View on GitHub

Core Pi

Pi as an access point providing dhcp to eth0



Core Pi may seem an odd exercise but the point is to use a pi as the central point in providing Internet and initial setup for other pies in a wifi only environment. Core Pi connects to the Internet via wifi, provides a wifi access point, and acts as a DHCP router for a pi direct connected with Ethernet cable.

Recent Raspbian versions are ready for SSH connection over Ethernet cable. Core Pi takes advantage of that to ease initial connection and setup. I am using this in a learning lab environment with Chromebooks.

This guide assumes that 2 WiFi adapters will be used, one for access point service and one for Internet access. It also assumes that another pi, not fuly set up, may be connected to it via eth0.

Next up?

After reading this guide, you may be interested in reading:

Parts List


Start with a Raspberry Pi image. This is an image saved after following the RPi Initial Setup Guide, RPi WiFi Access Point Guide, and RPi Desktop Mods. The image should not be Lite. If you do not have such an image, start with a Raspbian image and follow the aforementioned guides before returning here.

  1. Write the image to the MicroSD.
  2. Connect to the Pi.
  3. Connect to your WiFi.
  4. Setup the DHCP server.
  5. Set a static IP on eth0.
  6. Configure NAT.
  7. Connect and test.
  8. Add a guest user
  9. Install additional packages
  10. Conclusion.


Write the image

Write the image to the MicroSD as described in the RPi Initial Setup Guide. Insert the MicroSD into the Pi and boot.

Connect to the Pi

Since your pi already acts as a wifi access point, connect to its SSID. Now use SSH to connect to it using either hostname.local or its IP address. If you used the settings given in RPi WiFi Access Point Guide, the IP address is

Connect the Pi to your WiFi Internet

In this guide, I will use the desktop but nmcli may be used as discussed in the RPi Initial Setup Guide - NetworkManager CLI. VNC was discussed in RPi Initial Setup Guide - Connect to the Pi using VNC

NOTE: There are many security problems in current vnc implementations. Permit access to vnc servers on the local network only.

  • vncserver -nolisten tcp -nevershared -dontdisconnect :1
  • From your browser connect to the pi's VNC
  • Using the dialogs, connect to your Internet wifi SSID

Setup the DHCP server

  • sudo nano /etc/default/isc-dhcp-server
  • INTERFACES="eth0 wlan1"
  • Now edit the DHCP configuration file, sudo nano /etc/dhcp/dhcpd.conf
subnet netmask {
    interface wlan1;
    option broadcast-address;
    option routers;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers,;

subnet netmask {
    interface eth0;
    option broadcast-address;
    option routers;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers,;

Set a static IP on eth0

  • Take the interface down, sudo ifdown eth0
  • sudo nano /etc/network/interfaces
  • Comment #iface eth0 inet manual
  • Add
iface eth0 inet static

Configure NAT

  • Verify IP Forwarding was enabled earlier
    • cat /etc/sysctl.conf should contain net.ipv4.ip_forward=1
    • cat /proc/sys/net/ipv4/ip_forward shoule be 1
  • Update iptables rules, sudo nano /etc/iptables.test.rules
# BEFORE THE COMMENT # Reject all other inbound # ADD

# Allow forwarded from eth0 to permit NAT and Core Pi
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
  • Load the rules, sudo iptables-restore < /etc/iptables.test.rules
  • Verify rules, sudo iptables -L and sudo iptables -S
  • Save rules for booting,
sudo -i
iptables-save > /etc/iptables.up.rules

Connect and Test

First, down and up the interfaces then restart the services.

  • Down and then up the interfaces,
    • sudo ifdown wlan1
    • sudo ifdown eth0
    • sudo ifup eth0
    • sudo ifup wlan1
  • Restart the DHCP server, sudo service isc-dhcp-server restart
  • Restart hostapd, sudo service hostapd restart
  • Check their statuses
  • View logged output from the DHCP server and also from iptables, tail -F /var/log/syslog. This may be helpful if troubleshooting is needed.

Next, connect to the interfaces and verify proper functioning of hostapd and dhcp.

  • Connect to the wifi ap
  • Connect with an Ethernet cable to the pi
  • View the active DHCP leases with, cat /var/lib/dhcp/dhcpd.leases.
  • Use arp to more easily view active addresses, arp.
  • Verify that VNC and SSH work as expected with the DHCP assigned addresses.

Add a guest user

Core Pi may be accessed as a via point for novices. Novices should not have permission to run root commands. Only the pi user, with a strong password, should have root access.

  • sudo adduser guest
  • Enter a new password for guest, perhaps raspberry
  • Complete other information or skip as you choose
  • Accept the new user

The guest must now be given permission to connect using ssh.

  • sudo nano /etc/ssh/sshd_config
  • Add guest to AllowUsers
    • Should look like this AllowUsers pi guest
  • Reload the sshd_config, sudo service ssh reload

Install additional packages

  • Make it easier to match pies to IPs, sudo apt-get install avahi-utils
  • Add the ability to resize partitions and therefore disk images on other SD cards. sudo apt-get install gparted


CorePi is ready to use for serving as a wifi router, network master, and pi setup station. It would be relatively easy to write some scripts to automatically set up any unconfigured pi connected to eth0. I do not plan on writing such scripts since my CorePi will be used in learning how to set up a pi.

Remember to save your image file as CorePi.