, the Wi-Fi module will be used to create the access point. Click on Skip at this stage.
The system will then ask you to search for updates, which you must accept by clicking Next. This may take some time. Go and make yourself a coffee.
Download the code
Open a command window by clicking on the fourth icon from the left at the top. The icon represents a window with a top sign and a bottom dash. Write the command below, then validate.
> git clone https://github.com/gkallenborn/HomeFW HomeFW
The computer will then download the script for the firewall (firewall.sh), the configuration file (configurations.txt) and information files into a new folder called HomeFW.
Installing the software
Then you have to download and install the software that will allow you to create our famous secure access point. In this case: hostapd (Wi-Fi access point software), isc-dhscp-server (software that will assign IP addresses to the connected terminals), dnsmasq (DNS service software) and iptables (firewall software). To do this, you need to run the following command and, during the installation, validate each time it is requested. The term apt-get install starts the installation of the following software. The term sudo indicates that the whole command is run with administrator privileges.
> sudo apt-get install hostapd isc-dhcp-server dnsmasq iptables
Configuring the access point
In order for the access point to work properly, a number of configuration files need to be changed. This is the most important part. Concentrate, because you can’t go wrong. The best way is to open two command windows side by side. In the first one, display the contents of the configuration.txt file with the following command:
> more ./HomeFW/configurations.txt
In the second window, you will use the “nano” text editor to modify the files, by copying and pasting the lines from one window to the other. Be careful to follow the instructions in the file configurations.txt. Here are the commands that you will have to execute successively:
> sudo nano /etc/hostapd/hostapd.conf > sudo nano /etc/dhcp/dhcpd.conf > sudo nano /etc/sysctl.conf > sudo nano /etc/default/isc-dhcp-server > sudo nano /etc/default/hostapd > sudo nano /etc/default/dnsmasq > sudo nano /network/interfaces
Then, restart your Raspberry Pi 3, by running the following command
> reboot
Activate the firewall
At this point, you should see an access point labeled “IOT” if you scan the surrounding Wi-Fi networks. But this new network does not allow access to the Internet and it is not necessarily waterproof compared to the network of your box. To do this, you need to run the firewall.sh script. Run the following commands:
> cd HomeFW > chmod +x firewall.sh > sudo ./firewall.sh
The first command puts you in the HomeFW directory, the second makes the script executable and the third executes it. And that’s it. You now have a Wi-Fi network named “IOT” that is totally isolated from the rest of your network. Well done.
Automate the launch of the firewall
If, for any reason, your Raspberry Pi 3 shuts down, you will need to restart it and run the firewall.sh script again as described in step 6. To avoid having to connect a monitor, keyboard and mouse every time, it is more practical to connect to the Raspberry Pi 3 remotely from the box’s network, using the SSH (Secure Shell) service.
In order for the SSH service to start automatically when the Raspberry Pi 3 is started, you need to create an empty “ssh” file in the root of the microSD card. To do this, insert the microSD card into your computer.
Under macOS, launch a Spotlight window (Command + Space), write “terminal” and then launch the eponymous application. Then use the following commands:
> cd /Volumes/ > touch ssh
Under Windows, write “cmd” in the Cortana search field, then launch the eponymous application. Then use the following commands:
> : > type NUL > ssh.
The next time you restart your Raspbian system, the SSH service will be automatically started and accessible from your box’s network.