This tutorial will guide you through setting up a Raspberry Pi 4 as a WiFi Access Point (AP) and blocking specific DNS servers, using 8.8.8.8
as an example.
You're setting up a Raspberry Pi 4 as a WiFi Access Point (AP) to gain more control over your network, specifically to address limitations in your current router. The primary goal is to block specific DNS servers, like 8.8.8.8, which some devices, such as the Fire TV, use by default. By doing so, you aim to prevent these devices from bypassing your preferred DNS settings, which you've configured to block ads using Pi-Hole. This setup ensures a consistent ad-free experience across all devices connected to the AP, even if they have hardcoded DNS settings.
- Raspberry Pi 4 (tested) or similar.
- Raspbian OS (or similar) installed
- Internet connection via Ethernet
- Pi-Hole running as a Docker container (Note: Port 53 is already in use by Pi-Hole)
- Let's assume that I have two Pi-Hole(s) running at 192.168.1.82 and 192.168.1.81
# Update and install necessary packages
sudo apt update
sudo apt install hostapd dnsmasq
# Stop and disable the services for now
sudo systemctl stop hostapd
sudo systemctl stop dnsmasq
sudo systemctl disable hostapd
sudo systemctl disable dnsmasq
Configure a static IP for the wlan0
interface by editing /etc/dhcpcd.conf
and adding:
interface wlan0
static ip_address=192.168.10.1/24
nohook wpa_supplicant
Restart the dhcpcd
service:
sudo service dhcpcd restart
Configure hostapd
for the WiFi AP by editing /etc/hostapd/hostapd.conf
and adding:
interface=wlan0
driver=nl80211
ssid=Your_WiFi_Name
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Your_WiFi_Password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Now, tell hostapd
where to find the configuration:
sudo nano /etc/default/hostapd
Replace #DAEMON_CONF=""
with DAEMON_CONF="/etc/hostapd/hostapd.conf"
Configure dnsmasq
:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
Add:
interface=wlan0
dhcp-range=192.168.10.2,192.168.10.20,255.255.255.0,24h
dhcp-option=6,192.168.1.81,192.168.1.82
Enable and start the services:
sudo systemctl enable hostapd
sudo systemctl enable dnsmasq
sudo systemctl start hostapd
sudo systemctl start dnsmasq
sudo iptables -A FORWARD -d 8.8.8.8 -j DROP
sudo netfilter-persistent save
Edit /etc/sysctl.conf
and add or uncomment:
net.ipv4.ip_forward=1
Apply the changes:
sudo sysctl -p
Set up NAT:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo netfilter-persistent save
⏩ Troubleshooting (Expand to learn more) ⏩
If after setting up the WiFi AP on the Raspberry Pi, the client devices can connect to the WiFi but cannot access the internet:
-
Check IP Forwarding: Ensure that IP forwarding is enabled. You can check this with:
cat /proc/sys/net/ipv4/ip_forward
If it returns
0
, IP forwarding is disabled. Enable it with:echo 1 > /proc/sys/net/ipv4/ip_forward
-
Check NAT Rules: Ensure that the NAT rules are correctly set up in
iptables
. The NAT rule is responsible for translating addresses and allowing the connected devices to share the Raspberry Pi's internet connection. -
Restart Services: Sometimes, simply restarting the
dnsmasq
andhostapd
services can resolve connectivity issues:sudo systemctl restart dnsmasq sudo systemctl restart hostapd
If you've set up rules to block specific IP addresses (like 8.8.8.8) but devices can still access them:
-
Check iptables Rules: Ensure that the rules are correctly set in
iptables
. You can view the rules with:sudo iptables -L -n -v
-
Rule Order Matters: In
iptables
, the order of rules matters. If there's a rule allowing traffic to an IP before a rule blocking it, the allow rule will take precedence. Ensure that block rules are placed before any allow rules for the same IP.
To clear the app cache for all applications on your Fire TV:
-
Connect to the Fire TV via ADB:
adb connect 192.168.10.15
-
List all installed packages:
adb shell pm list packages
-
Clear cache for each package: For each package name (e.g.,
com.example.app
), run:adb shell pm clear com.example.app
Note: This command not only clears the cache but also clears the data for that app, resetting it to its default state. If you only want to clear the cache and not the data, find the cache directory for each app (typically in
/data/data/com.example.app/cache
or/data/user/0/com.example.app/cache
) and clear it manually with:adb shell rm -r /data/data/com.example.app/cache/*
Caution: Always be careful when using commands like rm -r
as they can delete directories and their contents. Ensure the path is correct before executing.
You should now have a Raspberry Pi 4 set up as a WiFi AP with specific DNS servers blocked. Connect your devices to this AP to benefit from the DNS blocking.