Recently my cable modem refused to connect to my provider, stating “Connection Refused”. The provider (UPC Austria) stated, that they have to come to my place and make some measurements. But this will be in one week…. WTF?? One week without internet? No way!

Fortunately, my provider offers a service, that every router provides two networks, a private one for the single customer, and a free network for all customers of UPC. This “UPC Wi-Free” was also available from some neighbours of mine.

It would be easy to connect all of my PCs to the network, but this is not enough for me. I needed a better solution. Also the PC of my girlfriend refused to connect to this network, my big PC has no WiFi and the server for sure not. Also the chromecast and the firestick…. no I will not configure all devices to configure them later again!

My previous setup included the router from my provider connected to my own router, a Fritz Box. All my devices are then behind the Fritz Box. So the only thing I had to change was to replace the UPC router with my Raspberry PI.

My starting point was the following:

Raspberry PI 2B

Alfa AWUS036H Wifi Adapter

a network cable 🙂

First I powered up the Raspberry and was curious what I had done with this firmware before. Apparently, I used it before for some photographing stuff… 🙂 Anyway, first the Debian needed to be updated from 7 (wheezy) to 8 (jessie).

First we make sure the current system is up to date:

sudo apt-get update sudo apt-get upgrade 1 2 sudo apt - get update sudo apt - get upgrade

Then we edit /etc/apt/sources.list and replace wheezy with jessie

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi 1 deb http : / / mirrordirector .raspbian .org / raspbian / jessie main contrib non - free rpi

Then the upgrade:

sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade 1 2 3 sudo apt - get update sudo apt - get upgrade sudo apt - get dist - upgrade

This took a while, the raspi is not a fast gaming machine… After the upgrade, I configured the WiFi adapter to work with the UPC Wi-Free. For this the wpa_supplicant and the the network interfaces have to be configured:

The following content belongs to /etc/wpa_supplicant/wpa_supplicant.conf:

network={ ssid="UPC Wi-Free" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP identity="your@e.mail" password="password" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } 1 2 3 4 5 6 7 8 9 10 network = { ssid = "UPC Wi-Free" scan_ssid = 1 key_mgmt = WPA - EAP eap = PEAP identity = "your@e.mail" password = "password" phase1 = "peaplabel=0" phase2 = "auth=MSCHAPV2" }

And this belongs to /etc/network/interfaces:

auto lo iface lo inet loopback # give the ethernet a static ip for acting as DHCP Server auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 dns-nameservers 8.8.8.8 # configure the WiFi interface and enable auto start auto wlan0 allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 auto lo iface lo inet loopback # give the ethernet a static ip for acting as DHCP Server auto eth0 allow - hotplug eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 dns - nameservers 8.8.8.8 # configure the WiFi interface and enable auto start auto wlan0 allow - hotplug wlan0 iface wlan0 inet manual wpa - roam / etc / wpa_supplicant / wpa_supplicant .conf iface default inet dhcp

You can use different IPs for sure and also you can specify any other DNS than Googles 8.8.8.8. Now we restart the network service and test the connection:

sudo service networking restart ping google.de PING google.de (173.194.116.111) 56(84) bytes of data. 64 bytes from fra02s27-in-f15.1e100.net (173.194.116.111): icmp_seq=1 ttl=55 time=23.2 ms 64 bytes from fra02s27-in-f15.1e100.net (173.194.116.111): icmp_seq=2 ttl=55 time=35.2 ms 64 bytes from fra02s27-in-f15.1e100.net (173.194.116.111): icmp_seq=3 ttl=55 time=30.6 ms 1 2 3 4 5 6 7 sudo service networking restart ping google . de PING google . de ( 173.194.116.111 ) 56 ( 84 ) bytes of data . 64 bytes from fra02s27 - in - f15 . 1e100.net ( 173.194.116.111 ) : icmp_seq = 1 ttl = 55 time = 23.2 ms 64 bytes from fra02s27 - in - f15 . 1e100.net ( 173.194.116.111 ) : icmp_seq = 2 ttl = 55 time = 35.2 ms 64 bytes from fra02s27 - in - f15 . 1e100.net ( 173.194.116.111 ) : icmp_seq = 3 ttl = 55 time = 30.6 ms

The Ethernet interface need a static IP in order to serve DHCP. For this we need also a DHCP server installed on the raspi. We achieve this with the ISC DHCP Server.

sudo apt-get install isc-dhcp-server 1 sudo apt - get install isc - dhcp - server

We need then to configure the server with a really basic configuration. The configuration is done by editing the file /etc/dhcp/dhcpd.conf.

default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.201 192.168.1.250; option routers 192.168.1.1; } 1 2 3 4 5 6 7 8 default - lease - time 600 ; max - lease - time 7200 ; authoritative ; log - facility local7 ; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.201 192.168.1.250 ; option routers 192.168.1.1 ; }

Basically the set here some lease times for the server, with authoritative we tell the server that he will server this range alone. Later we define a small subnet. The “option routers” is important, because here the DHCP server will tell clients that he will also serve requests later as the gateway.

Now we can start the server:

sudo service isc-dhcp-server restart 1 sudo service isc - dhcp - server restart

Now we can connect the router and we will see that the raspi serves with an IP address. Now we have to connect both interfaces. In my case the interfaces have the names eth0 and wlan0. We use iptables for this:

/sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE /sbin/iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT 1 2 3 / sbin / iptables - t nat - A POSTROUTING - o wlan0 - j MASQUERADE / sbin / iptables - A FORWARD - i wlan0 - o eth0 - m state -- state RELATED , ESTABLISHED - j ACCEPT / sbin / iptables - A FORWARD - i eth0 - o wlan0 - j ACCEPT

This is only temporary so we have to make the rules persist. The easy way here is with the package iptables-persistent:

sudo apt-get install iptables-persistent 1 sudo apt - get install iptables - persistent

During the installation you will be asked to save the current rules, answer with yes and the installer will save the rules to /etc/iptables/rules.v4:

# Generated by iptables-save v1.4.21 on Tue Jan 5 19:22:29 2016 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o wlan0 -j MASQUERADE COMMIT # Completed on Tue Jan 5 19:22:29 2016 # Generated by iptables-save v1.4.21 on Tue Jan 5 19:22:29 2016 *filter :INPUT ACCEPT [1:52] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:152] -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT COMMIT # Completed on Tue Jan 5 19:22:29 2016 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 # Generated by iptables-save v1.4.21 on Tue Jan 5 19:22:29 2016 * nat : PREROUTING ACCEPT [ 0 : 0 ] : INPUT ACCEPT [ 0 : 0 ] : OUTPUT ACCEPT [ 0 : 0 ] : POSTROUTING ACCEPT [ 0 : 0 ] - A POSTROUTING - o wlan0 - j MASQUERADE COMMIT # Completed on Tue Jan 5 19:22:29 2016 # Generated by iptables-save v1.4.21 on Tue Jan 5 19:22:29 2016 * filter : INPUT ACCEPT [ 1 : 52 ] : FORWARD ACCEPT [ 0 : 0 ] : OUTPUT ACCEPT [ 1 : 152 ] - A FORWARD - i wlan0 - o eth0 - m state -- state RELATED , ESTABLISHED - j ACCEPT - A FORWARD - i eth0 - o wlan0 - j ACCEPT COMMIT # Completed on Tue Jan 5 19:22:29 2016

Now you have to activate also the ipv4 forwarding by executing the following line:

sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' 1 sudo bash - c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

And you are done!

Update:

THX to the users u/ZoLustIkErNogWelEen and u/Q3_benji who pointed out I forgot to write down the steps with the sources.list and the activation of the ipV4 forwarding!

Update2:

THX to Rob who showed me a mistake in the post!