I recently had to set up a site using Aruba Central, the problem is when I got there the customer didn't have internet service yet and he couldn't wait for service.
Lucky for me I carry lots of 'junk' in my bag and one of these pieces of junk was a Raspberry Pi 3B+ with a 3.5 LCD display and I knew I could convert this into a NAT device since it uses Linux OS.. So once i got this working 30min since I already had it acting as a WAP so I only needed to reverse the NAT and then finished the customers network and everyone was happy. Once they get their official Internet circuit I only need to add it to the gateway and I'm finished. Customer Happy....
Then I thought I would write it up for the community...
Start with the following hardware:
1) Raspberry Pi 3 Model B+ https://www.amazon.com/gp/product/B07P4LSDYV/
2) 32GB U1 microSDHC EVO https://www.amazon.com/gp/product/B06XWN9Q99/
3) 5V 2.5A Power Supply https://www.amazon.com/gp/product/B00MARDJZ4/
4) 3.5inch RPi LCD (B) 320x480 https://www.amazon.com/gp/product/B01N48NOXI/
5) Case for Raspberry Pi 3B+ https://www.amazon.com/gp/product/B07B5YG4LC/
If you have been playing with Pi's for a while you probably have 1-3 already and 4 and 5 won't break the budget and are optional anyway. I could drop the display and case by using a Pi W with an microUSB/Ethernet dongle to save space.. An exercise left to the user.
I'll assume you already have a hot spot capable phone and already know the SSID and passwords to gain access to the internet.
##Step 0:
If you already have a running Pi just skip this section
Configure the Pi
In order to configure my Pi, I followed [this tutorial in Desertbot for headless setup using Windows](https://desertbot.io/blog/headless-pi-zero-w-wifi-setup-windows),
which can be summarized as:
This step will need to be done at a sight where you have WiFi and a PC already configured so you can perform these tasks.
- [Download the Raspbian image](https://www.raspberrypi.org/downloads/raspbian/) (Raspbian Lite is fine)
- Flash the image file in the SD card using [balena Etcher](https://www.balena.io/etcher)
- Reinsert the SD card in your computer, Windows will create a few drive letters and tell you that all are unformatted but one. In that one create an empty file named `ssh` (withot any extension), and a file named `wpa_supplicant.conf` with the details of your WiFi access point as follows:
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
scan_ssid=1
ssid="<the name of your WiFi network>"
psk="<the password for your WiFi network>"
}
- Insert the SD card in your Pi and let it boot. Wait till it boots the 2nd time (two or three minutes or so).
- If you have dynamic DNS you should be able to find the IP number with nslookup raspberrypi.local, if not you'll need to scan for the IP using angryIP or simular scanner; then use ssh pi@IP#
- If everything worked you have an IP number for the Pi and you should now be able to SSH to your Pi using `pi` as the user name and `raspberry` as the password. Hooray! In the future this device will have access to the internet So, CHANGE THE PASSWORD NOW
$ ssh pi@IP#
(use passwork rasberry when asked)
$ sudo passwd
(enter new password)
(repeat new password)
$
The next steps are to be done via the SSH prompt directly in the Pi. To edit files text you can use the `pico` editor by running `sudo pico {filename}`.
## Step 1: Setup Ethernet Port
Configure the DHCP client so that the Ethernet port of the Pi gets a fixed IP address and network mask.
Edit the `/etc/network/interfaces.d/eth0` file and add the following content to it:
allow-hotplug eth0
iface eth0 inet static
address 192.168.254.1
network 192.168.254.0
broadcast 192.168.254.255
netmask 255.255.255.0
## Step 2: Setup DHCP Services
Install the dhcp-server software so we can host DHCP Services
sudo apt-get install isc-dhcp-server
Configure type DHCP client options edit `/etc/dhcp/dhcpd.conf` file by adding the following:
authoritative;
subnet 192.168.254.0 netmask 255.255.255.0 {
range 192.168.254.10 192.168.254.250;
option broadcast-address 192.168.254.255;
option routers 192.168.254.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "local-network";
}
Set the default interface for dhcp to eth0 edit `/etc/default/isc-dhcp-server` file and add the following line at end of file:
INTERFACESv4="eth0"
Last is the assure eth0 is never the default route edit the `/etc/dhcpcd.conf` file and add the lines at the end of the file as follows:
interface eth0
nogateway
Start the DHCP server now and make sure the DHCP service starts after each reboot by running:
$ sudo service isc-dhcp-server start
$ sudo systemctl enable isc-dhcp-server
## Step 3: configure IP forwarding
Now we need to configure IP forwarding: we want all the network traffic coming from the Ethernet port to be forwarded to the WiFi network, and viceaversa. These commands will do the trick:
Tell the server it will be forwarding ipv4 edit `/etc/sysctl.conf` file in order to enable IP forwarding
net.ipv4.ip_forward=1
Now we just turn on IP masquerading make sure the wlan0 power saving mode is disabled edit ` /etc/rc.local` file and add the following before the exit 0 line; in order to enable IP forwarding:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT
/sbin/iwconfig wlan0 power off
## Step 4: Try it!
Reboot your Pi and connect its Ethernet port to your Aruba Switch.
If everything goes as planned now your device has an IP address in the range 192.168.254.x and has Internet access via IP Masquerading thanks the Pi's WiFi interface
## Step 5: Optional Display for iftop
If you want a display and a case to look pretty
Plug the LCD in to the Pi's SPI pins then run the following commands to get LCD software:
sudo rm -rf LCD-show
git clone https://github.com/goodtft/LCD-show.git
chmod -R 755 LCD-show
cd LCD-show/
sudo ./LCD35-show
cd LCD-show/
sudo ./LCD-show 180
Install iftop and make sure your Pi have xterm terminal settings:
sudo apt-get install iftop
sudo apt-get install xterm
Add iftop to your .profile so it starts automagicly edit ~/.profile and at the end add the following:
sudo TERM=xterm-color iftop -n
Pop the Pi and the LCD into the case and screw it all together then,
Reboot and not only will you have a WiFi dongle but now you have a traffic monitor!