Use Cell Phone As LAN Gateway

From Nearline Storage
Revision as of 16:17, 24 February 2021 by Dlk (talk | contribs) (Created page with "== Use Android Phone As LAN Gateway == I'd like to use my cell phone's data connection to backup my cable modem. In other words, when the cable goes out, I want to be able t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Use Android Phone As LAN Gateway

I'd like to use my cell phone's data connection to backup my cable modem. In other words, when the cable goes out, I want to be able to switch my main house router over to using my cell phone as its WAN network provider.

Like most, my cell phone has both wifi hotspot and USB tethering capabilities. My house router cannot make use of either of these. My solution, then, is to use a Raspberry Pi computer as an intermediate, "stacked" router in between my cell phone and my house router. The router's WAN port is connected to the Pi's ethernet port and the cell phone is tethered to one of the Pi's USB ports.

No changes are required on the cell phone, other than turning on the USB tethering feature. No changes are required on my router. It will pick up its connection details from a DHCP server running on the Pi. All that's required is to properly configure the Pi.

    1. Install Raspian

I installed the ["lite"](https://www.raspberrypi.org/software/operating-systems/) version of the Raspian distribution.

    1. Set up sshd for remote access

Connect the Pi to the existing LAN and access it via ssh.

Install your public key in /home/pi/,ssh/authorized keys

After confirming that access using your public key works, modify /etc/ssh/sshd_config to prohibit logins using passwords by uncommenting PasswordAuthentication no

    1. Upgrade and install additional packages

``` sudo apt update sudo apt update sudo apt install isc-dhcp-server dnsmasq vim dnsutils ```

    1. Disable unnecessary network ports opened by avahi-daemon

``` sudo systemctl stop avahi-daemon sudo systemctl disable avahi-daemon.socket sudo systemctl disable avahi-daemon ```

    1. Configure the ethernet port with a static address
        1. /etc/dhcpcd.conf

Leave the defaults in this file as is. Add a static address definition for the eth0 port: ``` interface eth0 static ip_address=10.254.239.1/24 ```

    1. Configure and start the isc-dhcp-server
        1. /etc/default/isc-dhcp-server

Set INTERFACESv4="eth0"

        1. /etc/dhcp/dhcpd.conf

``` default-lease-time 600; max-lease-time 7200; ddns-update-style none; authoritative; subnet 10.254.239.0 netmask 255.255.255.0 { 

 range 10.254.239.20 10.254.239.254;
 option broadcast-address 10.254.239.255;
 option routers 10.254.239.1;

} ``` Enable and start the isc-dhcp-server systemd service.

    1. Prevent ssh access to the Pi from the internet

Modify /etc/ssh/sshd_config<.code> and set ListenAddress 10.254.239.1

    1. Start the dnsmasq service

No configuration changes are required. Enable and start the dnsmasq systemd service.

    1. Set up forwarding in the kernel
        1. /etc/sysctl.d/97-dlk-router.conf

``` net.ipv4.ip_forward=1 ``` Then do sudo sysctl -p

    1. Create firewall script
        1. /etc/network/if-pre-up.d/iptables

```

  1. !/bin/sh
  1. Set up rules for a router that tethers my cell phone
  2. and acts as a replacement for the cable modem in my
  3. network when the cable goes out.
  5. There's wide open flow between the cell phone interface
  6. and the ethernet interface. We're only concerned about
  7. blocking external access to services on the router itself.
  1. usb0: the tethered cell phone

IF=usb0

  1. Set up masquerading in the nat table

/usr/sbin/iptables -t nat -F /usr/sbin/iptables -t nat -P PREROUTING ACCEPT /usr/sbin/iptables -t nat -P INPUT ACCEPT /usr/sbin/iptables -t nat -P OUTPUT ACCEPT /usr/sbin/iptables -t nat -P POSTROUTING ACCEPT /usr/sbin/iptables -t nat -A POSTROUTING -o $IF -j MASQUERADE

  1. Completely open access on all interfaces

/usr/sbin/iptables -F /usr/sbin/iptables -P INPUT ACCEPT /usr/sbin/iptables -P FORWARD ACCEPT /usr/sbin/iptables -P OUTPUT ACCEPT

  1. Block inbound ssh, dns, and dhcp traffic from the internet just
  2. to be safe (the daemons should already be ignoring these ports)

/usr/sbin/iptables -A INPUT -i $IF -p tcp --dport 22 -j DROP /usr/sbin/iptables -A INPUT -i $IF -p tcp --dport 53 -j DROP /usr/sbin/iptables -A INPUT -i $IF -p udp --dport 53 -j DROP /usr/sbin/iptables -A INPUT -i $IF -p udp --dport 67 -j DROP /usr/sbin/iptables -A INPUT -i $IF -p udp --dport 68 -j DROP ``` Then do chown 0:0 /etc/network/if-pre-up.d/iptables and chmod a+x /etc/network/if-pre-up.d/iptables. Run the script.

    1. Testing the router

Power on the Pi.

  • The Pi can be run headless but a monitor and keyboard make it easier to monitor the Pi and fix any problems that occur.

Connect a PC to the Pi's ethernet port. The PC should obtain an address in the 10.254.239.0/24 subnet from DHCP on the Pi. Make sure that this is only active connection on the PC, i.e., turn off any wireless connections the PC may have, etc.

Connect the cell phone to a USB port on the Pi and turn on its tethering function. You should be able to watch the Pi's log using journalctl -f and see the usb0 connection come up on the Pi.

The PC should now be able to use the internet as normal.

    1. Using the router

When the cable modem dies, unplug it from the home router.

Connect the home router to the Pi's ethernet port and power up the Pi.

  • The Pi can be run headless but a monitor and keyboard make it easier to monitor the Pi and fix any problems that occur.

Connect the phone to the Pi's USB port and turn on its tethering feature.

The devices on your LAN should now have network access as usual.

Know that the longer you run this way, the more astronomical will be your data charges on your cell phone bill.

Retrieved from "https://wiki.daveking.com/index.php?title=Use_Cell_Phone_As_LAN_Gateway&oldid=4485"