This simple guide will show how to to turn on and off Internet access with some Linux PC in the middle. If you have Raspberry PI without its main purpose, it’ll be the perfect choice. With all the ingredients at one place, workshop can start.
The idea is to create simple Internet gateway using Raspberry PI or any other Linux PC. Why? To direct (some / children’s) computers through it and to have plain Internet plug switch.
The original text with all details is on the following url: http://kevinboone.net/linux_gateway.html
On the other hand, here you’ll find simpler version with turning on and off IP forward driven by cron scheduler. In few steps, small Internet gateway can be ready.
1) Enable IP forwarding
In /etc/sysctl.conf file net.ipv4.ip_forward parameter should be set to 1. This will be signal to kernel (after booting) to start “routing” according to iptables rules.
net.ipv4.ip_forward = 1
To enable routing right now (without system reboot), set 1 to /proc/sys/net/ipv4/ip_forward file with the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward
To be more precise, /proc file system is a virtual file system that presents view to kernel information like processes, memory, devices …
2) Create /etc/rc.d/rc.local file
rc.local file will contain iptables rules that should be applied after Linux is booted. In this step, file will be created and set execution permissions.
bash> touch /etc/rc.d/rc.local bash> chmod 755 /etc/rc.d/rc.local
3) Enable eth0:1 device and set iptables rules
Just copy and paste the following code to the /etc/rc.d/rc.local file. In this scenario, default gateway is 192.168.1.1 and Raspberry PI has 192.168.1.2 IP address on eth0:1 virtual device. With “ifconfig up” virtual device will be created and assigned IP address.
#!/bin/bash # enable 192.168.1.2 IP address ifconfig eth0:1 192.168.1.2 up # Remove all rules from the FORWARD chain iptables -F FORWARD # Enable NAT for IP 192.168.1.2 iptables -t nat -A POSTROUTING -o eth0:1 -j MASQUERADE # Enable forwarding between 192.168.1.1 and 192.168.1.2 iptables -A FORWARD -i eth0:1 -o eth0 -j ACCEPT
Here is complete output from ifconfig for eth0 and eth0:1 virtual device. As you can see, main IP address of Raspberry PI is 192.168.1.15 while virtual eth0:1 has 192.168.1.2
[root@pi ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::ba27:ebff:fe0e:2089 prefixlen 64 scopeid 0x20 ether b8:27:eb:0e:20:89 txqueuelen 1000 (Ethernet) RX packets 16831563 bytes 1355292553 (1.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16487630 bytes 1649037959 (1.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255 ether b8:27:eb:0e:20:89 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback) RX packets 137 bytes 9640 (9.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 137 bytes 9640 (9.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4) Edit and set crontab file
Writing 1 or 0 to the /proc/sys/net/ipv4/ip_forward will enable or disable routing and this is ideal for crontab. In this example, Internet access is enabled at 7am and disabled at 10pm. Actually, cron will continuously disable internet every 15 minutes from 10pm till 7am next morning. The idea is to prevent “accidental” reboot Raspberry PI after 10pm ;)
MAILTO="" # enable IP forwarding in 07:00 0 7 * * * /usr/bin/echo 1 > /proc/sys/net/ipv4/ip_forward # disable IP forwarding every 15 minutes from 22:00 till 06:45 */15 0-6,22-23 * * * /usr/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
At the end, it’s needed direct children’s PC to newly configured Raspberry PI – in other words, just set 192.168.1.2 as default gateway to computers that will have limited internet access.
From my experience, Raspberry PI has enough throughput for two PC on 4Mbit ADSL connection. My kids didn’t notice any difference in network activities before and after new gateway is set.
Anyway, this post is result of my intent to put kids in the bed before midnight. Smartphones are not covered here and for details please see original page mentioned at the page top. Luckily, we have agreement with our kids to be disarmed with phones at 9pm and that is currently good enough.
Hope these tips will give you an idea how to setup simple Internet gateway for home purpose.
1 thought on “Simple Linux gateway”
Just to add extended crontab version evolved for the past 6 months: