In Scene 4 of our Raspberry Pi Wi-Fi Repeater series, we dive into setting up IP forwarding, installing a firewall with iptables, and configuring a Wi-Fi access point. Learn how to forward packets, set up IP masquerading, and debug with tcpdump. Perfect for tech enthusiasts looking to extend their network range! Subscribe for more step-by-step tutorials and check out our website for additional resources. #RaspberryPi #WiFiRepeater #Networking #TechTutorial
New Scene Introduction 00:00:00
Video Editing for Recording Time 00:00:04
Camera Battery Concern 00:00:10
IP Forwarding Setup 00:00:12
IP Forwarding Explanation 00:00:34
Configuration File Access 00:01:24
Editing System Control File 00:01:40
Enabling IP Forwarding 00:02:03
Firewall Installation 00:02:40
IP Tables Installation 00:03:04
IP Masquerading Setup 00:03:33
IP Tables Rules Configuration 00:03:49
Making Firewall Rules Persistent 00:05:03
Access Point Setup Introduction 00:06:11
Network Manager Configuration 00:06:32
Setting SSID and Password 00:07:14
Wireless Security Settings 00:08:24
IP Address Configuration 00:10:17
Verifying Connection Settings 00:11:43
Debugging with TCP Dump 00:12:32
Installing TCP Dump 00:13:39
Monitoring Network Interfaces 00:14:00
SSH Debugging Shortcut 00:15:24
Testing Access Point 00:16:48
Virtual Machine Testing 00:17:02
Call to Subscribe 00:17:44
QR Code and Website Promotion 00:18:21
Thanks for watching!
Find us on other social media here:
- https://www.NeuralLantern.com/social
Please help support us!
- Subscribing + Sharing on Social Media
- Leaving a comment or suggestion
- Subscribing to our Blog
- Watching the main "pinned" video of this channel for offers and extras
New Scene Introduction 00:00:00
Video Editing for Recording Time 00:00:04
Camera Battery Concern 00:00:10
IP Forwarding Setup 00:00:12
IP Forwarding Explanation 00:00:34
Configuration File Access 00:01:24
Editing System Control File 00:01:40
Enabling IP Forwarding 00:02:03
Firewall Installation 00:02:40
IP Tables Installation 00:03:04
IP Masquerading Setup 00:03:33
IP Tables Rules Configuration 00:03:49
Making Firewall Rules Persistent 00:05:03
Access Point Setup Introduction 00:06:11
Network Manager Configuration 00:06:32
Setting SSID and Password 00:07:14
Wireless Security Settings 00:08:24
IP Address Configuration 00:10:17
Verifying Connection Settings 00:11:43
Debugging with TCP Dump 00:12:32
Installing TCP Dump 00:13:39
Monitoring Network Interfaces 00:14:00
SSH Debugging Shortcut 00:15:24
Testing Access Point 00:16:48
Virtual Machine Testing 00:17:02
Call to Subscribe 00:17:44
QR Code and Website Promotion 00:18:21
Thanks for watching!
Find us on other social media here:
- https://www.NeuralLantern.com/social
Please help support us!
- Subscribing + Sharing on Social Media
- Leaving a comment or suggestion
- Subscribing to our Blog
- Watching the main "pinned" video of this channel for offers and extras
Category
🤖
TechTranscript
00:00okay we've started a new scene here I just cut the video I edited it a little bit so that we
00:06could so that I could have more recording time before the camera dies the camera is going to
00:11take a poop anyway um so next we need to set up IP forwarding because what's going to really
00:16happen is when you send a request let me see if I can find that image real fast where the heck is
00:22that I'm not it's right here so this is the after image so if you think about it what's going to
00:30happen is uh when your clients send a signal you know to the pi the pi is not the internet the pi
00:38is just connected to your router the pi then needs to forward the data the packets whatever
00:45to its other interface so this is like you know wireless LAN one and this is like wireless LAN
00:52zero if you recall so we need to set up an ability to forward packets between uh interfaces so that
01:00we can get the packets to wireless LAN zero and then they'll eventually end up being sent to the
01:05router so that's the basic idea of what we're doing now and then also uh IP masquerading
01:10so I'm going to close this and then go back to the pi here we just need to uh
01:21edit a command real fast let's see so there's a configuration file called system control
01:28in the etc directory so we can do cat system control dot configuration uh a lot of its stuff
01:36is uh braid out or I guess like not configured by default so if we edit it wait what's going on
01:42there dude what is happening did you see that oh I did pseudo nano pseudo nano that was dumb
01:49so a lot of these options are just they're commented out you know they're not like enabled
01:53so this is a good idea for security purposes but uh we definitely need to forward so
02:00I'm going to uncomment net.ipv4.ip forward equals one to enable ipv4 ip forwarding on ipv4 and then
02:12I'm going to uncomment the next one for ipv6 forwarding even though no word even though we're not setting up
02:18ipv6 in this video uh it'll be a pain in the butt if you start trying to set up ipv6 on your own
02:23later and you forget to come back to this file so that's that's what I'm going to do
02:27so we can immediately apply the changes uh with this command if we want to I'm just going to put
02:34it on the screen real fast but we don't need to because I'm going to do a reboot after we set this up
02:39so the next thing we need is we actually need to install a firewall so that we can
02:44keep persistent firewall rules that will help us ip masquerade at least this is the way I know how to
02:51do it so by default this operating system doesn't actually have ip tables installed the pi is totally
02:57open and unprotected kind of weird but okay so I'm going to go sudo apt install ip tables so I can get
03:04a firewall and then I'm going to install install ip tables persistence actually let's do persistent
03:11later so that we don't have to do any other commands when you install persistent it'll grab
03:17whatever's already in there and just make it persistent so you don't even have to remember
03:20extra commands if you're wondering why we're installing a firewall at this point uh it's not
03:25necessarily to protect the pi although we can use that to protect the pi pretty soon
03:30um or like later but it's really so that we can have masquerading work which is in this case
03:37it's very closely related to forwarding data from the two network adapters so I'm going to go so we
03:43just installed ip tables I'm going to say ip tables list all the rules are empty everything is open the
03:49firewall is really letting everything through so then I'm going to do sudo ip tables network address
03:58if the source is coming from oh yeah if the source is coming from your uh access point
04:08and it's trying to go out to the uh to the ethernet adapter that's wrong that's not going to work for our
04:14purposes eventually we'll say the judgment is that it's okay to masquerade
04:19um we should replace this with wireless land zero also so that they both work
04:27basic idea is if a client of the pi access point is sending information into the pi like it's it's
04:35making a web request then we're saying it's okay to masquerade as that ip address as we send the data
04:42along uh to either the ethernet port or the wireless land port so I put both of those in there
04:48because I want it to work for both uh you may only need to put wireless land zero or whatever your
04:53adapter is for the uh the one that's making the primary connection to the original router
04:58so now let's make the rules permanent with uh iptables save sudo apt install ip tables
05:07oh wait no we don't even necessarily need to use save
05:12if we just install persistent after we did it whoops apt install
05:17persistent because I think it'll ask us if we want to save the rules right now
05:21yeah right okay so I'm going to say yeah so I can save myself some commands
05:27yeah go ahead and save them uh if you installed persistence uh right away you could either uninstall
05:34them and then reinstall them I guess otherwise the command is basically uh this to take whatever
05:39rules are currently inside of iptables and then just send them into that saved rules file
05:45and then you would do the same thing for the v6 if you wanted ipv6 double check what has been saved
05:51with uh this command so we'll say uh sudo cat and then that's the file where the rules are saved
05:59so it's telling me yeah they are saved so if I reboot the pi uh the rules should still be there now
06:05and then we have enough time to set up the access point um we are very very very close
06:13yeah it's probably actually going to work now set up the access point and um
06:20hmm yeah I'll show you how to do a debug uh a debug thing after this I'm not going to do it
06:28so you can see but I'll show you how to do it anyway so let's set up the access point remember
06:32uh we're only connected with one of the radios right now so sudo network manager
06:36command line interface connection show and we're only connected as a client
06:40so now we need to do this sudo network manager command line interface
06:44connection add not device wi-fi connect but connection add
06:48the type is going to be wi-fi
06:50and then we're going to specify the interface name as wireless LAN 1 that's the dongle that we
06:56installed earlier and then we're going to set into access point mode so that's mode ap
07:01and then I'm just going to set the connection name to become access points you can obviously
07:07set this to whatever you want it doesn't really matter and then we have to set the ssid probably
07:13this should be different than your main router because we're not doing like uh wds you know
07:18roaming access points or anything like that this is going to be a totally separate access point
07:22with a totally separate network we're just going to eventually make it work so that we can route
07:27between the two networks seamlessly so that it'll feel like one network but it's technically another
07:32subnet at least so choose something for your ssid that your neighbors won't call the police about
07:38i'm going to do well la de freaking god
07:43and then uh we'll set a password so i'm going to just make up a random password right now in another
07:50window and then uh i can change it later i guess
07:54this thing is not working hello okay i'm just going to copy paste a random password
08:08so i'll set the uh let's see what is it 802
08:1411 wireless security
08:19oh you know what it's probably easier if i just do this
08:26from inside network manager so i added the connection the ssid is well la de freaking dot
08:32uh then i can just kind of show the connections become access point is not up yet so i'm going to
08:38edit it connection edit become access points so now it's i don't know for me it's a little bit
08:46easier to edit all these things so i'm going to do set 802 11 802 11 is kind of like you know the
08:52wireless family of standards dot band oh for the band depending on your dongle uh you might want
09:002.4 gigahertz or 5 gigahertz also depending on your country for me i'm going to try to get this
09:06on 5 gigahertz so that is band a uh i think the other band is either
09:10actually you know what network manager will tell me yeah bg i was going to say just g by itself yeah
09:18so i'm going to do a because i want 5 gigahertz at least for this then i'm going to do set uh
09:23the wireless uh security property of the key management and i'm going to set it to basically
09:31a pass pass key or like a pass phrase some of these settings are probably going to be out of
09:36date by the time you watch this video so you might want to go look up the latest or ask me a million
09:41times to uh provide an updated video i guess although this took like hours and hours and hours just to
09:47even record kind of i'm kind of over it to be honest i hope this works for everybody because
09:53regardless i'm eating an entire pizza by myself when this is finished let's see group let's see
09:59proto group pairwise um so we're just type we're just typing stuff now now psk so that's the uh the
10:07password so then i'm going to paste the random password that i just came up with
10:12and then uh hit enter to get that in there and then we're going to set up the ip address remember
10:17this is another adapter we still need to set its ip address so ipv4 dot addresses
10:23i've got to do set sorry address is 192.168.5.1 which is what we decided on and then uh block 24
10:33yes to manual and then i'm going to set its uh gateway
10:37to nothing oh the gateway has to be empty i made this mistake earlier if you actually set
10:45the gateway to something like you probably want to do 192.168.1.1 if you do that then the access
10:53point will tell all of its clients that the gateway is 1.1 but the problem is they can't actually access
10:591.1 so they'll just be offline so you need to make sure probably that the gateway is empty so we'll do
11:05print ipv4 notice how the gateway is empty dns is empty dns search is empty they all should just be
11:14empty because we want uh the information to come from elsewhere at least on that uh on that so uh you
11:22know we want dns mask to tell them everything if those have values you can basically say remove ipv4
11:29uh dot addresses and then it should work so let's see what else do i have to add addresses gateway dns
11:36dns search and then we'll print it'll to 11 wireless security just to double check it make sure that
11:43you've entered all the right values and then print the ipv4 block again just to double check it and
11:48then hit save uh if you have an error here uh you might want to type fix verify or maybe just go look
11:54at all the settings again but i saved it it seems to have worked so i can now quit
11:59and then uh oh actually maybe i should tell it to start automatically let me just double check
12:06print the connection properties does it say auto connect yes okay so now the access point
12:12should automatically come up whenever uh whenever the pi boots if we're lucky we're incredibly close
12:21right now so i'm gonna do i'm gonna open up another window and i just want you to kind of see
12:26what's what's going on here um or how i was debugging my connection because in the beginning when i was
12:32first learning how to do this i was like where are the packets going is it even trying so for me i made
12:38several windows like this um if your terminal doesn't split windows too bad for you mine is called
12:44terminator you can find it pretty easily it's sudo apt install terminator uh but what i what you
12:51want to do is ssh into the ethernet of the pi three times so i'm gonna do that uh and then oh god
13:00is that why that color code shows up i think i just figured something out uh so you want to do it
13:08three times and then you want to label each window so this window is going to be wireless land zero
13:13uh depending on your terminal you might have to do labeling differently wireless land one and uh
13:21and then i'm going to do ethernet zero on this one so they all we have three terminals one for each
13:28uh interface network interface and i'm basically just going to watch packets on every single interface
13:34so inside of the pi i'm going to first say sudo apt install tcp dump that's a special program that lets
13:41you watch packets as they're traveling all around your your network cards and stuff like that so
13:47sudo apt install tcp dump then the command is sudo tcp dump and then dash i to specify an interface
13:56and then we'll specify ethernet zero here and then uh here we'll specify wireless land zero we'll just
14:06match the windows that's why i labeled the windows and then here we'll do wireless land one
14:12uh and then so what you'll want to do is hit enter on each of these windows and you'll see like a huge
14:18stream of data you want to uh filter the data by something that's useful for you otherwise it'll be
14:25like way too much data even to even understand so for me i filtered it by icmp echo and then what i was
14:31doing is i was basically just pinging servers like i was pinging inside of the pi i was having it ping
14:38itself and then i was having it ping like my router then i was trying to have it ping clients and then
14:43i was having the clients ping the pi and ping the router and then finally start pinging the internet
14:46you're just doing pings all over the place uh in order to try to narrow down what might be wrong with
14:52your uh situation um if you follow this tutorial probably it'll be fine but like for me you know i like
14:58to debug and things were going wrong when i was first learning this so this was super super helpful
15:03i just want you to know um here's a problem though every time you reboot the pi let me do that right
15:09now you do pseudo reboot every time you reboot the pi you lose connection uh connections to all the
15:18other windows so then you have to like log back into the pi and then type out the command all over
15:22again so instead a nice shortcut could be something like this ssh into the pi ssh pi at 192.168.1.123
15:33and then in quotes or single quotes i'm going to do single quotes on the outside and then double
15:40quotes on the inside because you kind of have to use different quotes now what's going to happen is
15:45when i go into the pi it's going to log into the pi and immediately start doing the tcp dump for me
15:51so that means when um when i get booted i just have to i just have to hit the up arrow and i can
15:57immediately go back into the pi and i don't have to type out the commands again let me show you real
16:02fast uh with a slightly different way so i'm going to go ssh pi at 192.168.1.123 and then do a single
16:10quote and instead of doing tcp dump i'm just going to type echo by itself so notice how it logs in
16:17oh i didn't echo anything hello it logs in it prints hello and then it logs out so now
16:25i'm kicked out of the pi let's pretend that we lost internet or network i just hit the up arrow
16:31and hit enter so it's like so fast you don't have to type all those uh all those letters again
16:36so i'm not going to debug here i'll do that in another window if i really need to but i just
16:41wanted you to know and it's fun it's fun to know when things are really starting to work
16:45in the meantime it looks like the pi has probably rebooted now let's try some well we know that the
16:54pi's network works for itself so now the next step is how can we prove that this access point actually
16:59works oh my gosh um i think i'm going to cut the video so that i can show you that it works
17:05by logging into a a virtual machine that's inside of this virtual machine that i'm recording on it's
17:13probably going to be super slow we'll see what happens okay so i'm going to cut the scene right
17:18now when i come back we'll be logging into a virtual machine
17:22hey everybody thanks for watching this video again from the bottom of my heart i really appreciate
17:29it i do hope you did learn something and have some fun if you could do me a please a small little
17:35favor could you please subscribe and follow this channel or these videos or whatever it is you do
17:41on the current social media website that you're looking at right now it would really mean the world
17:45to me and it'll help make more videos and grow this community so we'll be able to do more videos
17:50longer videos better videos or just i'll be able to keep making videos in general so please
17:55do do me a kindness and uh and subscribe you know sometimes i'm sleeping in the middle of the night
18:01and i just wake up because i know somebody subscribed or followed it just wakes me up and i get filled
18:06with joy that's exactly what happens every single time so you could do it as a nice favor to me or you
18:11could you could troll me if you want to just wake me up in the middle of the night just subscribe
18:14and then i'll i'll just wake up i promise that's what will happen also uh if you look at the
18:20middle of the screen right now you should see a qr code which you can scan in order to go to the
18:24website which i think is also named somewhere at the bottom of this video and it'll take you to my
18:29main website where you can just kind of like see all the videos i published and the services and
18:34tutorials and things that i offer and all that good stuff and uh if you have a suggestion for uh
18:41clarifications or errata or just future videos that you want to see please leave a comment or if you just
18:47want to say hey what's up what's going on you know just send me a comment whatever i also wake up for
18:52those in the middle of the night i get i wake up in a cold sweat and i'm like it would really it really
18:58mean the world to me i would really appreciate it so again thank you so much for watching this video
19:03and um enjoy the cool music as as i fade into the darkness which is coming for us all
19:10so
19:12so
19:15so
19:17so
19:22so
Be the first to comment