robbo100
Posts: 60
Joined: Thu May 17, 2012 11:39 am

Pi Access Point - only allow internet connection

Fri Apr 22, 2016 3:01 pm

Hi all,

I have setup a wifi access point using my Pi, using this guide: https://learn.adafruit.com/setting-up-a ... l-software and all is working well. I have a normal LAN using the subnet of 192.168.12.X and the Pi's wifi on another subnet of 192.168.42.X.

However, I am keen to use this access point for guests to access the internet, whilst blocking them from accessing the rest of my LAN. I would also like to add parental controls and access restrictions.

With this in mind, would anyone be able to tell me how to modify iptables such that the devices connected to the Pi's wifi AP, can only access the internet (via the router on 192.168.12.1) and not any other computers on the LAN subnet 192.168.12.2 onwards. I don't mind if the devices connected via the Pi can see each other though.

Also, can anyone advise what parental controls software might work. I have searched a lot, but I am not sure which ones will work for my intended use.

Thanks

User avatar
procount
Posts: 1834
Joined: Thu Jun 27, 2013 12:32 pm
Location: UK

Re: Pi Access Point - only allow internet connection

Fri Apr 22, 2016 3:54 pm

I'm doing a similar thing to setup a wifi network for my kids. In addition to your current position, I have added 2 cron scripts to disable/enable the ip_forwarding between 8pm-8am so the internet effectively turns off for them during the evening/night.

Previously I had setup privoxy on my linux router to prevent access to certain sites, so I am thinking of transferring that onto the Pi as well, even though my ISP provides some parental controls. Not sure if privoxy is the best so I'd be interested in other solutions too.

One annoying thing with my setup is the usb hub occasionally disconnects the wifi (not power saving related) So I added udev scripts to bring up hostapd and dhcp when it reconnects. This is not quite right yet as hostapd starts but the dhcp server often fails requiring some manual intervention
PINN - NOOBS with the extras... https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=142574

robbo100
Posts: 60
Joined: Thu May 17, 2012 11:39 am

Re: Pi Access Point - only allow internet connection

Sat Apr 23, 2016 6:28 am

procount wrote:I'm doing a similar thing to setup a wifi network for my kids. In addition to your current position,...
So how did you restrict access between your LANs and would you be able to post examples of your cron jobs?

Thanks in advance

User avatar
procount
Posts: 1834
Joined: Thu Jun 27, 2013 12:32 pm
Location: UK

Re: Pi Access Point - only allow internet connection

Sat Apr 23, 2016 11:04 am

My setup is similar, but I haven't found the need to restrict access for guests using iptables (yet), so I haven't done that bit.

To restrict internet access times, my crontab scripts are very simple:
crontab:

Code: Select all

# m h  dom mon dow   command
 0 20 * * * sudo /home/pi/network/forwardoff
 0 7  * * * sudo /home/pi/network/forwardon
/home/pi/network/forwardon:

Code: Select all

#!/bin/sh
echo "1" >/proc/sys/net/ipv4/ip_forward
/home/pi/network/forwardoff:

Code: Select all

#!/bin/sh
echo "0" >/proc/sys/net/ipv4/ip_forward
PINN - NOOBS with the extras... https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=142574

Return to “Networking and servers”