How to Turn Raspberry Pi into a Router

Last Updated: June 18th, 2026 Guoan Xiao (Admin)
0 Comment
Linux Server

If you want to turn a Raspberry Pi running Raspberry Pi OS (Debian-based) into a router, it is entirely feasible. Many homelab enthusiasts use this approach because it offers much more flexibility than a traditional router firmware like OpenWRT.

What You’ll Need

Hardware

  • A Raspberry Pi 4 (recommended) or newer
  • A microSD card or SSD with Raspberry Pi OS Lite
  • Two network interfaces:
    • One for WAN (Internet connection)
    • One for LAN (your home network)

The Raspberry Pi 4 has one built-in Gigabit Ethernet port (eth0), so you’ll usually add a USB 3.0 Gigabit Ethernet adapter for the second interface.

Example:

eth0 → WAN (modem/ONT)
eth1 → LAN (switch or Wi-Fi access point)

Network Topology

Internet
    │
ISP Modem / ONT
    │
   WAN
    │
┌────────────────┐
│ Raspberry Pi   │
│ Raspberry Pi OS│
└────────────────┘
    │
   LAN
    │
Switch / Wi-Fi AP
    │
Home Devices

Step 1: Install Raspberry Pi OS

Use Raspberry Pi OS Lite (64-bit).

Update the system:

sudo apt update
sudo apt full-upgrade -y
sudo reboot

Step 2: Assign a Static LAN Address

Assuming eth1 is your LAN interface.  First, verify that eth1 is managed by NetworkManager:

nmcli device status

You should see something like:

DEVICE  TYPE      STATE                   CONNECTION
eth0    ethernet  connected               Wired connection 1
eth1    ethernet  disconnected            --
lo      loopback  unmanaged               --

or:

DEVICE  TYPE      STATE                   CONNECTION
eth1    ethernet  connected               Wired connection 2

List existing connections:

nmcli connection show

Example output:

NAME                UUID                                  TYPE      DEVICE
Wired connection 1  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  ethernet  eth0
Wired connection 2  yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy  ethernet  eth1

Suppose eth1 uses the profile: Wired connection 2

For a LAN interface on a router, you usually do not specify a gateway, because this interface serves the local network. For example, to assign:

IP address: 192.168.10.1/24

run:

sudo nmcli connection modify "Wired connection 2" ipv4.method manual ipv4.addresses 192.168.10.1/24 ipv6.method ignore

Bring the connection back up.

sudo nmcli connection down "Wired connection 2"
sudo nmcli connection up "Wired connection 2"

Alternatively:

sudo nmcli device reapply eth1

Check the assigned address:

ip addr show eth1

You should see:

inet 192.168.10.1/24 scope global eth1

Step 3: Enable IP Forwarding

Edit:

sudo nano /etc/sysctl.d/60-custom.conf

Uncomment or add:

net.ipv4.ip_forward=1

Apply the change

sudo sysctl -p /etc/sysctl.d/60-custom.conf

Verify:

cat /proc/sys/net/ipv4/ip_forward

Expected output:

1

Step 4: Configure NAT (Internet Sharing)

Install UFW firewall

sudo apt install ufw

Allow SSH traffic.

sudo ufw allow 22/tcp

To configure IP masquerading, we have to add iptables command in a UFW configuration file.

sudo nano /etc/ufw/before.rules

By default, there are some rules for the filter table. Add the following lines at the end of this file.

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

# End each table with the 'COMMIT' line or these rules won't be processed
COMMIT

In Nano text editor, you can go to the end of the file by pressing Ctrl+W, then pressing Ctrl+V.

The above lines will append (-A) a rule to the end of of POSTROUTING chain of nat table. It will link your private network with the Internet, also hide your network from the outside world.

By default, UFW forbids packet forwarding. We can allow forwarding for our private network. Find the ufw-before-forward chain in this file and add the following 5 lines, which will accept packet forwarding if the source IP or destination IP is in the 192.168.10.0/24 (eth1 LAN) and 192.168.1.0/24 (eth0 upstream LAN) range.

# allow forwarding for trusted network
-A ufw-before-forward -s 192.168.10.0/24 -j ACCEPT
-A ufw-before-forward -d 192.168.10.0/24 -j ACCEPT
-A ufw-before-forward -s 192.168.1.0/24 -j ACCEPT
-A ufw-before-forward -d 192.168.1.0/24 -j ACCEPT

Save and close the file. Then enable UFW.

sudo ufw enable

If you have enabled UFW before, then you can use systemctl to restart UFW.

sudo systemctl restart ufw

Now if you list the rules in the POSTROUTING chain of the NAT table by using the following command:

sudo iptables -t nat -L POSTROUTING

You can see the Masquerade rule.

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination                  
MASQUERADE  all  --  192.168.10.0/24      anywhere

It can take some time for UFW to process the firewall rules. If the masquerade rule doesn’t show up, then restart UFW again (sudo systemctl restart ufw).

Step 5: Set Up a DHCP Server

Install ISC DHCP Server:

sudo apt install isc-dhcp-server

Specify the LAN interface:

sudo nano /etc/default/isc-dhcp-server

Set:

INTERFACESv4="eth1"

Save and close the file. Then configure DHCP:

sudo nano /etc/dhcp/dhcpd.conf

Add:

subnet 192.168.10.0 netmask 255.255.255.0 {
    range 192.168.10.100 192.168.10.200;
    option routers 192.168.10.1;
    option domain-name-servers 192.168.10.1;
    default-lease-time 600;
    max-lease-time 7200;
}

Enable the service:

sudo systemctl enable isc-dhcp-server
sudo systemctl restart isc-dhcp-server

Step 6: Configure DNS

A good choice is Unbound, a local recursive DNS resolver.

Install:

sudo apt install unbound

Your clients will then receive:

DNS Server = 192.168.10.1

Benefits include:

  • Improved privacy
  • Reduced reliance on third-party DNS providers
  • Local caching for faster responses

If you prefer more advanced functionality, you could also deploy:

Step 7 (Optional): Turn the Pi into a Wi-Fi Access Point

If you have a separate router, connect it into the LAN interface of Raspberry Pi and set the router into AP (Access Point) mode.

If you don’t have a separate wireless access point:

Install:

sudo apt install hostapd

Create a configuration similar to:

interface=wlan0
ssid=MyHomeWiFi
hw_mode=g
channel=6
wpa=2
wpa_passphrase=YourStrongPassword

However, for better performance and stability, many people prefer:

Raspberry Pi → Routing
Dedicated Router/AP → Wi-Fi

Step 8 (Optional): Add Advanced Features

Because you’re using Raspberry Pi OS instead of dedicated router firmware, you can run many additional services.

Ad Blocking

  • Pi-hole
  • AdGuard Home

VPN Gateway

This allows all devices on your network to use the VPN automatically.

If your Raspberry Pi runs a VPN client, and you want it to act as a VPN gateway to LAN clients. Then edit /etc/ufw/before.rules.

sudo nano /etc/ufw/before.rules

Add the following to the forwarding chain (supposing 10.10.10.0/24 is the VPN LAN).

-A ufw-before-forward -s 10.10.10.0/24 -j ACCEPT
-A ufw-before-forward -d 10.10.10.0/24 -j ACCEPT

And add the following to the NAT table (supposing the VPN interface is named tun0), so LAN traffic can be forwarded to the VPN interface.

-A POSTROUTING -s 192.168.10.0/24 -o tun0 -j MASQUERADE

Restart UFW.

sudo systemctl restart ufw

Intrusion Detection

  • Suricata
  • Snort

Monitor and detect suspicious traffic.

Policy-Based Routing

Examples:

Streaming services → ISP
Work traffic → VPN
Specific destinations → WireGuard tunnel

Using Linux tools such as:

ip rule
ip route

Performance Expectations

Raspberry Pi Model Typical Routing Performance
Pi 1 Experimental only
Pi 3B ~100–300 Mbps
Pi 4 ~800 Mbps to 1 Gbps NAT
Pi 5 2+ Gbps with suitable NICs

For most households:

  • 500 Mbps Internet: Pi 4 is more than sufficient.
  • 1 Gbps Internet: Pi 4 can usually handle it.
  • Multi-gigabit Internet: Pi 5 is the better choice.

Raspberry Pi OS vs OpenWrt

Feature Raspberry Pi OS OpenWrt
Flexibility Excellent Good
Ease of Use Moderate Excellent
Docker Support Excellent Limited
General Linux Applications Excellent Limited
Routing Features Very Good Excellent
Learning Value Excellent Good

Choose Raspberry Pi OS if you want:

  • A router that also runs Docker containers
  • DNS services (Pi-hole, Unbound, BIND)
  • VPN servers or gateways
  • Homelab applications

Choose OpenWrt if you want:

  • A dedicated router appliance
  • Maximum simplicity and stability
  • A web-based management interface

For many homelab users, the following architecture works extremely well:

ISP Modem / ONT
        │
 Raspberry Pi 4
 (Raspberry Pi OS)
        │
   Gigabit Switch
        │
 Dedicated Wi-Fi AP
        │
  Home Devices

This setup combines the flexibility of Linux with the reliability of dedicated wireless hardware.

Rate this tutorial
[Total: 0 Average: 0]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here

linux system security course LPIC 2

Featured Tutorials

pCloud 65% Off Cloud Storage

pcloud 2TB lifetime

VPS Hosting 30 Days Free Trial

Kamatera 30 days free trial