Raspberry Pi 3: Wifi Access Point Router with Pi-Hole (DNS-based adblocker)


いつもと感じがちがいますが、だいたいコピペでいけるかと。 :-)

Overview

  • Making your Wifi AP Router with DNS-based-Adblock on Raspberry Pi 3

Environment

  • Raspberry Pi 3 Model B
    • Ethernet(eth0): Connected to Internet
      IP address 192.168.22.65 is taken from DHCP server. ex)Cable router
    • Wifi(wlan0): Access Point.
      It will be static IP, set to 192.168.42.1
  • microSD 8GB
  • Raspbian Jessie Lite : 2016-11-25-raspbian-jessie-lite.img

Steps

RasPi: Initial setup to boot and to update

  1. Creating bootable microSD
    • Windows 7 64bit
    • Rufus v2.11Portable
      1. Choose: 'Device'
      2. Create a bootable disk using: DD image
      3. Click Disk icon, and pick Raspbian '.ZIP' file. (You don't need to extract zip. It will burn with extracting. :-) )
  2. (Optional) Create the file named 'ssh' on SD to allow ssh-login.
  3. Boot
  4. Update Packages:
    sudo apt update; sudo apt upgrade -y
  5. Install hostapd:
    sudo apt install hostapd -y

Setup : wlan0 as STATIC IP (192.168.42.1), hostapd and ip-forwarding

Copy_and_Paste
###
# Make sure hostapd is installed :)
# sudo apt install hostapd -y 

###
# Unmanage: wlan0 by DHCPCD
echo denyinterfaces wlan0 | sudo tee -a /etc/dhcpcd.conf

###
# Modify: /etc/network/interfaces
sudo sed -i \
-e 's/allow-hotplug wlan0/#allow-hotplug wlan0/g' \
-e 's/iface wlan0 inet manual/#iface wlan0 inet manual/g' \
-e 's@    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf@#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf@'  \
/etc/network/interfaces

cat <<EOF | sudo tee -a /etc/network/interfaces
#
# wlan0 - static IP 
allow-hotplug wlan0 
iface wlan0 inet static 
    address 192.168.42.1
    netmask 255.255.255.0
    network 192.168.42.0
    broadcast 192.168.42.255
EOF


###
# Create: /etc/hostapd/hostapd.conf
#  ssid/wpa_passphrase = Pi3-AP/raspberry
#  you may modify them.
cat <<EOF | sudo tee /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
#driver=rtl871xdrv
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=Pi3-AP
wpa_passphrase=raspberry
EOF

##
# Edit: /etc/default/hostapd
echo DAEMON_CONF=\"/etc/hostapd/hostapd.conf\" | sudo tee -a /etc/default/hostapd

##
# Setting: IP Forward
sudo sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g'  /etc/sysctl.conf
#
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
#
echo 'iptables-restore < /etc/iptables.ipv4.nat' | sudo tee /lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat

##
# Reboot! 
sudo reboot
## 

Pi-hole: Install and setup

  1. Install script:
    curl -L https://install.pi-hole.net | bash
    Wait until configuration starts...
  2. Enter > Enter > Enter > Down Arrow > SpaceBar > Tab > Enter
  3. Up/Down and SpaceBar to select your favorite DNS, and Tab > Enter
  4. Down>SpaceBar>Tab>Enter
    Uncheck IPv6
  5. Right(to select 'NO' when it shows eth0 IP address) > Enter
  6. Edit: 192.168.42.1/24
    Then, Tab > Enter
  7. Edit: 192.168.42.1
    Then, Tab > Enter
  8. Make sure, and Enter:
  9. Tab>Enter
  10. Wait ... The necessary packages will be installed.
  11. You'll see the admin password.

  12. Press Enter to back to shell.

  13. Edit: /etc/dhcpcd.conf - remove last 4 lines
    sudo vi /etc/dhcpcd.conf
    type: Gdddddddd:wq[Enter] (shift+'g' to go to last line, 'dd' 4times to 4 remove lines, ':' to command, 'wq' to write and quit.)

  14. Reboot
    sudo reboot

  15. Open WebBrowser: http://RasPi_eth0_IP_Address/admin/settings.php
    Enter admin-password to login, Check 'DHCP server enabled' and [Save]

Connect to RPi3 Wifi Access Point

  • You'll find SSID 'RPi3-AP' and 'raspberry' as passphrase. (Or you change your own ones.)
    • You should modify /etc/hostapd/hostapd.conf for ssid=and wpa_passphrase=.
Windows
C:\> ipconfig
...
Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : local
   IPv4 Address. . . . . . . . . . . : 192.168.42.213
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.42.1
...
C:\>nslookup www.google.com
Server:  raspberrypi
Address:  192.168.42.1

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4005:804::2004
          216.58.193.100

C:\>nslookup doubleclick.net
Server:  raspberrypi
Address:  192.168.42.1

Name:    doubleclick.net
Addresses:  2607:f8b0:4005:809::200e
          192.168.42.1

C:\>

Others