No description
Find a file
2026-07-04 13:11:51 +03:00
docs added content 2026-07-04 12:26:38 +03:00
scripts added content 2026-07-04 12:26:38 +03:00
sysctl added content 2026-07-04 12:26:38 +03:00
systemd added content 2026-07-04 12:26:38 +03:00
.gitignore added content 2026-07-04 12:26:38 +03:00
LICENSE added content 2026-07-04 12:26:38 +03:00
README.md added manual about VNC connet 2026-07-04 13:11:51 +03:00

Raspberry Pi Internet Gateway

This repository contains a minimal Raspberry Pi Internet sharing setup based on a real field configuration.

The Raspberry Pi receives Internet access over Wi-Fi and shares it to a local Ethernet network. In this setup the Raspberry Pi works like a small router.

Real Tested Environment

  • Device: Raspberry Pi 4
  • Hostname during setup: pi4
  • SSH user: raymond
  • OS: Debian GNU/Linux / Raspberry Pi OS, 64-bit
  • Kernel from login banner: 6.18.34+rpt-rpi-v8
  • Architecture: aarch64
  • Wi-Fi connection: netplan-wlan0-MERCUSYS_1
  • Ethernet connection: netplan-eth0
  • Internet interface: wlan0
  • Local / camera interface: eth0
  • Raspberry Pi Ethernet IP: 192.168.1.1/24
  • NAT service: pi-internet-share.service

Network Topology

Internet / Wi-Fi router
        │
        │ Wi-Fi
        ▼
+----------------------------+
| Raspberry Pi 4             |
|                            |
| wlan0 = Internet uplink    |
| eth0  = 192.168.1.1/24     |
+----------------------------+
        │
        │ Ethernet
        ▼
+----------------------------+
| Computer / Embedded device |
| 192.168.1.x                |
| Gateway: 192.168.1.1       |
+----------------------------+

What This Setup Does

The Raspberry Pi forwards packets between eth0 and wlan0.

Devices connected to eth0 use the Raspberry Pi as their gateway. The Raspberry Pi then performs NAT masquerading through wlan0.

In practice:

  • The Raspberry Pi itself has Internet through Wi-Fi.
  • The camera or other device is connected to the Raspberry Pi Ethernet port.
  • The camera has an IP like 192.168.1.10.
  • The camera gateway is 192.168.1.1.
  • The Raspberry Pi rewrites outgoing packets so they can reach the Internet through Wi-Fi.

Files

raspberrypi-internet-gateway/
├── README.md
├── scripts/
│   ├── pi-internet-share.sh
│   └── install.sh
├── systemd/
│   └── pi-internet-share.service
├── sysctl/
│   └── 99-ip-forward.conf
└── docs/
    ├── troubleshooting.md
    └── commands-used.md

Configure Static Ethernet IP

On the Raspberry Pi, Ethernet is configured as 192.168.1.1/24.

The connection name in this real setup was:

netplan-eth0

Command:

sudo nmcli con mod netplan-eth0 \
  ipv4.addresses 192.168.1.1/24 \
  ipv4.method manual

Reconnect the interface:

sudo nmcli con down netplan-eth0
sudo nmcli con up netplan-eth0

Or reboot:

sudo reboot

After reboot, check from another Linux machine:

ping 192.168.1.1
ssh raymond@192.168.1.1

SSH Known Hosts Note

If 192.168.1.1 was previously used by another device, SSH may show:

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Fix it on the client machine:

ssh-keygen -R 192.168.1.1
ssh raymond@192.168.1.1

This happens because SSH remembers the old host key for that IP address.

Install Dependencies

The NAT script uses iptables.

On the tested Raspberry Pi, the first service start failed because iptables was missing:

/usr/local/sbin/pi-internet-share.sh: line 16: iptables: command not found

Install it:

sudo apt update
sudo apt install -y iptables

Enable IP Forwarding

Permanent setting:

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-ip-forward.conf
sudo sysctl --system

Check:

cat /proc/sys/net/ipv4/ip_forward

Expected:

1

Install Files Manually

Copy NAT script:

sudo cp scripts/pi-internet-share.sh /usr/local/sbin/pi-internet-share.sh
sudo chmod +x /usr/local/sbin/pi-internet-share.sh

Copy sysctl config:

sudo cp sysctl/99-ip-forward.conf /etc/sysctl.d/99-ip-forward.conf
sudo sysctl --system

Copy systemd service:

sudo cp systemd/pi-internet-share.service /etc/systemd/system/pi-internet-share.service
sudo systemctl daemon-reload
sudo systemctl enable --now pi-internet-share.service

Check service:

systemctl status pi-internet-share.service

Expected successful state:

Active: active (exited)

This is normal because the service is Type=oneshot. It runs the script, applies firewall rules, and exits successfully.

Automatic Install

From the repository directory:

sudo ./scripts/install.sh

Verify NAT Rules

sudo iptables -t nat -L -n -v
sudo iptables -L FORWARD -n -v

You should see a MASQUERADE rule for wlan0 and forwarding rules between eth0 and wlan0.

Verify Internet on Raspberry Pi

ping 8.8.8.8

The tested setup showed successful pings with around 22-27 ms latency.

Configure the Downstream Device

Example for camera or embedded device:

IP address : 192.168.1.10
Netmask    : 255.255.255.0
Gateway    : 192.168.1.1
DNS        : 1.1.1.1

Test from the device:

ping 192.168.1.1
ping 8.8.8.8
ping google.com

If ping 8.8.8.8 works but ping google.com does not, the problem is DNS.

mDNS / .local

The actual hostname during the setup was:

pi4

So the mDNS name should usually be:

pi4.local

To check current hostname:

hostname
hostnamectl
echo "$(hostname).local"

To set another hostname, for example raymond:

sudo hostnamectl set-hostname raymond

Install and enable Avahi:

sudo apt install -y avahi-daemon
sudo systemctl enable --now avahi-daemon

Then the Raspberry Pi should be reachable as:

raymond.local

or, if hostname stays pi4:

pi4.local

Important Nuances

Do not set the same IP on Wi-Fi and Ethernet

In this setup, Wi-Fi belongs to the upstream network, for example:

192.168.0.0/24

Ethernet is a separate local network:

192.168.1.0/24

This separation is important. If both sides use the same subnet, routing becomes ambiguous.

192.168.1.1 is used as the Raspberry Pi local gateway

Many routers also use 192.168.1.1. This is fine only if the Raspberry Pi Ethernet network is separate from the upstream Wi-Fi network.

In the tested setup, the Raspberry Pi was accessed first through Wi-Fi at:

192.168.0.206

Then Ethernet was configured as:

192.168.1.1

systemd service is active (exited)

This is expected.

The service is not a long-running daemon. It applies kernel and firewall settings and exits. RemainAfterExit=yes keeps systemd status as active.

Rules are applied at boot

The service is enabled with:

sudo systemctl enable --now pi-internet-share.service

At boot, it waits for network-online.target and then applies NAT rules.

Security Note

This setup is intended for a trusted local Ethernet segment. Any device connected to the Raspberry Pi Ethernet side can use it as a gateway if its network settings point to 192.168.1.1.

For field use this is usually acceptable, but for untrusted networks firewall restrictions should be added.

Quick Recovery Commands

Restart NAT:

sudo systemctl restart pi-internet-share.service

View logs:

journalctl -xeu pi-internet-share.service

Run script directly:

sudo /usr/local/sbin/pi-internet-share.sh

Check interfaces:

nmcli device status
ip addr
ip route

Enable VNC on Raspberry Pi and Connect from Linux

1. Enable VNC on Raspberry Pi

Open Raspberry Pi configuration:

sudo raspi-config

Go to:

Interface Options
└── VNC
    └── Yes

Exit raspi-config.

Verify that the VNC server is running:

sudo systemctl status wayvnc

On older Raspberry Pi OS versions:

sudo systemctl status vncserver-x11-serviced

If needed, reboot:

sudo reboot

2. Find the Raspberry Pi IP Address

hostname -I

Example:

192.168.1.1

If mDNS is configured, the Raspberry Pi may also be reachable as:

raspberrypi.local

or:

pi4.local

3. Install TigerVNC Viewer on Linux

Ubuntu/Debian:

sudo apt update
sudo apt install tigervnc-viewer

4. Connect to Raspberry Pi

Using the IP address:

vncviewer 192.168.1.1

Using mDNS:

vncviewer raspberrypi.local

or:

vncviewer pi4.local

You can also start the graphical application:

vncviewer

and enter:

192.168.1.1

or:

raspberrypi.local

5. Login

Enter the Raspberry Pi username and password when prompted.