Description

Core Pi may seem an odd exercise but the point is to use a pi as the central point in providing Internet and initial setup for other pies in a wifi only environment. Core Pi connects to the Internet via wifi, provides a wifi access point, and acts as a DHCP router for a pi direct connected with Ethernet cable.

Recent Raspbian versions are ready for SSH connection over Ethernet cable. Core Pi takes advantage of that to ease initial connection and setup. I am using this in a learning lab environment with Chromebooks.

This guide assumes that 2 WiFi adapters will be used, one for access point service and one for Internet access. It also assumes that another pi, not fuly set up, may be connected to it via eth0.

Next up?

After reading this guide, you may be interested in reading:

Parts List

Raspberry Pi 2
8GB (or larger) class 10 MicroSD card
Two USB WiFi dongles (second wifi is optional)
- See the discussion Which Wifi USB adapters
Pi Case
Mini-USB power
Ethernet cable

Overview

Start with a Raspberry Pi image. This is an image saved after following the RPi Initial Setup Guide, RPi WiFi Access Point Guide, and RPi Desktop Mods. The image should not be Lite. If you do not have such an image, start with a Raspbian image and follow the aforementioned guides before returning here.

Write the image to the MicroSD.
Connect to the Pi.
Connect to your WiFi.
Setup the DHCP server.
Set a static IP on eth0.
Configure NAT.
Connect and test.
Add a guest user
Install additional packages
Conclusion.

Procedures

Write the image

Write the image to the MicroSD as described in the RPi Initial Setup Guide. Insert the MicroSD into the Pi and boot.

Connect to the Pi

Since your pi already acts as a wifi access point, connect to its SSID. Now use SSH to connect to it using either hostname.local or its IP address. If you used the settings given in RPi WiFi Access Point Guide, the IP address is 192.168.42.1.

Connect the Pi to your WiFi Internet

In this guide, I will use the desktop but nmcli may be used as discussed in the RPi Initial Setup Guide - NetworkManager CLI. VNC was discussed in RPi Initial Setup Guide - Connect to the Pi using VNC

NOTE: There are many security problems in current vnc implementations. Permit access to vnc servers on the local network only.

vncserver -nolisten tcp -nevershared -dontdisconnect :1
From your browser connect to the pi's VNC
Using the dialogs, connect to your Internet wifi SSID

Setup the DHCP server

sudo nano /etc/default/isc-dhcp-server
INTERFACES="eth0 wlan1"
Now edit the DHCP configuration file, sudo nano /etc/dhcp/dhcpd.conf

# ADD interface wlan1; TO WIFI ACCESS POINT CONFIG
subnet 192.168.42.0 netmask 255.255.255.0 {
    interface wlan1;
    range 192.168.42.10 192.168.42.50;
    option broadcast-address 192.168.42.255;
    option routers 192.168.42.1;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers 8.8.8.8, 8.8.4.4;
}

# ADD THE BELOW TO CONFIG FOR ETH0
subnet 192.168.84.0 netmask 255.255.255.0 {
    interface eth0;
    range 192.168.84.10 192.168.84.50;
    option broadcast-address 192.168.42.255;
    option routers 192.168.84.1;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers 8.8.8.8, 8.8.4.4;
}

Set a static IP on eth0

Take the interface down, sudo ifdown eth0
sudo nano /etc/network/interfaces
Comment #iface eth0 inet manual
Add

iface eth0 inet static
  address 192.168.84.1
  netmask 255.255.255.0

Configure NAT

Verify IP Forwarding was enabled earlier
- cat /etc/sysctl.conf should contain net.ipv4.ip_forward=1
- cat /proc/sys/net/ipv4/ip_forward shoule be 1
Update iptables rules, sudo nano /etc/iptables.test.rules

# BEFORE THE COMMENT # Reject all other inbound # ADD

# Allow forwarded from eth0 to permit NAT and Core Pi
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT

Load the rules, sudo iptables-restore < /etc/iptables.test.rules
Verify rules, sudo iptables -L and sudo iptables -S
Save rules for booting,

sudo -i
iptables-save > /etc/iptables.up.rules
exit

Connect and Test

First, down and up the interfaces then restart the services.

Down and then up the interfaces,
- sudo ifdown wlan1
- sudo ifdown eth0
- sudo ifup eth0
- sudo ifup wlan1
Restart the DHCP server, sudo service isc-dhcp-server restart
Restart hostapd, sudo service hostapd restart
Check their statuses
View logged output from the DHCP server and also from iptables, tail -F /var/log/syslog. This may be helpful if troubleshooting is needed.

Next, connect to the interfaces and verify proper functioning of hostapd and dhcp.

Connect to the wifi ap
Connect with an Ethernet cable to the pi
View the active DHCP leases with, cat /var/lib/dhcp/dhcpd.leases.
Use arp to more easily view active addresses, arp.
Verify that VNC and SSH work as expected with the DHCP assigned addresses.

Add a guest user

Core Pi may be accessed as a via point for novices. Novices should not have permission to run root commands. Only the pi user, with a strong password, should have root access.

sudo adduser guest
Enter a new password for guest, perhaps raspberry
Complete other information or skip as you choose
Accept the new user

The guest must now be given permission to connect using ssh.

sudo nano /etc/ssh/sshd_config
Add guest to AllowUsers
- Should look like this AllowUsers pi guest
Reload the sshd_config, sudo service ssh reload

Install additional packages

Make it easier to match pies to IPs, sudo apt-get install avahi-utils
Add the ability to resize partitions and therefore disk images on other SD cards. sudo apt-get install gparted

Conclusion

CorePi is ready to use for serving as a wifi router, network master, and pi setup station. It would be relatively easy to write some scripts to automatically set up any unconfigured pi connected to eth0. I do not plan on writing such scripts since my CorePi will be used in learning how to set up a pi.

Remember to save your image file as CorePi.