What you’ll need:
- raspberry pi 4
- raspbian buster lite
- USB to Ethernet adapter
Ok lets get started.
Download Raspbian Buster Lite and flash to sdcard
Update your pi
sudo -i apt update apt full-upgrade apt autoremove apt clean reboot
Give your built-in gigabit nic a static ip (this will be the router’s IP address that your devices will use as their gateway, DHCP and DNS server). Below we are using 192.168.0.0/24 as our local network.
nano /etc/dhcpd.conf interface eth0 static ip_address=192.168.0.1/24 static domain_name_servers=192.168.0.1
Install dnsmasq for DNS and DHCP services
apt install dnsmasq nano /etc/dnsmasq.conf * in the dnsmasq.conf file, uncomment or add the following: domain-needed bogus-priv no-resolve interface eth0 cache-size=1000 server=188.8.131.52 server=184.108.40.206 dchp-range=192.168.0.10,192.168.0.250,12h
Restart dnsmasq to apply new settings
systemctl restart dnsmasq
Install ufw firewall
apt install ufw
Allow incoming connections to your built-in gigabit interface eth0
ufw allow in on eth0
Enable routing in ufw
nano /etc/default/ufw set DEFAULT_FORWARD_POLICY="ACCEPT"
Enable NAT in ufw
nano /etc/ufw/before.rules add the following at the beginning of the file *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE COMMIT
The above settings imply your USB Ethernet adapter is eth1
Just connect the USB Ethernet dongle to your ISP and the built-in ethernet to your local network switch.
I definitely didn’t figure this out on my own…I was able to piece together the solution from these guides:
Upon reboot make sure ufw is running. If not you may need to apply this fix/workaround
Also make sure you change the password for user pi