WiFi to ethernet adapter for an ethernet-ready TV




I have an internet ready Panasonic TV which can connect via a wired ethernet cable to a suitable internet-connected router, or via a wireless connection using a Panasonic usb wifi Dongle. Unfortunately this is quite expensive in the region of £50-£60 pounds and I couldn’t justify the expense for the limited number of times I might use it. However, it occurred to me that it should be possible to build a wireless to ethernet adapter using a raspberry pi.

If you do not want to wade through the whole article (although I hope you will) you can jump to the end where a zip file is available to download with instructions to enable you to get up and running quickly

I had previously built a wireless access point using the Rpi based on the Pi-Point Article amended according to the article by Jens Segers to allow for the fact that I was using an Edimax EW-7811Un wireless adapter which requires a special modified hostapd. (The basis of these articles has been nicely brought together by Dave Conroy in a form which is much easier to follow here. What I now required was basically something working in the opposite direction.

I Googled the topic and found a project  by Glenn Lockwood to configure a Raspberry Pi as a Wireless-to-Wired Ethernet Bridge…just what I wanted Most of the work is contained in his article which is excellent, but I found one major gotcha which caught me out and took some time to solve. There were also one or two points which could be made a bit clearer, and I will take the opportunity to start from scratch in developing this project with full step by step details to make it easy for you to follow.

What you need:
A Raspberry Pi Model B (256 or 512Mb is ok) and psu
An SD card 2Mb or larger and a usb SD card reader (if your PC does not have an SD card slot)
A usb WiFi adapter. I used the Edimax  EW-7811Un currently £7.95 from play.com
and ethernet cable to connect the Rpi to the TV

A PC or Mac with a card reader to enable you to setup the SD card.

I assume that you also have an internet connection via a wireless broadband router with a spare ethernet socket into which a PC (or Rpi) can be plugged. In my case this is a Netgear DGND3300v2. This router should be set up to configure attached computers via DHCP, i.e. to automatically configure its network IP address and DNS etc, By default the Rpi expects this to be the case when an ethernet cable is plugged in to its ethernet port,

Stage one: Setting up your RaspberryPi SD card
Install the latest Raspian distribution onto the SD card. You can download it here onto your PC (currently latest is 2013-05-25-wheezy-raspian.zip)
You then unzip it (on Windows 7 right click on the zip file and select extract all)
Also downloaded Win32DiskImager from here, again unzipping the downloaded file
insert your SD card into the usb card reader and plug this into a free usb slot on your PC.
Note carefully which drive it mounts on (in my case drive F)
Now run Win32DiskImager by double clicking the unzipped file
insert your SD card note you can double click any image to see a larger copy, and then use the back button on your browser to return
select the correct drive letter for your SD card…Be certain you get this right
and click the blue folder icon to navigate to the wheezy-raspian image
Then click the Write button, acknowledge the warning dialog that pops up and you will write the image to your SD card which will take a minute or two. You should get a dialog box saying Write Successful when it completes.
quit the win32DiskImager program and you should see your SD card in the relevant drive (F). it will contain the Boot partition for the raspberry PI. About 40Mb or so of files.
Eject the card from the PC and insert it into your Raspberry Pi.

Stage 2: Booting the Raspberry Pi and setting up the network interfaces
Initially it is easiest to set up the Rpi with an hdmi monitor connected, together with a keyboard and mouse, and an ethernet cable connected to your router. Leave the usb WiFi adapter aside to start with.
Plug in the SD card, and connect the power, and all being well the Rpi should boot up and show the raspi-config screen. This lets you carry out some initial configuration.raspi-config
Working through the choices,:
1: select Expand the Filesystem. It won’t have much effect if you are using a 2Gb SD card, but will give you extra free space if you have a bigger capacity card.
2: Change the user password for the pi user, from the default raspberry to something else you can remember
3: leave the option boot to desktop unset. Since we will not use the desktop for this project we want the Rpi to boot to command line
4: Set the time-zone appropriate for your location (I chose Europe, London)
5: Although I have a camera on my Rpi, you probably won’t want one on this project so you can leave unset
6: Ignore 6 just now
7: ignore 7. no need to overclock for this project
8: select option 8 and adjust Memory split so that only 32Mb is allocated to the GPU. We won’t be using graphics so it is better to have more memory for other purposes
Also enable ssh. This will enable us to talk to the Rpi directly from our PC later, which is convenient when setting it up.
now use the right arrow key to select finish and press return, Select the default Reboot and press return again
When the boot process completes, log in as the user pi with your newly chosen password

The first thing to check is that your Rpi is connected to the network and the internet.

Type ping google.com press return and you should see something like the following
terminate the process by typing ctrl+C (shown as ^C)

pi@raspberrypi ~ $ ping google.com
  PING google.com ( 56(84) bytes of data.
  64 bytes from lhr08s01-in-f5.1e100.net ( icmp_req=1 ttl=56 time=11.1 ms
  64 bytes from lhr08s01-in-f5.1e100.net ( icmp_req=2 ttl=56 time=11.3 ms
  64 bytes from lhr08s01-in-f5.1e100.net ( icmp_req=3 ttl=56 time=11.2 ms
  64 bytes from lhr08s01-in-f5.1e100.net ( icmp_req=4 ttl=56 time=10.7 ms
  --- google.com ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3005ms
  rtt min/avg/max/mdev = 10.797/11.120/11.307/0.198 ms
  pi@raspberrypi ~ $

This shows that packets are travelling to and from google.com on the internet

find out the ip address allocated to your Rpi by typing the command ip addr

pi@raspberrypi ~ $ ip addr
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet scope host lo
  2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether b8:27:eb:8e:b7:42 brd ff:ff:ff:ff:ff:ff
  inet brd scope global eth0
  pi@raspberrypi ~ $

This shows the adapter eth0 has (in my case) an ip address
(the address you get will depend upon the range of addresses that your router is set up to serve by DHCP. In my case it is in the range to Other routers may have for example ranges of to or to or to In most cases you can configure the range. If you have a different range you may have to alter some of the addresses used later when we configure the wireless adapter on the Rpi

At this stage I prefer to work from my main computer and to use an SSH connection to the Rpi. SSH stands for Secure Shell and is a way of connecting to the Rpi from an external computer via a network connection as if you were typing directly on the Rpi locally.

On a PC the easiest way to do this is to download a program called putty from here. Choose the link to putty.exe and download it to your PC
Double click the putty.exe file and accept that you want to run it
Add the Rpi ip address in the Host Name (or IP address) box
Type Rpi in the Saved Sessions box and click save. (This is to make it quicker next time you open the link)
Then click Open  You will see the warning below, to which you respond Yes
now log in to the Rpi using the username pi and your saved passwordputty3
All being well you will see a similar screen to the one below
On a Mac computer you don’t need putty. The built in Terminal App has an option to open an SSH connection. Just start terminal and in the resulting window you can type
ssh pi@ and press return, filling in the password when prompted.

Now that we have a SSH connection to the Rpi we can dispense with the connected keyboard, mouse and use it “headless”. To do this in your putty or mac ssh terminal type
sudo shutdown -h now
and press the return key. This will shut down the Rpi and break the ssh connection
Switch off the power to the Rpi, remove the keyboard and mouse (you can retain the monitor if you wish just now) and plug in the WiFi usb adapter
Reconnect the power to reboot the Rpi.
When the boot process is complete and the login pormpt is showing on the monitor reconnect via SSH using putty (or your Mac)
When you start Putty you can select Rpi and load in the details to save typing before clicking on Open, and logging in as pi with your password

Now we are going to setup the Wireless connector which uses the interface wlan0
To do this we need to edit the network interfaces file. This is in the directory /etc/network To do this we will use the built in editor called nano
In case of accidents we will first backup the existing configuration file

Type the following commands  (as shown in the illustration below)
cd /etc/network
sudo cp interfaces interfaces.bak
sudo nano interfaces

This opens up the nano editor with the existing contents of the interfaces file
se the arrow keys to move down to the end of the file, then press the back arrow key (above return key) to delete the last three lines of text
iface wlan0 inet manual to iface default inet dhcp

Then add the lines below

iface wlan0 inet static
 wpa-ssid "XXXXXXXXXXX"  (substitute your values for xxxxxx in these two lines)
 wpa-group TKIP CCMP
 wpa-key-mgmt WPA-PSK

after allow-hotplug wlan0
to give a screen like the one below


Note the blacked out sections contain the name of your router WiFi ssid identifier and the pass phrase (psk) to enable a computer to connect to it. These will be the same as you used when connecting any wifi computer to your router. Substitute your own values
Now type ctrl+o to write out the modified interfaces file, followed by pushing the return key, followed by ctrl+x to exit the editor. If you type cat interfaces you should see the contents of the file as below

auto lo
iface lo inet loopback
 iface eth0 inet dhcp
allow-hotplug wlan0
 iface wlan0 inet static
 wpa-ssid "XXXXXXXXXXX" (XXXXXXX will have your own values instead)
 wpa-psk "XXXXXXXX"
 wpa-group TKIP CCMP
 wpa-key-mgmt WPA-PSK

The additional lines will set up the wireless interface (wlan0) with a static or fixed address, in this case I have chosen this address as  it is on the same network as the addresses served by the router when using dhcp, but outside that range ( to, so there is no chance of another computer being allocated the same address
If your router serves a different range you will have to choose your own appropriate address here. The broadcast address is used to address all computers on the same network, and the gateway is the address to which packets are routed when the address is not on the same network, e.g. Google’s address used in the earlier ping example.
The wpa-ssid and wpa-group entries should contain the values appropriate to your own wireless router
The best way to activate the new settings is to reboot the Rpi by typing
sudo shutdown -r now
the -r parameter causes it to reboot. Previously we used -h to halt the Rpi i.e. shut it down

all being well, when the Rpi reboots on the hdmi monitor you should see that two ip addresses are displayed at the end of teh boot sequence. In my case and these being the dhcp supplied address for eth0 and the static address for the wlan0 interfaces

If you reconnect via ssh as previously described and type ip addr

you will see something like this

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet scope host lo
 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether b8:27:eb:8e:b7:42 brd ff:ff:ff:ff:ff:ff
  inet brd scope global eth0
 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 80:1f:02:8a:05:cf brd ff:ff:ff:ff:ff:ff
  inet brd scope global wlan0

showing details of the internal loopback address and the two external eth0 and wlan0 interfaces

Stage 3 reconfiguring the ethernet eth0 interface

Now that we have the permanent static address setup for the wireless interface, we can connect to the Rpi through that, and the reassign the ethernet eth0 connection to a separate network to which the tv will be connected. I have chosen to use the network and allocate to the Rpi. Later the TV will get an address which will be on the same new network.

First we set up the new ssh connection. Close the existing ssh connection by typing exit and then restart putty and setup a connection to (you can save the settings as RpiWlan as we did before for Rpi and the address)

Open it and connect with username pi and your usual password

(in the case of a Mac simply type ssh pi@ in a terminal window)

In both cases accept the new credentials as we did when first connecting to

Now we need to return to the interfaces file and amend it.

type cd /etc/network
sudo nano interfaces
to load the file into the nano editor as before

Alter the file so that it reads

# The loopback network interface
 auto lo
 iface lo inet loopback
# the internal (wired) network interface
 allow-hotplug eth0
 iface eth0 inet static
# the external (wifi) interface
 allow-hotplug wlan0
 iface wlan0 inet static
 wpa-ssid "XXXXXXXXXXX" (insert your own values for XXXXXX in these two lines)
 wpa-psk "XXXXXXXXXX"
 wpa-group TKIP CCMP
 wpa-key-mgmt WPA-PSK

Notice that we have added some comment lines starting with a # to help understand the three different sections of the file

nano hints
To insert a blank line, move to the beginning of a line and press return
To delete a line position the cursor on the line and press ctrl+k

use the backspace arrow to delete characters
When you have finished amending the file use ctrl+o to write out the amended file, selecting the existing filename to overwrite by pressing return. Then select ctrl+x to exit the editor

you can type cat interfaces to check the file contents

if you spot a mistake just use sudo nano interfaces to edit the file again

Once you are happy unplug the ethernet lead, as we can no longer connect via eth0 to our normal network and reboot the pi (sudo shutdown -r now), then reconnect via ssh

on the Rpi monitor you should see two ip addresses shown at the end of the boot process and

stage 4 Setting up forwarding and NAT

We now have the correct addresses setup on our two network interfaces. we need to concentrate on how they are connected together. We want packets sent from the TV on the network to travel across to the network connecting to it via the wlan0 interface on Any responses to traffic it sends out have to be rerouted back to the network and travel back to the TV via the wired eth0 interface.

The two networks have different address ranges, so a process called NAT or Network Address Translation is carried out whereby packets from the TV are coded up to appear to come from  When replies come to these packets they have the address 192.,168.1.98 stripped and are returned to the originating TV on Just as devices on the internet cannot see your PC directly, but only the router through which it connects to the internet, neither can devices on your normal network see the TV directly.

The rules which govern this transfer of packets and the translation are generated by a package called iptables which is included in the raspian distribution. Full details of how the rules work goes a bit beyond the scope of this article, but there are numerous places on the internet where you can get more information about how they work, such as this one

The rules are stored in memory, and are normally lost when you reboot, so it is necessary to store them so that they can be reloaded, which is done conveniently every time the network interfaces are reinitialised.

The rules can be entered manually one by one, but it is more convenient to write a bash script, which is really just a list of commands which are executed one after another to carry out the same process more easily.

The rules are held in tables, and if you are going to play around with these it is a good idea to start with a script which will reset everything to the default setup with no rules in place.

I found the script below which does this job

 IPTABLES="$(which iptables)"
 $IPTABLES -t nat -F
 $IPTABLES -t nat -X
 $IPTABLES -t mangle -F
 $IPTABLES -t mangle -X

you can set this up in the home directory for the user pi by typing
cd ~/ (in the ssh terminal window)
nano resetiptables

and then copying and pasting the script into the nano editor window and saving the file as detailed previously. [You can copy by selecting the text and using ctrl+C (PC) or command+C (Mac) then right click to paste in Putty or right click and choose paste (Mac) ]

You can check if it works by typing cat resetiptables to list the script. If it hasn’t worked you can delete the file with rm resetiptables and try again

the script sets IPTABLES to the address of where your iptables program is (/sbin/iptables) and then repeatedly calls the program with the following command lines to clear out existing rules and set up the default policies

when you have created the file, one step remains which is to set its attributes to allow it to be executable. This is done by typing chmod 755 resetiptables
Finally you can run the script but this needs to be done with system privileges using sudo by typing

sudo ./resetiptables

a bit of an anticlimax as you won’t see anything, all being well

You can check there are no filter changes by typing sudo iptables -L

and no nat rules by typing sudo iptables -t nat -L

now we need to create the rules necessary to set up the forwarding and NAT that we require

the following script will program iptables to do that

# Flush the tables
# Allow forwarding packets:
# Packet masquerading

Again you can type nano setupiptables copy and paste this into the window and save and exit as previously described. You can check that the process has worked by typing
cat setupiptables

as before you must make the script executable by typing chmod 755 setupiptables

then type sudo ./setupiptables to execute it. As before, if it works there should be no visible response. However we can dump the rules stored by iptables using the command sudo iptables-save > dump.txt which saves the files in a file named dump.txt

we can then inspect that text file using the command cat dump.txt which produces something similar to

# Generated by iptables-save v1.4.14 on Fri Jul 19 21:23:10 2013
:INPUT ACCEPT [656:51596]
:OUTPUT ACCEPT [331:40584]
# Completed on Fri Jul 19 21:23:10 2013
# Generated by iptables-save v1.4.14 on Fri Jul 19 21:23:10 2013
:INPUT ACCEPT [35:2292]
-A POSTROUTING -o wlan0 -j SNAT --to-source
# Completed on Fri Jul 19 21:23:10 2013
# Generated by iptables-save v1.4.14 on Fri Jul 19 21:23:10 2013
:INPUT ACCEPT [254:19512]
:OUTPUT ACCEPT [123:14100]
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Completed on Fri Jul 19 21:23:10 2013
# Generated by iptables-save v1.4.14 on Fri Jul 19 21:23:10 2013
:PREROUTING ACCEPT [6030:609376]
:OUTPUT ACCEPT [2047:267991]

This is actually an important file, saving the rules in an intermediate format understood by iptables, as we can later use the command iptables-restore to load the rules back in after a reboot

we do this by copying the file dump.txt to the /etc/interfaces dirctory, renaming it on the way as iptables, and adding a further line to the interfaces file

type sudo cp dump.txt /etc/network/iptables

then cd /etc/network followed by sudo nano interfaces to place the interfaces file in the nano editor. Move down to the end of the file using the cursor keys. press return for a blank line and add the line

pre-up iptables-restore < /etc/network/iptables

then exit using ctrl+o to write the modified file then push the return key and then type ctrl+x to exit the editor

Check the contents using cat interfaces

we have to tell the kernel program to allow packet forwarding

This is done by editing the file /etc/sysctl.conf

type sudo nano /etc/sysctl.conf

scroll down the file using the down arrow key until you see a line that says
# Uncomment the next line to enable packet forwarding for IPv4
and remove the # at the start of the next line, changing

Then write out the file using ctrl+o followed by return and then ctrl+x to exit the editor

type the command sudo sysctl –system to enable the forwarding and you should see something like the link below. {NB for some reason the two – – in the command above merge to one. The command should have – – system at the end, but no spaces between them}

* Applying /etc/sysctl.conf …
kernel.printk = 3 4 1 3
net.ipv4.ip_forward = 1
vm.swappiness = 1
vm.min_free_kbytes = 8192

showing that ipv4 forwarding is enabled

Stage 5 fixing the routing

We are nearly done, there remains one problem, which stumped me for ages, and which is not mentioned in the original article by Glenn Lockwood

The kernel maintains a routing table that helps it to know where to send packets with different addresses

The contents can be seen with the command route

This produces

Kernel IP routing table
Destination  Gateway      Genmask        Flags Metric Ref Use Iface
default        UG    0      0   0   eth0  *    U     0      0   0   wlan0  *    U     0      0   0   eth0

This shows that any packets addressed to a network apart from 192,168.2.x (which will be routed via eth0 on 192,168,2,1 or 192.168.1.x which will be routed via wlan0 on 192,168,1,98 will by default be routed via the ethernet port on
This is not at all what we want. We want packets to unknown networks on the internet to be routed via the wlan0 interface to our network router and from thence to the internet.
In otherwords we want the default gateway to be via wlan0 and NOT via eth0

This is easily achieved with the two commands route del default gw etho to remove the unwanted one and route add default gw wlan0 to add the required one. However the question is when and where to do it. We can only apply these commands once the routing table has been set up, namely once the network interfaces have been configured. There are hooks to invoke commands after an interface has come up, but we don’t what these to happen until both interfaces are active.

The solution I have chosen is to add a script to perform the commands which is placed in the directory /etc/init.d and which is invoked at the end of the booting sequence once the interfaces have been set up.

The script can be created first in the pi home directory

type cd ~/ to get there

then nano setuproutes to edit the new file called setuproutes

paste or type the following into the nano editor window

# Provides: default routes for wlan0
# Required-Start: $syslog $network
# Required-Stop: $syslog
# Should-Start:
# Should-Stop:
# X-Start-Before:
# X-Stop-After:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: false
# Short-Description: adjust default routes
# Description: removes default route adds default route
sudo route del default gw eth0
sudo route add default gw wlan0
exit 0

The line # Required-Start: $syslog $network ensures that the script is not started and run until the system logging and the network interfaces have been set up. The INIT information is required for any init.d script (which normally start and stop computer services to function properly. The actual meat of the script is in the last three lines, exit 0 ensuring that exits cleanly.
Use ctrl+o followed by pushing return to write it, then exit the editor with ctrl+x

set the execution attributes with chmod 755 setuproutes

sudo cp setuproutes /etc/init.d to put a copy in the init.d directory

To activate it to run during the boot sequence type sudo update-rc.d setuproutes defaults

reboot using sudo shutdown -r now then connect to the pi on via ssh again as detailed before. Check that the routing table is now correct using route

You should get

Kernel IP routing table
Destination  Gateway      Genmask        Flags Metric Ref Use Iface
default        UG    0      0   0   wlan0  *    U     0      0   0   wlan0  *    U     0      0   0   eth0

showing that the default route is now correct

As final icing on the cake, we will add a dhcp server so that an IP address can be obtained automatically for the TV or any other computer plugged in to the Rpi ethernet socket. (One other use for the project would be to connect a small network switch with say5 or 6 ports on it to the Rpi to enable several computers to be serviced by the Rpi on their own mini network.)

Type sudo apt-get install isc-dhcp-server and the server package should be downloaded and installed from the internet. (If the package cant be found type sudo apt-get update followed by sudo-apt-get install isc-dhcp-server )
Note when the server is installed you may get an error message saying it can’t be started. This is normal as we have not yet configured it.
The dhcp server configuration file is stored at /etc/dhcp/dhcpd.conf We will keep a copy of this for reference and then substitute it with a new file.

Type sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig to make a copy
then create a new blank file using sudo nano /etc/dhcp/dhcpd.conf

paste the following text into the file

# Configuration file for ISC dhcpd for Debian
ddns-update-style none;
option domain-name "rbn.local";
option domain-name-servers;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
#let the server know about network but offer no service here
subnet netmask{
#configure service for network (the ethernet port)
subnet netmask { 
 option routers;

Then write it using ctrl+o and press return, then exit nano using ctrl+x

Check the contents of the file using cat /etc/dhcp/dhcpd.conf
(If your main home network is NOT on 192.168.1.x you will have to amend some of teh addresses in this file to suit. e.g. if your main router is  on

You can now restart the dhcp server using
sudo service isc-dhcp-server restart
you will probably see the messages

[FAIL] Stopping ISC DHCP server: dhcpd failed!
[ ok ] Starting ISC DHCP server: dhcpd.

The Fail occurs because the server was not running to start with. What you want is the ok for the server starting

Stage 6 Testing and setting up the TV

At long last the project is complete. All that remains is to try it out. You can check its operation with a spare laptop or pc first if you like. Connect the Rpi ethernet socket to the ethernet socket on the laptop or PC and reboot the Rpi. The laptop or PC should be set so that its ethernet adapter will pick up an IP address using dhcp, which will usually be the case by default. All being well you should be able to access the internet from the laptop or PC.

My TV is a Panasonic Viera TX-L37E5B The Menu has an option to gonfigure the network interface. This is set up for a wired connection (to the Rpi!) and set to obtain an IP address automatically (via DHCP). After a short pause the IP address was automatically populated with and I was able to access the various internet options provided by the TV software.

I hope that you have found this article interesting to follow. I have learned a lot in developing it.

Quick install for the impatient

Finally for those who want to try this out quickly, I have saved a zip file containing all the scripts and configuration files used in a file called tvrouter,zip which can be downloaded fromhttp://r.newman.ch/tvrouter.zip The best way to utilise this is get an Rpi setup and working (read stage 1 of the article to see how to do this if necessary) and then to download it to your home directory (assuming the Rpi is connected to the internet) using wget http://r.newman.ch/tvrouter.zip
then type unzip tvrouter.zip
cd tvrouter
ls to see the files
The file README.txt contains the instructions for how to quickly install them
cat README.txt

Image showing the TV picking up its DHCP supplied IP address

201 thoughts on “WiFi to ethernet adapter for an ethernet-ready TV

  1. Absolutely excellent write up. Very detailed yet straightforward as well.

    Quick question though, do you know how to set up the pi to act as an inline firewall routing to the same subnet? For example, in your topology the TV would instead have a static IP on 192.168.1.x and not the dynamic IP on 192.168.2.x Also, only certain ports would be permitted, such as 502. If you have any idea how to go about configuring the network interfaces and iptables that would be fantastic.

    Again, really appreciate this guide, seriously top notch.

    Best regards,

    Vince Rothenberg

    • The quick answer is no I don’t know without a bit of research. I an no guru on iptables and routing. However there are lots of links related to subnettingon the internet. One I found which covers subnetting in some detail with examples is here IF you scroll halfway down to the network design examples this may help.
      For my purpose I only wanted this to connect the trv to the internet and didn’t require anything else to communicate with it. Best of luck!

      • Thanks I appreciate it. I was able to successfully configure the Pi using bridge-utils.

        For future reference, first remove the DHCP server and flush iptables. Then install bridge-utils:

        # sudo apt-get install bridge-utils
        # sudo brctl addbr br0
        # sudo brctl addif br0 wlan0 eth0

        And reconfigure /etc/network/interfaces to match the following:

        auto lo

        iface lo inet loopback

        iface eth0 inet manual

        auto wlan0
        iface wlan0 inet manual

        auto br0
        iface br0 inet dhcp
        bridge_ports wlan0 eth0
        bridge_stp off
        bridge_maxwait 5

        wpa-iface wlan0
        wpa-bridge br0
        wpa-driver wext
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

        If you do that, you should be all set!

  2. Hmm, so I followed the guide, and everything works fine up until connecting to the internet. I can ssh into the pi at, but Windows complains it can’t each the DNS. I crosschecked with the wireless connection and my DNS server is the same on both – Any idea on what I can try?

  3. hmm Double check the files, especially if you have typed them yourself. I have built from the downloadable files and it works ok. I see you can ssh into the pi on the 2.1 interface. The windows machine should show its dhcp server is if you start a cmd window and type ipconfig /all you should see that.

    From the command window you should be able to get a response to ping
    if it is working you should also be able to get a response to ping bbc.co.uk

    Double check the routing table on the pi. Via the ssh link type route and check the table is the same as shown in the article.

  4. I had exactly the same problem. When I tried to download the dhcpd package I found that I had lost access to the outside world. I eventually tracked it down to an address in setupiptables (my adsl modem assigns addresses in 192.168.0.n range). Once I corrected the INET_ADDRESS field everything worked a treat.

    Congratulations on a really well written guide.

    My next step is to add vpn to the wlan0 interface.

    Thank you for your guide.

    Dave Checkley

  5. This post is great.

    I 90% of the post and then combined it with other information about the Raspberry Pi to achieve what I wanted.

    I have used it as a second Internet connection into the house to ease heavy periods of Internet usage, as my broadband connection is not very fast –> Phone tethered to Pi via USB, Pi connected to load balancing router.


  6. After changing the routes, my Pi can no longer connect to the internet but it is still possible to ssh in…? All other devices (wireless) can connect. Any things to try?

    • I assume that you are connecting to the Pi by ssh into the wired connection, and that the Pi is connecting to your wireless router. If you are using my settings then your Pi will have an ethernet fixed address of and you should be able to ping that from your computer plugged into the Pi. If your Pi is connecting to your main wireless router (in my case that is on you should also be able to ping that, both directly from the Pi and from the ssh connection. You should also be able to ping bbc.co.uk which will show that dns is working.
      Check the routing table carefully.
      type route
      and check that the diagram is like the SECOND one I show, after the routing table has been amended.
      Make sure that the script to alter it has worked. The default route should be to the main wireless router ( in my case) IF that is not the case, then traffic cannot be routed to it.

      If you still have problems and you have typed in your config files yourself, try using the downloadable ones. Leave the sttings for the wired port the same, and adjust just those pertaining to the wireless IP address and the address of your wireless router. i.e references to and where these occur.
      Let me know if you still have problems and I’ll try to help further.

  7. Hi, First of all excellent guide thanks!

    I’m using your method to set up my Rpi as a wireless adapter for my Xbox 360. It should work out the same as a tv. I have the Xbox connected to the Rpi through eth0, and wlan0 is connected to my router. Pinging google.com works fine from the Rpi, but the Xbox cannot get an IP address from the Rpi.

    I have noticed that when I use route the default gateway is listed as “api.home” rather than my router’s IP address. Other than that the output is the same as your second example

    Any ideas why this is happening and if it is stopping the Xbox receive an IP address?

    Otherwise, I am scratching my head on this one!

      • It looks like a routing issue in the Rpi. api.home may be the local name of your wireless access point. YOu could try pinging api.home and see what that gives.
        You could try removing that route manually and adding the ip address of your wireless router. eg. from the article

        This is easily achieved with the two commands route del default gw etho to remove the unwanted one and route add default gw wlan0 to add the required one.
        (this is just an example of removing and adding a gw address)

        I would try using a pc instead of the xbox initially. You can then use a command/terminal window and commands such as ping and ipconfig to see what is happening at the ethernet port.

        I don’t have an xbox myself and have no experience of it, but I think you may also have some port forwarding issues across the Rpi router. You maybe better to look at using the Pi as a bridge. See the comments earlier by Vince Rothenberg.
        Also this article http://www.beyondtechnicallycorrect.com/2013/04/20/using-the-raspberry-pi-as-a-network-bridge-for-the-xbox-360/
        does exactly what you want, again using a bridge.

      • Thanks for your reply, I tested and went through my setup again, turns out I had a typo for the netmask somewhere, doh!

        I can now connect to Xbox Live but as you guessed I have NAT issues. But it isn’t a major problem for me right now.

        I noticed that the settings for the dhcp server on the Rpi include options for NAT translation, I will look into that and see if it helps. It could also just be my router not forwarding the ports I need, but it’s not allowing me to configure ports right now due to bad firmware.

        I tried using the guide you have linked, it wouldn’t work. I also tried using hostapd to set up a bridge but that didn’t work either. So now I ended up here with a solution that works for me!

        I suspect those solutions failed because I have “berryboot” installed on the SD card, which boots images from a USB pen drive instead of the SD. I find this is more reliable against card corruption when overclocking.

        Berryboot seems to manage the wpa-supplicant at startup and then passes this to Raspbian, something which is most likely preventing the bridge from working.

        So thank you for the guide and the help! If I sort out the NAT issue I will post a quick update with how I did it for anyone else who finds this guide!

    • Finally got back to having a go at sorting this problem. I bought a new router to use for port forwarding as my current one (BTHomeHub2) has buggy firmware and it stops forwarding ports after a while.

      My set up is now:
      Internet > VDSL Modem > HomeHub > New router (DMZ) > Rpi > Xbox

      The xbox is on eth0 to the Rpi. Rpi to the new router via wlan0 and the new router via ethernet to the homehub. The new router is in a DMZ which removes the port problems I had before because of the homehub.
      I have to keep the homehub where it is so my flatmate can still have their internet phone line…. hence all this hassle!

      Xbox live still reports NAT problems but everything still seems to work as it should. So it’s definitely the Rpi causing this. I can’t seem to find anything online that describes how to set up the NAT rules in the dhcp server on the Rpi.

      Can you point me in the correct direction? Or if you already know how that would be great!

      Thanks again

  8. I must just not be good at this at all. I’ve ran the instructions several times, all with fresh installs. I’m sure the tutorial is correct, but I must be doing something wrong. I installed off the quick method, changed the SSID and the PSK. I changed the router (my router is at My Mac connects, gets an ip, router address ( for some reason), subnet, DNS, but pinging gives no results.

    • Hmm Not quite sure about your setup. My main wireless router was also on so not sure what you changed here. The wireless address of my Pi was and the ethernet port had a dhcp server on it. It had an address of and served addresses in the range up from to The important thing is to make sure that the default gateway on the Pi points to the main wireless router (in my case otherwise you won’t be able to ing through from the wired computer/tv connected to the Pi. When you first set it up using the procedure described the default gateway points to the ethernet connection, not the wired connection, and you have to change it as described.

  9. i’m having a problem installing the dhcp serveri get the following

    pi@raspberrypi ~ $ sudo apt-get update

    Err http://mirrordirector.raspbian.org wheezy Release.gpg
    Temporary failure resolving ‘mirrordirector.raspbian.org’
    Err http://raspberrypi.collabora.com wheezy Release.gpg
    Temporary failure resolving ‘raspberrypi.collabora.com’
    Err http://archive.raspberrypi.org wheezy Release.gpg
    Temporary failure resolving ‘archive.raspberrypi.org’
    Reading package lists… Done
    W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/wheezy/Rele
    ase.gpg Temporary failure resolving ‘mirrordirector.raspbian.org’

    W: Failed to fetch http://raspberrypi.collabora.com/dists/wheezy/Release.gpg Te
    mporary failure resolving ‘raspberrypi.collabora.com’

    W: Failed to fetch http://archive.raspberrypi.org/debian/dists/wheezy/Release.gp
    g Temporary failure resolving ‘archive.raspberrypi.org’

    W: Some index files failed to download. They have been ignored, or old ones used

    pi@raspberrypi ~ $ sudo apt-get install isc-dhcp-server

    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Suggested packages:
    The following NEW packages will be installed:
    0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
    Need to get 887 kB of archives.
    After this operation, 1,875 kB of additional disk space will be used.
    Err http://mirrordirector.raspbian.org/raspbian/ wheezy/main isc-dhcp-server arm
    hf 4.2.2.dfsg.1-5+deb70u6
    Temporary failure resolving ‘mirrordirector.raspbian.org’
    Failed to fetch http://mirrordirector.raspbian.org/raspbian/pool/main/i/isc-dhcp
    /isc-dhcp-server_4.2.2.dfsg.1-5+deb70u6_armhf.deb Temporary failure resolving ‘
    E: Unable to fetch some archives, maybe run apt-get update or try with –fix-mis

    • sudo apt-get update may sort this. Also check that your internet connection dns etc is working ok. (try accessing a web site or ping bbc.co.uk) failure to resolve
      sounds like it may be a dns error.

      • no its not pinging anything it doesnt show up in my client list in my router settings either but i can ssh i’m confused. any idea how i could sniff out the problem?

      • ok i found the problem and fixed it i followed the tutorial to a T with the exception that my wlan0 has 2.x addresses and my eth0 has 1.x addresses and i apparently didnt catch all of the areas i needed to change till just a few minutes ago

  10. OK. So I almost have this working. I think I have the config correct- although I had to change the wlan0 settings as its connecting to a (hotel) router that I don’t control. But my problem is this: As soon as I connect anything (in my case a mac, or an Apple TV) to the eth0 interface, the routes are dropped:

    pi@raspberrypi ~ $ route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default UG 0 0 0 wlan0 * U 0 0 0 wlan0 * U 0 0 0 eth0

    pi@raspberrypi ~ $ route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0

    If I unplug the cable again, it reverts (partially)

    pi@raspberrypi ~ $ route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default UG 0 0 0 wlan0 * U 0 0 0 wlan0

    Possibly some kind of DHCP issue?

    my /etc/network/interfaces:

    pi@raspberrypi ~ $ more /etc/network/interfaces
    auto lo

    iface lo inet loopback
    #iface eth0 inet dhcp

    # the internal (wired) network interface
    allow-hotplug eth0
    iface eth0 inet static

    allow-hotplug wlan0
    iface wlan0 inet manual
    wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
    iface default inet dhcp

    pre-up iptables-restore < /etc/network/iptables

    pi@raspberrypi ~ $

    (Note, this is connecting to a hotel wifi and I couldn't get it work if I tried to make the wlan0 static, as per the original instructions)

    • The problem is that the iptables rules require to know the address of the wireless connection. You might be able to get it to work connecting via hotel dhcp if you can determine the wireless ip after connecting to the hotel (ip address should show it) and then rewrite and program the iptables script using the script shown, but I don’t know if this will work.

  11. This tutorial is very useful, thank you for all the effort. I can get the wireless to wired bridge working but I keep getting packets lost, just wondering if any one has similar issue.

  12. Hello to all.

    I was searching for something like this for a long time.
    Finally I found it and I must congratulate Robin Newman.

    Although this, even before I start implementing this solution, I need to ask something very important to my specific case:

    In my 1st home I have ZON Internet Service Provider.

    In my 2nd home I connect to Fon Zon Free, which is a benefit FON and ZON Internet Service Providers offer to their costumers when they are away from their own routers, like in the outside or in other homes, so they can still have Internet by accessing other FON and ZON costumer’s routers.

    Fon Zon Free is the network I want to capture via Wi-Fi dongle on raspberry pi and redirect to it’s wired lan.

    Problem and question:

    It has SSID (FON_ ZON_ FREE_ INTERNET), Username and Password but the login is done in browser (as you can see if you try to connect to it if you find one: there are uncountable of those hotspots in Europe.

    So, when I connect to it and open a browser I’m redirected to the login site.

    I can connect raspberry pi to this network through my Wi-Fi dongle (tp-link tl-wn722n) but when in it’s desktop environment.

    As this solution is not to be implemented in raspberry pi desktop environment, here arrives the main problem:

    When implementing the solution in this article, in wpa-ssid I can put FON_ ZON_ FREE_ INTERNET but what about wpa-psk?
    And where and how to put this network username?

    A possible solution:

    Can’t this be made in desktop environment, so I can login through browser?

    Please, give me ideas and tips.

    Lots of thanks in advance,

    Miguel Garcia

    • It looks to me as if your FON_ZON network is open, so anyone can connect, but access is then controlled by putting in a name and password to your web-browser.
      In that case there will be no WPA_PSK setup and the configuration of the wireless access point will be something like
      allow-hotplug wlan0
      auto wlan0
      iface wlan0 inet dhcp
      wireless-ssid “FON_ ZON_ FREE_ INTERNET”
      wireless-mode managed

      However the problem with this is that you will get a dhcp supplied address to your wireless adaptor, and the configuration of the iptables etc needs to know what the wireless side ip-address will be, so I’m not sure you will be able to get it to work.
      If you know the range of addresses the FON_ZON network offers, you MAY be able to choose a fixed address and get it to connect, but I am not hopeful.
      In this case you would need something like…

      auto lo
      iface lo inet loopback
      iface eth0 inet dhcp
      allow-hotplug wlan0
      iface wlan0 inet static
      address IP_ADDRESS # you will have to find what these addresses might be by investigation what DHCP values the FON_ZON network offers and choosing appropriately
      broadcast BC_ADDRESS
      gateway GW_ADDRESS
      wpa-ssid “FON_ ZON_ FREE_ INTERNET”
      wireless-mode managed

      If you get a connection on the wireless side to work, you will then have to modify the iptables stuff to use the actual address the wireless side has.
      You’ll have to experiment along these lines.
      You will still have to do the logon stuff via the web browser too, which is what supplies the access control on the FON_ZON network.

      I would experiment with just getting the wireless side to connect to FON_ZON via dhcp first, then see if you can get it to connect with a fixed ip address, then do the iptables stuff using this.

      Best of luck

      • Before anything more, lots of thanks for your rapid help Robin.

        Yes, your absolutely right, FON_ZON network is open, so anyone can connect, but access is then controlled by putting in a name and password in the web-browser.

        The fact is that, although I’m an electronics technician, I have little knowled about Linux in general and even less with Raspbian (I develop hardware).

        Just as an example of a tested solution for the same situation (on my 2nd home), but much more simple from the procedure point of view:

        One of my Notebooks has Linux Ubuntu 13.04 installed and, after connected my wifi dongle ( TP LINK TL-WN722N ) to a usb port, I only went to the “Edit Connections”, selected Ethernet > Wired Connection 1 and edited it by setting its IPV4 Methode to “Share to other computers” and that was all.

        Through this simple procedure FON_ZON_FREE_INTERNET is captured trought my wifi dongle and is redirected to this computer Wired LAN.

        I can then connect this Notebook LAN port to the WAN port of a Asus 500GP router as an access point (I think it is confugured this way – it was some time ago) and disseminate FON_ZON_FREE_INTERNET throught another SSID (the router one) along almost my entire 2nd home.

        Graphically speaking:

        FON_ZON_FREE_INTERNET -> wifi dongle -> usb -> Ubuntu Notebook -> Notebook LAN port -> Router WAN -> Router wifi SSID which permits FON_ZON_FREE_INTERNET access

        Tested successfully.

        Why am I telling this?

        To put a new question:

        Is there any installable application or module that simply alows me to impose the Raspberry Pi Wifi to be shared throught its LAN with simple steps like in Ubuntu ?

        Can’t I edit in some simple way Raspberry Pi wired IPv4 settings, with something like a friendly interface like in ubuntu, and choose “Share to other computers” ?

        Lots of thanks in advance again,

        Miguel Garcia

      • Hi Miguel
        Not 100% sure what you are trying to do, but it may be that you are after a bridged connection 9with the Pi wired port on teh same network as the wireless port on the pi rather than a routed one where the wired port sets up and serves a separate network, which passes packets to and from the separate wireless network.

        There are articles like this one <a href="” title=”link” target=”_blank”>link which explain this (this one showing how an x-box can be connected to the internet via the rpi wireless link

  13. When I get to entering the command sudo sysctl –system. It lists out all the functions for susctl, but gives an error saying it cannot run that specific command, as in -system is not an option.. Any ideas?

      • I managed to get it to work after I posted that comment! Everything worked like a charm. Just curious, might have to look into this myself, but if I plug a device in, that has a control panel with a login page when you navigate to that device’s assigned IP (like routers etc with a login to manage them) is there a way to access that ip from the main network? For example if the laptop is connected to a network called “Linksys Network” and the pi is connected to that same network. Any ideas? One more thing, Because it has a DHCP server running, you could plug an ethernet switch in? Thanks for all the help! This has been the best tutorial I have found yet!

  14. Hi Robin.

    Some hours ago I sent here a new post continuing my last one.
    The fact is that, although this site acept it through a confirmation
    “on the fly “, it is not here.

    Did you received it, or can you access it as a site administrator (supposing you are)?

    I’m asking this because it was somewhat long and I have no saved copy of it.

    Lots of thanks again,

    Miguel Garcia

  15. Great guide and very detailed! I have a question though that probably is a bit newbie. I have the pi giving wired internet access to a beaglebone black. Connecting via ssh through the home network to the rpi (static ip: is obviously fine. How can I ssh to the beaglebone black directly (ip:
    At the moment I can ssh to the raspberry pi and through that I can ssh to the beaglebone. Is there a way to ssh directly without this rather “inception” method?

    Thanks in advance for the help.


    • Hi Aris
      if you are trying to ssh from the main network to the Pi and from there to a board connected to it by a wired connection, then the problem is that you cannot “see” the beaglebone directly from your main network. It is the same situation whereby your home pc cannot be seen directly from the internet. All that is visible from the network is the ip address of your router connected to the internet. I think the solution is that you need to forward port 22 (the ssh connection) across the Pi to the address of your beaglebone. I am not a guru on ip tables, but I think this article may help you to do that link

      Based on that, you would first need to determine the ip address assigned to your beaglebone by the Pi it might be for example
      in that case you could type on the Pi

      sudo iptables -I FORWARD -p tcp -d –dport 22 -j ACCEPT
      sudo iptables -t nat -A PREROUTING -i lo -p tcp –dport 22 -j DNAT –to-destination

      to temporarily add the rules, and the try ssh nnn@ from a pc on your main network, where nnn is your username on the beagleboard
      This should now NOT connect to the Pi but forward the command to the beagleboard.

      I don’t have another linux machine to test this at the moment, but if it works, you can then add these two rules to setupiptables described in my article and remake the iptables and save as described in the article. (when adding the two rules to the script you can omit the sudo at the start of each line)

      The alternative is to set up your Pi as a bridged rather than a routed connection. In that case the beagle board would be on the same network as your main one.
      See this article where the same thing is done to connect an X-box to the internet via a Pi

      • try –dport rather than -dport
        sorry wordpress screws up the reply try – space – dport. i.e. two – with a speace in between before dport

      • Yeah it was –dport. I was copying and apparently it wasn’t the same dash character that I was typing and it was giving me an error for that.

        Now I’m having trouble with the second command you have given. “sudo iptables -t nat -A PREROUTING -i lo -p tcp –dport 22 -j DNAT –to-destination”

        Bad argument

        I’m trying to do the same thing as rbn2013, I can now reach my computer connected to the Pi (ping, tracert) but not access the ports I want.

      • sudo iptables -t nat -A PREROUTING -i lo -p tcp –dport 22 -j DNAT -–to-destination″

        Is the correct formatting, sorry for double comment.

  16. Hi again Robin

    What I’m trying to do is very simple:
    Remember the example with my Ubuntu notebook

    FON_ZON_FREE_INTERNET -> wifi dongle -> usb -> Ubuntu Notebook -> Notebook LAN port -> Router WAN -> Router wifi SSID which permits FON_ZON_FREE_INTERNET access
    (all explained above)

    What I’m trying to do is exactly the same but replacing the Ubuntu notebook by the raspberry pi:

    FON_ZON_FREE_INTERNET -> wifi dongle -> usb -> raspberry pi -> raspberry pi LAN port -> Router WAN (Asus)-> Router (asus) wifi SSID which permits FON_ZON_FREE_INTERNET access

    I need to connect to FON_ZON_FREE_INTERNET through Wi-Fi dongle on raspberry pi and output it to raspberry pi wired lan port so I can input it into a router (also) wired
    wan port so it can be sent out through its antenna and distribute FON_ZON_FREE_INTERNET with sufficient power to almost all my house.

    That all I’ve been talking about from the beginning.

    This is in fact something like a repeater but, in this one, I can login to the FON_ZON_FREE_INTERNET .

    Lots of thanks one more time,

    Miguel Garcia

  17. I Have spent the afternoon setting this up. I got to the end and discovered that my laptop could connect to my raspberry pi but not to the internet. I then checked my home router and it said that my raspberry pi was connected to the router. I then decided to see if taking the “shortcut” and downloading the zip file would solve the problem, it didn’t. If I trying and ping on my pi it just says “ping: unknown host google.com”. It seemed to be fine at the point ‘sudo apt-get install isc-dhcp-server’ as it downloaded this fine.
    Got any suggestions

    • Yes this is a good solution. My original article was not intended for X-Box connection, although it can be modified for such. It did what I needed at the time.

  18. I’ve worked on this for a while, but still can’t access the device plugged in. It has a web interface. I plugged my laptop in to see what kind of info it assigns it when it connects to the network. My laptop is given an ip of, router at and a DNS of (what the router is on the wireless net) The pi is being assigned (the router starts assigning at .1.2) So if I have a device plugged into the pi that is at, how can I access it if I am on the wireless network at Any ideas?

    • Hi Ben
      As described my project is not intended to do this. It behaves rather like your router connected to the internet. Devices on the internet cannot see devices on your local network. In the same way traffic coming to the pi via the wireless input cannot see devices on the ethernet wired network connected to the pi. In both cases, it is intended that communication is started by a device on the local network side. Once a connection is established, external devices can talk to the device that initiated the contact. That is fine for an interne-tv which is what I used the project for. However there are two solutions.
      1) you can set up port forwarding, such that all traffic on specified port is directed to a specified device on the local side. For example you would do this to enable a webserver to be run on your local network by sending all port 80 traffic to the specific machine. As far as the outside world would be concerned in that case the webserver would have the address of your router.

      However a better solution in the case you describe is to use a network bridge setup, and not a router on the Pi. In that case, devices connected to the ethernet port are on the SAME network as the wireless side, and can be seen by the other devices connected to your main route local lan.

      Will Crokes posted a link to an article which uses this approach here

  19. I followed your guide and all is fine..
    In fact not all :-)
    My TV has an IP assigned ( so an ip related to the eth0 network.
    When I ask the tv setup to configure the network connection it receives the ip/gateway but it always complains about dns not reachable.
    I tryed: (out ouf less /etc/resolv.conf)

    It always complains…

    • The dns entry for the tv should be the same as used by your main local network connected to your internet router. In my case
      This is configured in the ISC-DHCP server file
      shown again below in the line option domain-name-servers;

      If you are having problems with the tv config, I suggest you use a laptop or desktop there first. Then you can try pinging to see if the Pi is routing through correctly. If not check the routing table carefully as described in the article.

      # Configuration file for ISC dhcpd for Debian
      ddns-update-style none;
      option domain-name “rbn.local”;
      option domain-name-servers;
      default-lease-time 600;
      max-lease-time 7200;
      log-facility local7;
      #let the server know about network but offer no service here
      subnet netmask{
      #configure service for network (the ethernet port)
      subnet netmask {
      option routers;

      • Hi, thanks for your reply but in the meantime I followed another guide and now TV config is working fine.
        Now the tv can search for update from internet but I cannot find the tv dlna stuff from my android device connected to the wifi network (not the ethernet net that is used by the tv but the net used by the rasp)

    • Interesting, I’ll look for this.

      How can I test that routing is working fine (I want to find out why my ethernet connected TV isn’t retrieved by DLNA app connected through wifi)

  20. I think (althouhg I may be wrong) DLNA only works on a local network, not over a router…in this case you need a wireless bridged solution, which has been discussed earlier in the comments

  21. Ok, I’ll try…I only have to revert all the changes done for this solution :-(
    I’ll try. Any concerns about bridge instead of routing?

  22. Nice article! I have tested this and I can access the internet via my laptop (TV equivalent) through the wireless Pi. My goal is to connect an IP camera on the 192.168.2.x subnet of the Pi and be able to see the camera (IP my main network (IP 192.168.4.x). Can this routing setup work both ways – from main PC to Pi AND Pi to main PC? I can currently view my 192.168.4.x subnet from the Pi but am unable to see the 192.168.2.x addresses from my main computer.


  23. Follow up from above…
    I got it work by setting up advance routing for the 192.168.2.x subnet in my router. I can know see the 192.168.2.x subnet computer shares from 192.168.4.x subnet.

    • Are you referring to DLNA stuff?
      Please can you explain how do you achieve the goal to run DLNA across lan and wifi attached devices?

  24. I did not try DLNA, just accessing the second subnet from my Win7 computer by typing 192.168.2.x to see the shared folders. Regarding the IP camera, I can access it’s web interface via the Win7 web browser by typing the IP camera’s IP address to view the video. Again, the Win7 is 192.168.4.x and the IP camera is 192.168.2.x. Very stable for the first 24 hours. I am basically substituting the IP camera for the TV.

  25. Hey there,
    Thanks for the excellent write up.

    I just moved to an apartment and I am trying to connect to the open wifi ‘xfinitywifi.’ I’ve got access to it as my family is a Comcast customer. This tutorial is something that interested me because I want to get my internet from the free xfinitywifi and use it to route to another router I have to create my own personal network. This project seemed perfect for me.

    I started having issues when I started modifying the interfaces file. Because the network is not protected, I am using “wireless-essid xfinity” instead of the wpa information that your write up calls for. I get it connected and everything is happy, but when I start to set up the ethernet network, the wireless one stops any sort of connection.

    I have followed each step time after time but can’t seem to get a connection after I’ve added the new static eth0 network. Help?

    • Some time since I did this so a bit rusty about it! I would set up and test the wifi connection first from the pi. It is important that the ip has a static IP address or the ip tables won’t work. It’s ok to use dhcp provided that the wifi access point you use is set to give the same address to the pi each time. If you use a different IP address to the one in the article make sure that you alter the ip tables set up accordingly. Hope you get it working.

  26. I come back with my issue: I set up the bridge so my tv ( is connected to the rpi (; the raspberry has a wifi dongle and is connected to the router (
    How can I achieve the goal to allow the “dlna traffic” through the TV?
    From what I understood I must place the tv in the same net as the other devices (192.168.1.x)?

    • Hi Stefano
      I decided to have a play with this, and set up a bridged wireless the wired connector with my Pi. To do this I installed bridgeutils using:
      sudo apt-get update
      sudo apt-get install bridgeutils

      then I backed up the existing /etc/network/interfaces file using:
      sudo cp /etc/network/interfaces /etc/network/interfaces.bak

      then I changed the contents of the existing interfaces file to what is listed below:
      (you can delete the existing file using sudo rm /etc/network/interfaces and then create a new one using sudo nano /etc/network/interfaces )

      auto lo
      iface lo inet loopback

      auto eth0
      auto wlan0
      auto br0

      iface eth0 inet dhcp

      allow-hotplug wlan0
      iface wlan0 inet manual
      wpa-ssid “yourssid”
      wpa-psk “yourpassword”

      iface br0 inet dhcp
      bridge-ports wlan0 eth0

      (after typing in the file use ctrl+o to write it and then ctrl+x to exit the editor)
      you can check the contents by listing the file with cat /etc/network/interfaces

      You can then reboot your Pi and it should connect wirelessly to your internet router and allow your tv (or pvr bpx) plugged into the ethernet port to obtain a dhcp provided address.
      IN my case the wlan ip was 192.168.13 and the tv address Note these are both on the same network, so uPNP data should pass ok.
      In practice I found that I could sometimes see the humaxbox that I have, and play videos from that on vlc on my iPad, but I have not managed to get the reverse direction working, i.e. for my humax box to see a media server on my nas on teh main network, although it does so when directly connected by a cable.
      I will try and investigate further.

      • I’m not able to edit my last comment.
        Now I’m using this interfaces file:
        auto lo
        iface lo inet loopback

        #iface eth0 inet dhcp

        auto wlan0
        allow-hotplug wlan0
        iface wlan0 inet dhcp
        wireless-essid xxxxx

        #auto br0
        #iface br0 inet dhcp
        #bridge_ports wlan0 eth0

        I’m using open wifi with mac address filter.
        Since I setup this interfaces file often I miss raspberry wlan0 connectivity: router panel shows that raspberry wlan0 is connected but I cannot ssh or connect to the rasp; I have to plug the usb keyboard and run sudo ifdown wlan0 and sudo ifup wlan0.

        Any idea?

  27. Hello, your description works well for connecting a Laptop or even a TV via DHCP to the pi. But whats not working is a Printer on the Pi’s EthWlanIptablesBridge. I want to run a Network-Printer with a Pi.

    Do you have a advice how I get run the Printer. There is no ping working between the Printer(I used a Laptop for ping) – Pi’s eth0/wlan0 – Router and no ping in the other direction. A ping from the Pi works well in the direction of Router and the direction of the Laptop/Printer.

    Do I have to add a special iptables rule? Thanks so long.

    • A lot of people have raised the question of modifying this to allow access to devices on the local lan, rather than just to the internet. I think (as I have said in previous posts) that a bridge solution is required for this, but I have not yet been able to get this working satisfactorily. Links I have worked with include:





      It is something I am still looking at but no solution yet. I think a lot of people would like there to be one!

      • Thanks so much for an awesome article, it was spot on. I looked at so many articles on how to get this going and I kept on coming back to yours as the most detailed… I finally gave it a go and it works a treat. Thanks!!!

        Just with respect to the question about allowing access from the wlan-side to the eth-side (i.e. the printer scenario above) – this is what I wanted to achieve as well.

        The solution I found was to not setup any NAT rules within the iptables configuration – so I used your configuration and just ignored the last 2 lines. In effect the Pi is now just forwarding packets without changing/masking any source addresses. This seems to work fine in my setup.

        The only change I had to make to my network was to add a static route on my main router – to tell it that my eth0 network was behind the wlan0 IP of the Pi. So in your configuration this would be adding the route “network mask via”. Most routers should allow you to input static routes I would think.

        I hope this helps others looking to get this scenario working.

        Thanks again for your guide :)


      • Hi Robin, great article, and thanks a lot for the quick install for the impatient – after several days reading a ton of articles on the subject and trying many different solutions, I had grown quite impatient, and was happy to go through your quick install. In less than ten minutes I had what I had sought for so long (by the way, I had and have the same IP addressing scheme!)

        I also wanted to see my device from the network, in fact my initial attempts were on bridging rather than routing – one of the main reasons for not implementing your solution right from the beginning. But I am the happy owner of a CISCO access point on which I have installed DD-WRT. Great software! It has many options, one of them is routing (probably available on most routers anyways). So I simply added a route on the access point via “Setup” -> “Advanced Routing”:

        Metric: 0
        Destination LAN:
        Subnet mask:
        Interface: LAN & WLAN

        Not as elegant as a true bridge, but gives full visibility among all devices in both subnets!
        Hope it helps. Ciao,

  28. Hi there,

    I’m trying to use my pi to connect an ethernet-capable printer into my network wirelessly (not internet sharing). I understand that using this tutorial, the bridged ethernet device(s) end up not visible to the rest of the network – which means this won’t quite do the trick in my case. Any suggestions as to what I would need to change in order to get the printer visible to the rest of the network?


  29. Hi, great article, easy to follow even for a newbie like me! I’m so close to finishing but when I type “route” for default I get a . under gateway instead of

    Any idea why?

    Thanks in advance

    • What it looks like:

      Destination Gateway Genmask Flags Metric Ref Use Iface
      default . UG 0 0 0 wlan0 * U 0 0 0 wlan0 * U 0 0 0 eth0

      • If you have been trying to add that is not compatible with the two networks you have set up. on the eth0 and on the wlan0 interface. If you want to use different ip to the ones in the article you must make sure you change ALL the relevant references.
        I had the wireless interface on with my main router on That is why I set the default gateway to
        If your router is on ip 192.168.2.* then you will want to set your default gateway to the SAME address as the router.
        There will be an address change in teh iptables setup script too if your wireless interface is on a different ip to

      • Thanks for the reply. I have changed everything as my main router is on, so I’m using eth0 as and wireless on

        I’ve noticed that if I re-do the nano setuproutes, chmod 755 setuproutes, sudo cp setuproutes /etc/init.d, sudo update-rc.d setuproutes defaults, sudo shutdown -r now commands I can get route to look correct, but then I cannot SSH in anymore and can’t ping google either.

        The only place I deviated from your guide (apart from changing 192168.1.1 to 2.1 etc etc) is on nano interfaces where I found I had to go with:

        auto lo

        iface lo inet loopback
        allow-hotplug eth0

        auto eth0
        iface eth0 inet static

        allow-hotplug wlan0
        iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

        auto wlan0
        iface wlan0 inet static
        wpa-ssid “*****”
        wpa-psk “*****”
        wpa-group tkip ccmp
        wpa-key-mgmt WPA-psk

        pre-up iptables-restore < /etc/network/iptables


      • OK. This looks alright. You will also have to change the iptables using the script setupiptables supplied and changing the address to, the static address of your wlan0 port. You want to add a default gateway of Not sure why you have the one you show, try to delete it with sudo del default gw wlan0 then sudo add default gw wlan0
        You will also have to alter the script to reset the routing table called setuproutes, although you can get it working manually before installing this.

        Also try getting the interfaces and routing tables going first so that you can ping your router from the pi and an device fitted to the eth0 port. Also you should be able to se your pi from the main network and ssh to it. Do this with NO iptables installed first (other than the reset default), then you can isolate the problem to setting up the interfaces, or setting up iptables.

  30. Howdy! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form?

    I’m using the same blog platform as yours and I’m having problems finding one?
    Thanks a lot!

  31. Hi !
    Thanks for your guide.

    I have a similar problem to solve (for my own convenience).
    I do not have the TV, the own single WiFi router/access point and I
    do NOT have exactly the same WiFi USB dongle.

    I am living for some more days on a hotel with weak WiFi coverage
    in the room. I want to connect a Debian based computer and/or a
    MacBook Pro computer with OS X (Mawericks) and optionally an iPhone
    to the network. The iPhone is currently without SIM, since it is intended
    mostly for app testing and development, it also lacks an Ethernet connector.
    The wireless network is fine if I go downstairs to the hotell lobby.

    The external WiFi equipment i want to use is an WiFiSKY card or some
    other equipment that connects through USB and a coaxial connector for
    its high gain antenna.
    When I with some help from a friend managed to install a working driver
    for the card in the MacBook (on the second attempt), we found that the
    usual tools for network scanning was not available in the normal graphical
    user interface when selecting the external WiFi card.

    It seems preferable, to me, to solve the access to a temporary network,
    like those on a hotel or to an open accesspoint some distance away through
    an embedded system (like an type B Raspberry Pi) with configuration through

    Both my mentioned computers have the RJ-45 connector for wired network
    connection and DHCP client functionality.

    Maybe someone can recommend a guide to add this extra functionality needed
    for scanning the WiFi environment and select SSID and (when needed) WEP/WPA

    Also recommendations about good working USB connected WiFi equipment with
    working drivers and possibility to connect different hi gain antennas, are welcome.
    Maybe I will not have time to get that equipment before being back home in Sweden
    within a couple of weeks and perhaps the amount of different models available here
    in Puerto de la Cruz (or other cities on Tenerife) may be a little limited.

    Best regards !

  32. Hi, I do believe this is an excellent blog. I stumbledupon it ;) I may revisit
    once again since I saved as a favorite it. Money
    and freedom is the best way to change, may you be rich and
    continue to help other people.

  33. Holy cow! I totally get the work done! Thanks man!
    I had similar issue that another people has mention in comments before.
    The problem was that the client really receive an IP address from dhcp server, but internet is not working. By SSH-ing inside the pi the internet IS working well.

    I solve this issue by running sudo raspi-config set the GPU memory size from 64 to 32-bit.
    and click on Finish. Then reboot system.

    The reason why i get to this situation is that i always use “[enable ssh] at first boot cheat”.
    So i always skip raspi-config cause i think that ssh access is all i need, but i was wrong.
    The raspi-config must be launched and finished!

    Get the whole tutorial done with 2014-01-07-wheezy-raspbian, Rpi Model B 512Mb.

  34. I followed your tutorial most of the way through…until I got to installing the DHCP routing service. The installation failed and I ran an update. My problem comes from a failed update. I then tried to download your quick install package. That also failed to install. I think my Raspberry is having trouble accessing the internet because it could ping google.com before I forwarded “wlan0” to “eth0.”

  35. This is the second time i have attempted this and have got alot further this time to the point of fixing the routing and restarting but then wheni run route i get this * U 0 0 0 wlan0 * U 0 0 0 eth0

    this is driving me crazy, my routers ip is my rasbpi’s orginal working wireless ip was any idea what i need to do?
    also as it may help others i had to use “sudo /etc/rc.d/sysctl reload” to enable ip4 port forwarding that is what stumped me last time i couldn’t get that working

    • Hi Anthony
      Sorry you are having problems. Since you are using different ip to those published in the article I assume that you have adjusted all the configurations AND done this for script to make the iptables rules to suit the address range that you are using. Otherwise it certainly won’t work.
      You should have default gateway showing in your routing table. Again you need to run the (suitably modified) scripts to make sure this is set up correctly. otherwise your Pi won’t know where to route packets. Can you still ping your Pi from a PC on your main network? That at least will show the wlan interface is working. If all else fails, you should be able to set your Pi back to the starting set up, by deleting the iptables file and resetting the config file. Then have another go. As regards the sysctl setup it does actually tell you to use type the command sudo sysctl –system to enable the forwarding which should have the same effect as the sudo /etc/rc.d/sysctl reload command that you used.
      Hope you get it going!

  36. Hi, I’m using this for a bit of a different application, want to forward a ipcamera. I’m not sure if this is the right thing to use but I tried it and I’m having no results besides that I can view the camera on when I am using the RPI virtual desktop. I’m not sure how to rout this to the external internet though. I want to be able to connect to the camera via something like Currently the raspberry pi is hosting a webserver which I can access through

    My reasoning or need to transfer the internet traffic over the RPI is that the place where I will be putting the RPI has no wifi. That is why I have connected a massive directional antenna to the RPI and then the internet works fine. I Have the camera connected to the RPI via ethernet.

    Here is a flowchart/orderlist of what I am trying to do:

    User requests website (from anywhere in world ie: –> Raspberry pi responds and shows website (internally or –> User clicks link to view camera feed –> Camera (which is inside of RPI network on gets shown to user.


  37. Well, it worked all fine up to the end of stage 2, but after modifying and saving the interfaces file in the stage 2 my rpi have no wlan0 adapter anymore… after reboot it couldn’t connect to my access point, so I got a look into the preferences and it’s just gone. If I try to unplug the wifi-adapter, it’s all fine, but at the moment I plug it into the rpi it’s just do a reboot from itself. Any idea how to fix that? I’ve found something about this problem, but it’s just guide me to the stage 1, before modifying the interface file… (http://www.ikethenetworkguy.com/2013/11/No-Adapter-Wifi-Config-Raspberry-Pi-fix.html)

    thanks in advance!

    • Hi Eugen
      I’m sorry you are having problems. From what you say your interfaces file seems to be missing. I suggest you start again initially recreating the original interfaces file. If you made a backup of it as suggested
      cd /etc/internet
      sudo cp interfaces interfaces.bak
      sudo nano interfaces

      you can restore the original one by going to the internet folder and typing sudo cp interfaces.bak interfaces
      This will copy the backup onto the original again. If you don’t have the backup you can recreate the original using the pico editor and typing in the original values which are shown in an image in the article. IF you reboot you should be able to connect via an ethernet cable and set up the ssh connection again as described in the article. Then go through the procedure carefully as described in the article. I must emphasise that the addresses used may not be appropriate to your situation, and if your wireless network is not on 192.168.1 then you will have to put in the appropriate addresses for your situation.

      One other thing. I assume that you have had your wireless adapter on the Pi working satisfactorily before, and that there is not an incompatability problem with it.
      You could try it out by booting your pi with the wireless interface fitted, going to the graphics screen and using the Wifi config icon to set it up. This would at least show if it works., although it would also reconfigure your interfaces file in a different way.

      Hope you can sort it out.

      • Thanks for your response!

        So, I tried it againg and there is the same problem… Here’s a photo of my interfaces file. All the adresses are right, my gateway (router) is on the, so it should work, but there is nothing about adresses on the end of boot process and wpa_gui complains about missing supplicants.
        Just one question: my rpi was connected only through wifi. It’s necessary to connect it through eth0 until configuring of iptables is done?

      • Hi Eugen
        I left my eth0 config at the original setting, and didn’t change it to network until the wireless setting had been set up and tested. You will need to have the ssh set up to enable you to configure iptables, but even though the wireless setting is set up on network you should still be able to connect via eth0 onto the original setting (my pi set up via dhcp on this port).
        Another test you should do is to test that your wireless adapter can be set up using the original interfaces file on the pi. (content shown in an image in the article). You should be able to connect using the connect button on the gui desktop on the Pi. Not all wifi adapters work on teh pi and it is important to ascertain that the one you are using is ok. If it does connect, you can then alter the interfaces file to the one shown. and try to connect using the static version file.

      • Hi Eugen
        I left my eth0 config at the original setting, and didn’t change it to network until the wireless setting had been set up and tested. You will need to have the ssh set up to enable you to configure iptables, but even though the wireless setting is set up on network you should still be able to connect via eth0 onto the original setting (my pi set up via dhcp on this port).
        Another test you should do is to test that your wireless adapter can be set up using the original interfaces file on the pi. (content shown in an image in the article). You should be able to connect using the connect button on the gui desktop on the Pi. Not all wifi adapters work on teh pi and it is important to ascertain that the one you are using is ok. If it does connect, you can then alter the interfaces file to the one shown. and try to connect using the static version file.

  38. Thanks for your tutorial. Works fine here (my laptop works not with wifi, seems a problem with my distribution, but now it works with wifi on the RPI)

    There is a wrong path:

    cd /etc/internet
    sudo cp interfaces interfaces.bak
    sudo nano interfaces

    I used /etc/network ;)


  39. Hi, I come back after months.
    I setup everything. My problem is that the wifi connection to the rasp (ssh) and the bridge to the eth0 for the tv works fine for some minutes, after the disappear and appear again after some times. This happen very often.

    I have to unplug the eth0 cable to have stable ssh connection to the raspberry.

    • Here my interfaces file

      auto lo
      iface lo inet loopback

      auto wlan0
      allow-hotplug wlan0
      iface wlan0 inet dhcp
      wireless-essid Vodafone-mcg

      #auto eth0
      allow-hotplug eth0
      iface eth0 inet dhcp

      auto br0
      iface br0 inet dhcp
      bridge_ports wlan0 eth0

      • Looks like you are going for the bridged network approach proposed by Vince Rothenberg (look for his comment). I have tried this with various wifi dongles but have never managed to get it going successfully. I spent some time at it when he first made the proposal in August 2013, and found several related articles. but nothing that got my system going. Might take another look, now the kernel has moved on a bit, and also using a B+ and see what it does now. (You can also search the many comments for the word bridge, and get other discussions on this topic)

  40. Is there an easy way update this to accommodate for a DHCP vs static IP on the wireless interface? I’m having specific trouble figuring out how to modify the ip tables setup as you have the address hard coded in there. In my scenario I need to receive my wifi IP via dhcp. Any help would be much appreciated!

    • Hi Chris
      I think the iptables needs a fixed IP to work. You could leave your wifi interface DHCP but get it served with a fixed address each time by altering the other end. You should be able to set a reserved address on your main wireless router. You will need to get the hardware address of the wifi adapter on your Pi, and then look on your main router config screen. Usually there is a setting where you can specify a reserved address and add the associated hardware address. This will then always be served the same (known) IP address.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s