Easy Raspberry Pi WiFi Bridge

A Raspberry Pi WiFi bridge is one of the best ways of providing internet access to a device that only supports an Ethernet connection.

Raspberry Pi WiFi Bridge

In this tutorial, we will show you how to setup a WiFi bridge, and how to setup dnsmasq correctly to allow any device to connect through your Pi without issues.

You will need to keep in mind that you will not see speeds as good as what you would with a direct connection to your router. As there is some overhead with the connection having to run through the Raspberry Pi.

Remember to do this tutorial you will need either a WiFi dongle or a Raspberry Pi 3 with the inbuilt WiFi module.

This tutorial can be combined with our basic VPN access point, you can find the tutorial on how to set that up directly after this tutorial. Basically, it will show how to setup a OpenVPN client and redirect all traffic through that client.

Please note: This tutorial will require some slight changes if you decide to go down the VPN route, we will explain the necessary changes needed at the end of this tutorial.

Equipment List

Below are all the bits and pieces that I used for this Raspberry Pi Wi-Fi bridge tutorial, you will need A Wireless internet connection to be able to complete this tutorial.

Recommended

Optional

Setting up the WiFi Bridge

To setup the Raspberry Pi Wifi bridge we will be utilizing the dnsmasq package, this package handles most of the grunt work for this tutorial.

Dnsmasq is a package that acts as both a local DHCP server and a local DNS server. We utilize this package so that we can assign IP addresses and process DNS requests through the Raspberry Pi itself and act like a router.

One of the bonuses to utilizing dnsmasq is that it is very easy to configure while being somewhat lightweight in comparison to the isc-dhcp-server and bind9 packages.

Remember for this tutorial you will need to have an active WiFi router to connect to and an ethernet device you intend on bridging the Wi-Fi connection to.

1. Before we get started with installing and setting up our packages, we will first run an update on the Raspberry Pi by entering the following two commands into the terminal.

sudo apt update
sudo apt upgrade

2. With that done we can now install the two packages that we will be utilizing.

Run the following command to install dnsmasq and iptables. iptables is what we use to handle the firewall on our device.

sudo apt-get install dnsmasq iptables

3. Before we get too far ahead of ourselves, we should setup the wlan0 connection that we plan on using.

If you have already setup your wireless connection then you can skip ahead to step 5.

Otherwise open up the wpa_supplicant file by running the following nano command:

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

4. Within this file add the following, making sure you replace the ssid with the name of the network you want to connect to and replace the psk value with the password for that network.

network={
        ssid="networkname"
        psk="networkpassword"
}

5. With the wireless network now setup to correctly connect we can proceed with setting up our eth0 interface.

This will basically force it to use a static IP address, not setting this up can cause several issues.

To do this we need to modify the dhcpcd.conf file by running the following command:

sudo nano /etc/dhcpcd.conf

Important Note: If you’re on Raspbian Stretch or newer then wlan0 and eth0 may need to be changed if predictable network names is turned on.

Use the ifconfig command to see the new names, they’re likely quite long and will contain the MAC address.

Make sure you update these for all the commands in this tutorial.

6. Within this file we need to add the following lines, make sure you replace eth0 with the correct interface of your ethernet.

interface eth0
static ip_address=192.168.220.1/24
static routers=192.168.220.0

Now we can save and quit out of the file by pressing CTRL + X then pressing Y and then ENTER.

7. With our changes made to dhcpcd configuration we should now restart the service by running the following command:

sudo service dhcpcd restart

8. Before we get started with modifying dnsmasq’s configuration we will first make a backup of the original configuration by running the following command.

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

9. With the original configuration now backed up and moved out of the way we can now move on and create our new configuration file by typing the command below into the terminal.

sudo nano /etc/dnsmasq.conf

10. Now that we have our new file created we want to add the lines below.

These lines basically tell the dnsmasq package how to handle DNS and DHCP traffic.

interface=eth0       # Use interface eth0  
listen-address=192.168.220.1   # Specify the address to listen on  
bind-dynamic         # Bind to the interface
server=8.8.8.8       # Use Google DNS  
domain-needed        # Don't forward short names  
bogus-priv           # Drop the non-routed address spaces.  
dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time  

Now we can save and quit out of the file by pressing CTRL + X then pressing Y and then ENTER.

11. We now need to configure the Raspberry Pi’s firewall so that it will forward all traffic from our eth0 connection over to our wlan0 connection.

Before we do this we must first enable ipv4p IP Forwarding through the sysctl.conf configuration file, so let’s begin editing it with the following command:

sudo nano /etc/sysctl.conf

12. Within this file you need to find the following line, and remove the # from the beginning of it.

Find:

#net.ipv4.ip_forward=1

Replace with:

net.ipv4.ip_forward=1

Now we can save and quit out of the file by pressing CTRL + X then pressing Y and then ENTER.

13. Now since we don’t want to have to wait until the next reboot before the configuration is loaded in, we can run the following command to enable it immediately.

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

14. Now that IPv4 Forwarding is enabled we can reconfigure our firewall so that traffic is forwarded from our eth0 interface over to our wlan0 connection.

Basically this means that anyone connecting to the ethernet will be able to utilize our wlan0 internet connection.

Run the following commands to add our new rules to the iptable:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT  
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

Note: If you get errors when entering the above lines simply reboot the Pi using sudo reboot.

15. Of course iptables are flushed on every boot of the Raspberry Pi so we will need to save our new rules somewhere so they are loaded back in on every boot.

To save our new set of rules run the following command.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

16. Now with our new rules safely saved somewhere we need to make this file be loaded back in on every reboot.

The most simple way to handle this is to modify the rc.local file.

Run the following command to begin editing the file.

sudo nano /etc/rc.local

17. Now we are in this file, we need to add the line below.

Make sure this line appears above “exit 0“.

This line basically reads the settings out of our iptables.ipv4.nat file and loads them into the iptables.

Find:

exit 0

Add Above:

iptables-restore < /etc/iptables.ipv4.nat

Now we can save and quit out of the file by pressing CTRL + X then pressing Y and then ENTER.

18. Finally all we need to do is start our dnsmasq service.

To do this, all you need to do is run the following command:

sudo service dnsmasq start

19. Now you should finally have a fully operational Raspberry Pi WiFi Bridge, you can ensure this is working by plugging any device into its Ethernet port, the bridge should provide an internet connection to the device you plugged it into.

To ensure everything will run smoothly it’s best to try rebooting now.

This will ensure that everything will successfully re-enable when the Raspberry Pi is started back up.

Run the following command to reboot the Raspberry Pi:

sudo reboot

Setting up the Raspberry Pi WiFi Bridge with a VPN

This tutorial is fully compatible with the basic VPN router tutorial.

However there is one small change you will have to make in step 13, rather than using the commands showcased there, run the commands below.

Basically the main change you will see here is that instead of redirecting the traffic from wlan0 through the tunnel we will be redirecting the traffic from our eth0 connection to the tunnel.

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

The rest of the VPN Access Point tutorial can be done without any other changes.

Hopefully by now you should have a fully operational Raspberry Pi WiFi Bridge. If you come across any issues or have some feedback related to this tutorial, then please don’t hesitate to leave a comment below.

54 Comments

  1. Avatar for Paul
    Paul on

    Per my previous question, I had to manually assign the proper listening address to my ethernet port with
    ifconfig eth0 10.10.10.50 netmask 255.255.255.255
    After I did this it appears to work great. Thank you!

  2. Avatar for Paul
    Paul on

    This is exactly what I am looking for, so I duplicated your steps but alas when I plug a PC into the ethernet port it sees it as “unknown network – no internet”.
    When I run ifconfig on the pi I see that eth0 has no ip address assigned.
    when I run sudo systemctl status -l dnsmasq I get the following:

    ● dnsmasq.service – dnsmasq – A lightweight DHCP and caching DNS server
    Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Mon 2020-06-22 13:16:33 CDT; 7min ago
    Process: 443 ExecStartPre=/usr/sbin/dnsmasq –test (code=exited, status=0/SUCCESS)
    Process: 455 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)

    Jun 22 13:16:25 raspberrypi systemd[1]: Starting dnsmasq – A lightweight DHCP and caching DNS server…
    Jun 22 13:16:25 raspberrypi dnsmasq[443]: dnsmasq: syntax check OK.
    Jun 22 13:16:33 raspberrypi dnsmasq[455]: dnsmasq: failed to create listening socket for 192.168.220.1: Cannot assign requested address
    Jun 22 13:16:33 raspberrypi dnsmasq[455]: failed to create listening socket for 192.168.220.1: Cannot assign requested address
    Jun 22 13:16:33 raspberrypi dnsmasq[455]: FAILED to start up
    Jun 22 13:16:33 raspberrypi systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
    Jun 22 13:16:33 raspberrypi systemd[1]: dnsmasq.service: Failed with result ‘exit-code’.
    Jun 22 13:16:33 raspberrypi systemd[1]: Failed to start dnsmasq – A lightweight DHCP and caching DNS server.

    1. Avatar for Paul
      Paul on

      Also, I double checked /etc/dhcpcd.conf and it does not have eth0 listed twice

    2. Avatar for Vec
      Vec on

      thanks for lettting ppl know about this command “sudo systemctl status -l dnsmasq” it HELPED so much it helps me find out whats happening also make sure you PC is connected and it will tell you whats on the ethernet and i tried setting the listen adress to the pc address

  3. Avatar for Spencer Arnold
    Spencer Arnold on

    Brilliant, it has taken me months to find an (almost) complete solution. Point to note, when 2 default routes are shown (both as Destination of 0.0.0.0) in the command “netstat -rn”, you must a “metric” value in /etc/dhcpcd.conf to favour wlan0 over eth0.

    eg.
    interface eth0
    static ip_address=192.168.20.1/24
    static domain_name_servers=192.168.20.0
    metric 300

    interface wlan0
    metric 200

    1. Avatar for Rens
      Rens on

      This fixed it for me thanks a lot!

    2. Avatar for Ned
      Ned on

      I have followed 6 different tutorials on wifi bridge, including this one 3 times, and this bit was the missing information i needed! Thank you!
      adding this made it work, without this even the pi internet didnt work when i plugged a machine in via LAN, let alone it bridging the internet. Now it works though, sending this message through my desktop to Pi3B+ and phones wifi hot spot 😀
      Time to take it home and plug in my home network as we havent had internet all week due to outages

  4. Avatar for Basem
    Basem on

    Thanks a lot 🙂 Thats exactly what I was looking for. working prefect on Pi Zero used usb0 interface instead of eth0

  5. Avatar for Dave
    Dave on

    Hi Guys,

    I had a lot of issues getting this working, every time I restarted the PI I was unable to access it.

    In the end I changed step 6 from

    interface=eth0
    static ip_address=192.168.220.1/24
    static routers=192.168.220.0

    To

    interface eth0
    static ip_address=192.168.220.1/24
    static routers=192.168.220.0

    and then everything worked as expected.

    I hope this helps

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Dave,

      Thank you for pointing out that mistake, we have now corrected it in the tutorial.

      Cheers,
      Emmet

    2. Avatar for datagod
      datagod on

      This definitely indeed helpled. I just got this build working to bridge my Starlink Wifi only router to my LAN. No thanks Starlink. I’ll manage it from here. PiHole blocks all my ads!

  6. Avatar for Neil
    Neil on

    Mine is working well, but I need to set a delay to when the PI is fully booted and the wifi connected to the internet before starting dnsmasq otherwise my wifi is not ready (im using a wifi dongle in the PI and suspect the drivers need time to load after the OS is booted).

    Also every now and again the USB Wifi disappears so i lose my internet connection and i have to reboot and then restart dnsmasq .

    After my delayed start issue, Is there some way to make the pi auto reboot if it loses its internet connection?
    Thanks!

  7. Avatar for Paulinho
    Paulinho on

    Hi
    By doing using the Raspberry Pi as a Wi-Fi Bridge will it still be free to other purposes or will only work as a WiFi bridge and nothing else?

    1. Avatar for Andrew Schott
      Andrew Schott on

      Yeah you can do other things with it

  8. Avatar for Ron
    Ron on

    Update:
    The “sudo iwlist wlan0 scan” does see the two closest wifi ssid’s.

  9. Avatar for Ron
    Ron on

    I can not get this to work on a Pi3 with built in wifi. wlan0 will not “see” any ssid’s (three wifi routers running). Tried twice with fresh Jessie 2017-06-21 image –> update –> upgrade.
    ifconfig -a does show the wlan0. eth0 does show static ip.

  10. Avatar for Matt
    Matt on

    How exactly does one go about changing the text in step 11? I have tried both the write out function and the cut text function and have not gotten any results.

  11. Avatar for Steve
    Steve on

    Same question as Hugh. I want to be able to connect a BluRay with an ethernet connection to the Rpi then via WiFi to my router which has my NAS drive plugged in to one of its ports… Hopefully someone can help.

    Not bothered about connecting my Blu Ray to the internet – just want it to be able to play stuff on my NAS drive which has DLNA on it.

    I can confirm the above tutorial works with the original 256MB RPi B.

  12. Avatar for Red Baron
    Red Baron on

    Great tutorial. It works like a charm. The only thing that is missing is a description of what to do on the machine that you want to connect to the wifi through the Pi. 😉 On Windows you should leave it at “Obtain IP address” (the IPv4 properties of the connection once you connect both devices through Ethernet). On Linux you should have your connection set at “Automatic (DHCP) for you IPv4 settings.

  13. Avatar for Andrew Nasson
    Andrew Nasson on

    So I looked into this project and it looks amazing but before I dive in I’m wondering if it is compatible with the original Pi + a wifi dongle. Thanks!

    1. Avatar for Red Baron
      Red Baron on

      As long as the dongle is compatible with the Pi – yes.

  14. Avatar for Marcus
    Marcus on

    Should step 13 read “-i wlan0” instead of “-i wlan”?

    Also, important to note that this setup is a wifi client NAT router, not technically a bridge. It is not possible for clients on the wifi side of the raspberry Pi to directly connect to clients connected to the Pi’s eth0.

    I can confirm the NAT config you’ve detailed does work on a Pi2 w/ Jessie though, so thanks for the writeup!

    1. Avatar for Gus
      Gus on
      Editor

      Hi Marcus,

      Yep you are correct, it should be wlan0, thanks for pointing that out.

  15. Avatar for Tim
    Tim on

    How much of a hit did your connection speed take when using this setup? I have a 92Mbps down connection normally on my pc wired directly to my router, but when testing with the Rpi3 I’m only getting 4Mbps down. And my wireless router is just in the next room. Any ideas why that might be? I’m not sure what to troubleshoot.

  16. Avatar for Hugh
    Hugh on

    Hello. Is there any way to bridge the raspberry pi wifi bridge to my home network? I have the raspberry pi wifi bridge connected to a switch and would like to talk to the other devices from my 192.168.1.x network to the pi’s 192.168.220.x network.

    1. Avatar for pictsidhe
      pictsidhe on

      This tutorial doesn’t make the pi a dhcp server. If you want to use it on 192.168.1.*, you’ll need to make it’s fixed ip 192.168.1.*, preferably not in the range handed out by your dhcp server or things get interesting.

  17. Avatar for lingam mohan krishnasen
    lingam mohan krishnasen on

    actually I am also getting the same error, please give the pic of the ipv4 file, also dns config
    following is errors

    Jun 27 01:53:34 raspberrypi dnsmasq[1255]: dnsmasq: failed to create listening socket for 192.168.1.1: Cannot assign requested address
    Jun 27 01:53:34 raspberrypi systemd[1]: dnsmasq.service: control process exited, code=exited status=2
    Jun 27 01:53:34 raspberrypi systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
    Jun 27 01:53:34 raspberrypi systemd[1]: Unit dnsmasq.service entered failed state.

    1. Avatar for Gus
      Gus on
      Editor

      Make sure you have not defined eth0 twice in the interfaces file. This will cause an error like this to appear.

  18. Avatar for Josh
    Josh on

    Got this when starting dnsmasq.

    Job for dnsmasq.service failed. See 'systemctl status dnsmasq.service' and 'journalctl -xn' for details.

    1. Avatar for Josh
      Josh on

      and journalctl shows no journals

    2. Avatar for Gus
      Gus on
      Editor

      Not sure what’s happened here, did you receive any errors earlier on in the tutorial ?

  19. Avatar for David GIRAULT
    David GIRAULT on

    Step 6 to 9 configure eth0 instead of wlan0 interface. DHCP/DNS services should run on wlan0 interface, which requires static IP.

    1. Avatar for David GIRAULT
      David GIRAULT on

      Sorry. I read too fast. It’s a bridge for Ethernet device. You’re right.

  20. Avatar for Ed Manning III
    Ed Manning III on

    I got up to step 13 and threw an error

    modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.4.21-v7+/modules.dep.bin’
    iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

    I rebooted and it lost it’s IP

    1. Avatar for Adrian
      Adrian on

      Same result..

    2. Avatar for Gus
      Gus on
      Editor

      I’m looking into this issue, rebooting will fix the issue but you shouldn’t lose your IP.

    3. Avatar for Luigi Pezzullo
      Luigi Pezzullo on

      Ho una smart TV con connessione wifi e LAN.
      Essendo posizionata lontana dal router la utilizzo solitamente con il wifi.
      Utilizzando il suo Pi Wifi Bridge avrei una velocità di connessione migliore o peggiore del wifi?
      Grazie
      —————————————————————————————————————
      I have a smart TV with wifi and LAN.
      Being positioned far from the router, I usually use it with wifi.
      Using your Pi Wifi Bridge would I have a connection speed better or worse than wifi?
      Thank you

    4. Avatar for Gus
      Gus on
      Editor

      Hey Luigi,

      The Raspberry Pi hasn’t got the fastest WiFi chip or ethernet chip, plus the overhead in it having to run through the Raspberry Pi.
      I personally reckon you would be getting a worse connection then connecting straight to your WiFi.

      Cheers,
      Gus

Leave a Reply

Your email address will not be published. Required fields are marked *