Raspberry Pi Firewall and Router with DF Robot Dual NIC

I’m setting up a new Raspberry Pi Firewall / Router. This is going to be a dual NIC system based upon the DF Robot Dual NIC combined with the Raspberry Pi Compute Module 4. This will replace my existing router that is based on an original Pi with a USB NIC.

• Linux Firewall and Router with NAT - This is my general guide for setting up a Linux system as a firewall / router.
• OLD - Raspberry Pi Router Firewall - This is my first Raspberry Pi Firewall / Router that I’ve been running until about October 2021.
• Raspberry Pi - DNS and DHCP Server - I setup a separate DNS / DHCP server using a Raspberry Pi in this guide.

Firewall Router Setup

I initially attemted to use Raspberry Pi OS. It was able to recognize the first NIC but not the second. It looked like setting up the driver might require significant amount of effort ( it might not ) so I decided to try Ubuntu instead.

I used Ubuntu Server for Raspberry Pi which I downloaded HERE.

I unpacked the image like this:

xz -d -v ubuntu-20.04.3-preinstalled-server-arm64+raspi.img.xz

I wrote the image to SD card using etcher.

Interfaces:

• Internal Network: eth0
• External Network: eth1

I initially connected to the right most NIC (eth0). The second NIC doesn’t show up with ifconfig/ip commands but it is visible with the lspci command. I needed to install the drivers for it.

Install the driver for the second NIC:

sudo apt update
sudo apt install r8168-dkms
sudo reboot

Install net-tools because these can be useful.

sudo apt install net-tools

Just login as root because most of these commands require root privileges anyway.

sudo su -

Uncomment this line to enable kernel forwarding:

vi /etc/sysctl.conf

net.ipv4.ip_forward=1

Verify:

sysctl -p

Setup IPTables Forwarding and Masquerading:

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i  eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Make sure that IPTables rules are persistent:

apt update -y
apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4

Disable cloud network config so that it doesn’t overwrite the Netplan config:

vi /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

network: {config: disabled}

Remove the existing Netplan configuration:

rm 50-cloud-init.yaml 

Setup the interfaces. One with a static IP and one using DHCP.

vi /etc/netplan/00-custom-config.yaml

network:
 version: 2
 renderer: networkd
 ethernets:
   eth1:
     dhcp4: true
   eth0:
     dhcp4: no
     addresses: [192.168.3.1/24]
     

Raspberry Pi Firewall / Router Video

This is our video showing how I setup the DF Robot Dual NIC with the Raspberry Pi Compute Module.

Jeff Geerling

Here is a video by Jeff Geerling showing the DF Robot Dual NIC. This is the video that I originally found this component in.