raspberry pi as a gateway for sharing wireless connection by ethernet

For people who would like to share the wireless connection from someone e.g. neighbour (of course by their consent) with multiple devices might face the issue of having to connect a device, such as the Fritz Box for making VoIP calls, via ethernet and connect it by some mean to the internet.

The simple setup is like this:

From what I saw and tried for hours is that the AVM FRITZ!Box 7270 Wlan V1 is not capable of accessing the internet via an existing wireless connection. The newer models are capable of doing so such as the FRITZ!Box 7390, but yeah they also cost more ūüôā

The setup deals with the following issues in a quick and dirty way:

  1. setup raspi wifi
  2. setup raspi as a gateway which performs NAT, works as a DHCP and DNS server
  3. establish a mechanism to ssh to the raspi remotely behind the wifi from the neighbour (includes dealing with IPv6 issues from Unitymedia)
setup raspi wifi

I essentially rely on ssh and command line for the raspi, using https://www.howtogeek.com/167425/how-to-setup-wi-fi-on-your-raspberry-pi-via-the-command-line/ since I have no screen or keyboard/mouse connected. I setup wlan0 as my wireless interface.

setting up raspi for NAT, DHCP and DNS

Based on https://raspberrypi.stackexchange.com/questions/48307/sharing-the-pis-wifi-connection-through-the-ethernet-port I used for NAT iptables for DHCP isc-dhcp-server and for DNS dnsmasq. At this point I could already connect my Fritz Box successfully and have VoIP functionality.

establish a mechanism to ssh on raspi remotely

Of course from time to time I need / would like to be able to access the raspi for maintenance and by remotely I really mean via internet, so I’m not closely located. ¬†The raspi is behind another NAT and I am not able to change the routers¬†configuration, no port-forwarding and alike.¬†After reading some time I found autossh as a handy tool to establish and maintain a ssh connection. Well, that does not really seem to help but the actual workhorse here is ssh and constructing a reverse tunnel.

For this purpose I used https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html to create a reverse tunnel to connect to my computer at home.

Hmm, yeah in principle but since I’m a customer of Unitymedia, which provides good internet speed but unfortunately I wasn’t so lucky to get a IPv4 address, only IPv6.

Is that a problem? Not really, but one just has to move some services to others which do support IPv6.

In terms of ssh and autossh I do not always want an active ssh portforwarding so that I can login but rather want something on demand. But one thing after the other:

  • I adapted the router settings on my side (Unitymedia connect box) to allow ssh on my local computer, I really like¬†http://www.ipv6scanner.com/¬†now so it helps to check your router configuration
  • I setup a hostname using¬†https://dynv6.com¬†which provides IPv4 and IPv6 dynamic DNS services for free
  • to deal with the issue of requesting a ssh connection on demand I wrote a small script which fetches a small textfile from my webspace and checks it; depending on the content it starts autossh or not; the scripts is run hourly by crontab

My rasbora_start_autossh.sh script:

scp username@webhostname:rasbora_start_autossh.txt .
if [ "FALSE" == "`cat rasbora_start_autossh.txt`" ]
echo "Not starting autossh"
echo "Starting autossh"
# try to get out!
# for ssh
autossh -N -f -M 45678 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /home/username/.ssh/id_rsa -R 6666:localhost:22 username@hostname.dynv6.net

By changing the content of rasbora_start_autossh.txt on the webspace the raspi connects to my machine on demand.

how to migrate imap account(s)

I recently had to change my website/mail provider, of course I also wanted to move my mails from one mailaccount to the other. With the Mac’s native email client I wasn’t very pleased dealing with this task, so my final solution for this is imapsync.

I just had very few accounts to migrate (two) so the commands for this were quite straightforward:

imapsync --host1 old_providers_host --user1 oldaccount --password1 oldpassword --port1 993 --ssl1 \
--host2 new_providers_host --user2 newaccount --password2 newpassword --ssl2 \--justfolders --dry "$@" --timeout 20 --delete2duplicates

The port setting were actually different and I had to explicitly activate SSL, but than it worked nicely. With the --dry option it just connects and does not really copy anything. I also liked to set the timeout lower, so that it fails quicker. Also to ensure I have no duplicates in my new home I added the last option.

After successful connection and testing I removed the options (--justfolders --dry "$@" --timeout 20) and let it copy the mailboxes.