Using Rasperry Pi As A Firewall

Jul 7, 2016

This guide will walk you through setting up your Raspberry Pi as a Firewall using OpenWRT. In this example we will be using the LuCi interface to configure the Firewall. Please note that for this guide you will also need a USB to Ethernet adapter.

For a guide on how to install OpenWRT onto your Raspberry Pi take a look here

Log Into LuCi

To log into LuCi you will need to open the local IP of your Pi within your web browser. There are a couple ways to find the IP of your Pi, such as looking at the leases within your router, or by SSHing into it and running ifconfig.

Once you have the IP, open a web browser and enter the IP into your address bar. If you haven’t already set a password then click the link that appears and log in using root as the username, then set yourself a password.

Install USB Drivers

Next we need to install the needed drivers to get USB network support working.

Within LuCi click on System > Software and then update lists. This will update the packages available to you.

Then search for mcs7830 in the Find Package field, and install the package called kmod-usb-net-mcs7830

Setting Up Pi WAN Interface

Now that USB network support is added, we need to tell the Pi that the USB port should be used as a WAN interface. To do this simply click on Network > Interfaces and click Add new interface.

Name it WAN and select eth1 from the interface list. Make sure you then select DHCP as the protocol, and select WAN as the firewall zone in the Firewall Settings tab.

Setting Up Pi LAN

Now we want to set the LAN to an unused static IP, this will allow us to connect to it later for some more configuration.

So click on Network > Interfaces, and edit the etho LAN interface. We want to change the protocol to Static address, and enter an unused IPv4 address, along with the subnet mask and broadcast address.

Wait a couple minutes for the changes to apply, and then connect to the Pi using the new IP you set. We just want to reboot the Pi, so click on System > Reboot and Perform Reboot.

Set Startup Services

We want to make sure that the Firewall and other essential services start up on boot.

So log back into your Pi and click on System > Startup and make sure that all services are enabled. If any are disabled, then click on the red x next to it to enable it.

Fitting Your Pi Firewall

Now that we have the main steps out of the way, we want to put the Pi into place in our network.

First off you will want to disable any existing firewalls you have.

Now plug your main internet cable into the USB interface on your Pi, and plug a LAN cable from your Pi’s ethernet port to your network router/switch and turn your Pi back on.

Final Pi Configuration

Now that everything is in place, log back into your Pi. If you had a firewall running previously, we want to set your Pi to use it’s old IP address so any addresses or DHCP leases can continue to work without issue.

Head into Network > Interfaces and edit the LAN. We want to change the IPv4 address to match your previous Firewall IP.

Once this is done, save and apply your changes.

Now log back into the Pi using the IP you just set to confirm it is working.

Finally, head into System > Reboot and perform a reboot. And that is it.

Wait a couple minutes and check to see if your other devices can now get a working internet connection through your network.

CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here

Come join CT WiFi

Sign Up

Sign-up for CT WiFi, it's free for unlimited access points :)