The software solution to create a bridge in the main device, able to manage the internal network and the external WiFi connection convinced me that this was probably the best solution to deliver all the needed features:
- All the Meditech RPI can be accessible logging to the Master RPI via ssh or from the graphical desktop
- The internal devices can access the Master RPI device via the internal LAN sending their data to the storage database (MySQL based) via http / https and PHP
- The internal devices if needed can access the external network via the routed WiFi on the Master RPI
- Only one unit should access physically the Internet
- The system is open to more advanced security protocols, i.e. proxy, not implemented at the moment.
- Every wired Ethernet connected RPI device can act as an independent unit
- The Meditech unit should connect to the Internet via the Display Units acting also as a mobile access point
- Some new feature will be ...
The inspiring source for this solution after many tests and discarding other more complex and less performing variants come from an article on hackhappy.orghttp://hackhappy.org/uncategorized/how-to-use-a-raspberry-pi-to-create-a-wireless-to-wired-network-bridge/ site. Seeing in detail the procedure is almost simple and is covered by few steps:
1. Install the needed components
apt-get -y install isc-dhcp-server iptables
In this case the dhcp server is not an essential element as all the connected RPI has a static IP address but will be useful for further - possible - external units connected to the system
2. Set the network interfaces configuration for nat
This part of the script remained untouched: edit the /etc/network/interfaces
auto lo eth0 iface lo inet loopback iface [Device] inet static address [IP] netmask [Netmask] auto [Device] iface [Device] inet dhcp wpa-ssid "[SSID]" wpa-psk "[Password]" up iptables-restore > /etc/iptables.ipv4.nat
Note that the second interface is set in DHCP mode; it is the wifi (usually wlan0) that will connect to the access point for the Internet connection. For a elementary security connection role the Display Unit of Meditech (aka the tablet) will be connected via tethering with the rest of the network with a fixed pre-defined AP name that will be reported as wired information in the RPI settings. This will grant that only that particual device set as a WiFi AP can connect to the rest of the network.
3. Set the DHCP configuration
option domain-name "[Domain]";
option domain-name-servers 8.8.8.8, 8.8.4.4;
subnet [Subnet] netmask [Netmask] {
range [IP Range Start] [IP Range End];
option routers [IP];The only DHCP set is for the external access, while the internal ethernet settings (on eth0) will be static IP addresses
After these settings you should execute the following commands (as root, so use sudo)
echo "INTERFACES=\"eth0\"" > /etc/default/isc-dhcp-server service isc-dhcp-server restart update-rc.d isc-dhcp-server enable echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o [wlan0] -j MASQUERADE iptables -A FORWARD -i $wifid -o [eth0] -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i [eth0] -o [wlan0] -j ACCEPT iptables-save > /etc/iptables.ipv4.nat /etc/init.d/networking restart
For those interested on the complete parametrised command from the original article it is in attach to this post.
Top Comments