Disclaimer: This guide was automatically translated by AI from the German original. Please verify commands and technical details before using them.
Back to overview: Raspberry Pi guides
Foreword: The DHCP server is installed on a Raspberry Pi with the interfaces eth0 and wlan0. wlan0 connects to the public network, while eth0 manages the internal network.
First, install the DHCP server:
sudo apt install isc-dhcp-server -y
After installation, specify the interface on which the DHCP server should run. Before that, create a backup of the configuration file:
sudo cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.back
Now edit the file:
nano /etc/default/isc-dhcp-server
Enter the interface for the internal network under INTERFACESv4:
INTERFACESv4="eth0"
Save the file and close the editor.
Before configuring, create another backup:
sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.back
Open the configuration file:
nano /etc/dhcp/dhcpd.conf
Define the IP address ranges by adding the following lines at the end of the file:
# eth0
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.10 10.0.0.60;
interface eth0;
option routers 10.0.0.1;
}
Make sure the DNS servers at the top of the file are set to the desired values. For example, I use the DNS servers 8.8.8.8 and 8.8.4.4:
# option definitions common to all supported networks...
option domain-name "example.ldap";
option domain-name-servers 8.8.8.8, 8.8.4.4;
Save the file and close the editor.
Now assign a static IP address to the internal interface. Open the configuration file:
nano /etc/dhcpcd.conf
Add the following lines at the end of the file to set the IP address for eth0:
interface eth0
static ip_address=10.0.0.1/24
Warning: With the latest Raspbian image (2025-05-11), the IP address is assigned via NetworkManager:
nmcli con add type ethernet ifname eth0 con-name eth0-static ipv4.addresses 10.0.0.1/24 ipv4.method manual ipv4.dns "8.8.8.8 8.8.4.4" connection.autoconnect yes
nmcli con up eth0-static
Save the file and close the editor.
To allow the internal devices to access the public network, IP forwarding must be enabled. Create a backup of the configuration file:
cp /etc/sysctl.conf /etc/sysctl.conf.back
Open the file:
nano /etc/sysctl.conf
Search for the following line and remove the comment character (#) to enable IP forwarding:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Save the file and close the editor.
Install the iptables tools:
apt-get install iptables-persistent
Edit the rules.v4 file:
nano /etc/iptables/rules.v4
Replace the entire content with the following code. Make sure to adjust the interfaces to your configuration:
*nat
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
# allow ssh so we do not lock ourselves out
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT
# allow incoming traffic that belongs to outgoing connections, e.g. for clients from the internal network
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# block everything else incoming
-A INPUT -i wlan0 -j DROP
COMMIT
Save the file and close the editor. Load the new iptables rules:
iptables-restore < /etc/iptables/rules.v4
Start the DHCP server:
service isc-dhcp-server start
The DHCP server is now ready, and your devices in the internal network can automatically receive an IP address.