| When I started the company, we used the RPi as the WiFi Access Point. The trouble with them is that the built in WiFi module is pretty limited in its ability to handle many simultaneous users and to provide a robust signal throughout a space. You can buy 3rd party USB WiFi dongles, but I found that they have a high failure rate over their lifetime. i.e. not the most robust solution. If you go the RPi route, you may find the following script helpful. This will bridge the 3rd party dongle to the local network, isolate devices from communicating to private network IPs, and forward HTTP/S traffic through the Squid HTTP proxy service. (sorry about the formatting): #!/bin/bash set -e
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi # Set the proxy interface based on the presence of wlan0 or not if [ -e "/sys/class/net/wlan0/operstate" ] ; then
PROXY_INTERFACE=wlan0
else
PROXY_INTERFACE=eth0
fi PROXY_HTTP=3128 PROXY_HTTPS=3129 PROXY_NETWORK=`ip address show $PROXY_INTERFACE | grep 'inet .* brd ' | head -1 | sed -e 's/inet \(.\) brd.$/\1/' | sed -e 's/ //g'` # Allow traffic to the proxy's network iptables -A FORWARD -d ${PROXY_NETWORK} -j ACCEPT # Drop traffic forwarded to all other class A, B, and C private networks iptables -A FORWARD -m iprange --dst-range 10.0.0.0-10.255.255.255 -j REJECT iptables -A FORWARD -m iprange --dst-range 172.16.0.0-172.31.255.255 -j REJECT iptables -A FORWARD -m iprange --dst-range 192.168.0.0-192.168.255.255 -j REJECT # WiFi AP Only; Bridge WLAN to eth0 if [ $PROXY_INTERFACE = "wlan0" ]; then
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o $PROXY_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $PROXY_INTERFACE -o eth0 -j ACCEPT
fi# Let local Squid get out to HTTP/S iptables -t nat -A PREROUTING -s localhost -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -s localhost -p tcp --dport 443 -j ACCEPT # Forward all HTTP/S to Squid iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $PROXY_HTTP iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port $PROXY_HTTPS # drop direct connections to the squid proxy iptables -t mangle -A PREROUTING -p tcp --dport $PROXY_HTTP -j DROP iptables -t mangle -A PREROUTING -p tcp --dport $PROXY_HTTPS -j DROP |
My current idea is to invert the network connections and use the wireless to connect the RPi to my internal internet connection and the wired connection to serve out the internet to my neighbors. The main reason for this is the tp-link WIFI antenna I got for Xmas comes with a POE injector which will make outdoor installation much easier and I am assuming it will have an increased range over the built-in Rpi WIFI.
I found this Git which seems to go over the process of setting up a standard capture portal which after setting up, I am hoping will be fairly easy to swap the device IDs to achieve my goal.
https://github.com/TomHumphries/RaspberryPiHotspot