Learning Library

← Back to Library

Bypassing ISP Router Restrictions with Raspberry Pi

9mSpencer's DesksecuritytutorialintermediateWatch on YouTube ↗

Key Points

  • The building provides a “plug‑and‑play” community Wi‑Fi that blocks any user‑installed router, preventing the author from accessing local devices like Raspberry Pis, 3D printers, or hosting services.
  • After the ISP refused to allow a conventional router, the author decided to bypass the restriction by repurposing a Raspberry Pi as a custom router.
  • He installed a headless Raspberry Pi OS, used Network Manager to connect the Pi to the community Wi‑Fi and assign a static Ethernet IP, then set up DNSMasq to provide DNS forwarding and DHCP services for downstream devices.
  • This Pi‑based router forwards all traffic through the ISP’s network while keeping the author’s internal devices hidden from the ISP’s monitoring.
  • Full project files and instructions are available on his website (spensorsdesk.com) for anyone wanting to build a similar Raspberry Pi router.

Sections

Full Transcript

# Bypassing ISP Router Restrictions with Raspberry Pi **Source:** [https://www.youtube.com/watch?v=w8_IBJLNo04](https://www.youtube.com/watch?v=w8_IBJLNo04) **Duration:** 00:09:08 ## Summary - The building provides a “plug‑and‑play” community Wi‑Fi that blocks any user‑installed router, preventing the author from accessing local devices like Raspberry Pis, 3D printers, or hosting services. - After the ISP refused to allow a conventional router, the author decided to bypass the restriction by repurposing a Raspberry Pi as a custom router. - He installed a headless Raspberry Pi OS, used Network Manager to connect the Pi to the community Wi‑Fi and assign a static Ethernet IP, then set up DNSMasq to provide DNS forwarding and DHCP services for downstream devices. - This Pi‑based router forwards all traffic through the ISP’s network while keeping the author’s internal devices hidden from the ISP’s monitoring. - Full project files and instructions are available on his website (spensorsdesk.com) for anyone wanting to build a similar Raspberry Pi router. ## Sections - [00:00:00](https://www.youtube.com/watch?v=w8_IBJLNo04&t=0s) **DIY Raspberry Pi Router Bypass** - The speaker describes building a headless Raspberry Pi router to circumvent their apartment’s ISP rule that blocks personal routers, allowing private networking for devices such as 3D printers and a Minecraft server. - [00:03:37](https://www.youtube.com/watch?v=w8_IBJLNo04&t=217s) **Configuring DNSMasq and Enabling NAT** - The speaker sets the DNSMasq gateway and DNS forwarder to the router’s Ethernet IP, restarts the service, and explains that activating NAT will rewrite internal device requests to the router’s IP so they can access the internet. - [00:07:10](https://www.youtube.com/watch?v=w8_IBJLNo04&t=430s) **DIY Pi Router with OLED Stats** - The creator explains assembling a Raspberry Pi router enclosure equipped with OLED status screens, a toggle button, and a cooling fan, then sets up systemd services to display device and network statistics, completing the build and confirming stable operation. ## Full Transcript
0:00This is my brand new Raspberry Pi 0:01router. It connects to my apartment's 0:03Wi-Fi and forwards internet to all the 0:05devices behind it, hiding them from my 0:06ISP. But why am I hiding them from my 0:08ISP? So, about a year ago, my wife and I 0:11moved into our new apartment, and they 0:13provide a community Wi-Fi solution. That 0:15means that you don't need to set up 0:16routers or modems. You can just connect 0:18your devices instantly. Now, while this 0:20is great for the average resident, it 0:21means that I don't have the ability to 0:23configure my router and do any sort of 0:25networking things. So, I haven't been 0:27able to connect to devices over Wi-Fi, 0:29like Raspberry Pies, or update my 3D 0:31printers or even host something like a 0:33Minecraft server. So, I called up my ISP 0:35and I asked them if I could just connect 0:37my own router to the Ethernet port in 0:39our apartment and just, you know, use 0:41that as an access point to share Wi-Fi 0:43to my devices, but they said that they 0:45scan the network and kick off anything 0:47that looks like a router. So, that 0:49wasn't an option. Now, I was pretty 0:51defeated, but I went ahead using a 0:52router offline for a few months just to 0:55connect with my 3D printers. But one 0:56day, I decided that I had enough. I 0:59decided that I would figure out how to 1:00get around the no router rule. Enter the 1:03Raspberry Pi. Raspberry Pies are small 1:05single board computers that run Linux 1:07and can be used to do a variety of 1:09things. The first step was to choose an 1:11operating system for the Raspberry Pi. I 1:13decided to go with a headless version of 1:15Raspberry Pi OS. The light version of 1:17Raspberry Pi OS doesn't come with a 1:19desktop environment, so there's a lot 1:21less processing to be done by the CPU on 1:24the Raspberry Pi, and it comes with 1:26about a gigabyte less of packages and 1:28stuff. After booting it up and 1:30connecting a keyboard and monitor, I got 1:32it connected to the Wi-Fi by using a 1:34tool called Network Manager. Using 1:36Network Manager, I was able to list all 1:38the available Wi-Fi networks and connect 1:40to our community Wi-Fi. I also used it 1:42to give the Ethernet port of the Pi a 1:44static IP address, which will come in 1:45handy later. By the way, if you want to 1:48create your own Raspberry Pi router, 1:49check out my website, spensorsdesk.com. 1:52I've got all the project files and code 1:53there. Once I got connected to the 1:55internet, I unleashed the two most 1:58notorious commands known to Raspberry Pi 2:00users. 2:01Yeah, I updated the Pi. Once the Pi was 2:04updated, the next step was to install a 2:06tool called DNS Mask. This gives us the 2:09ability to create a DNS forwarder and a 2:11DHCP server. The DNS forwarder kind of 2:14acts like a DNS server like Google or 2:17Cloudflares. So when our Pi wants to 2:19reach out to a website like google.com, 2:22it sends that request to the DNS 2:24forwarder which sends that to a DNS 2:26server and then the DNS server says, 2:28"Oh, google.com is this IP address and 2:31returns it to the DNS forwarder." The 2:33DNS forwarder will cache that IP address 2:36and then return the IP address to the 2:39device that requested it. And then in 2:42the future, every time someone requests 2:44google.com's IP address, the DNS 2:47forwarder has it cached so it can um 2:49return it much faster and doesn't have 2:51to reach back out to the DNS server. The 2:53DHCP server, on the other hand, is what 2:56is actually acting as our router. It's 2:58handing out IP leases and getting 3:00devices connected. With DNS mask 3:02installed, I just needed to create a 3:04configuration file. First, I tell the 3:06DHCP server to only listen on the 3:08Ethernet port. So, it will only listen 3:10to devices that are physically connected 3:12to it. Next, I explicitly tell it not to 3:15listen on the wireless port. Next, I 3:17give the server a range of IP addresses 3:19that it can hand out. So, I went with 10 3:22to 100 for 12-hour leases. I think you 3:25can do anywhere from 2 to 255, but I 3:28wanted to reserve the first 10. Um, and 3:31I don't see myself needing more than 100 3:33devices, so I just went with 10 to 100. 3:36The final thing we need to configure 3:37with DNS mask is the IP address for both 3:40the um gateway and the DNS forwarder. 3:44The gateway is pretty much just the IP 3:46address of the router. You can think of 3:47it as that. And then the DNS forwarder 3:50will also be the router's IP. So since 3:53we assigned that IP address to the 3:55Ethernet port, we're just going to point 3:57the gateway and DNS forwarder to that 4:00Ethernet port. So now when a device is 4:02connected to the PI router, it will know 4:04that the PI router's Ethernet ports IP 4:08address is what it should be reaching 4:09out to. After finishing the 4:11configuration file for DNS mask, I just 4:13restarted and enabled the DNS mask 4:16service. And now we technically have a 4:18router. You're now able to connect from 4:20one device to another across the router. 4:23But we still aren't passing internet 4:26from the router connected to the 4:28internet to the devices behind it. To 4:30enable this, we need to use something 4:32calledNNAT or network address 4:34translation. So if I have a device here 4:37like a 3D printer or a Pi running a 3D 4:39printer and I have my router here, then 4:43if this wants to make a request to the 4:45internet, it will send a request to the 4:48router with its IP address. So, what the 4:51router needs to do is rewrite that 4:53request to have the router's IP address 4:56and then it sends that off to the 4:57community's Wi-Fi and then, you know, 5:00all of it is handled downstream. 5:02But right now, we're not doing that. So, 5:05network address translation is going to 5:08do the rewriting of that IP address. So, 5:10with the router rewriting all these IP 5:12addresses, it looks like the router is 5:14just a single device connected to the 5:16internet. This is called masquerading. 5:19We're going to do NAT by installing 5:21something called NF Tables. This is a 5:23packet filtering tool. You can think of 5:25it like a firewall. So after installing 5:27NF Tables, we just need to do a little 5:28bit of configuration. We're just writing 5:30a rule that says that the packets that 5:32go from our devices out of the router 5:34need to be masquerad. After that, we 5:36just need to enable IP forwarding in the 5:39Linux kernel and then we should be good. 5:41Now we have a router that functions 5:43perfectly well. But I wanted to take it 5:45a step further. So, I installed 5:46something called Tailcale on my Pi. 5:48Tailscale is a VPN or virtual private 5:51network. Not like the ones that you see 5:53advertised here on YouTube. It acts more 5:56like the Wi-Fi on our local network, 5:58kind of like the network I'm setting up 6:00with the Pi, but this network can 6:04be forwarded across the internet so that 6:08I can connect to that from any device. 6:11This means that if I want to, I can 6:13connect to my Pi router if I'm out 6:15somewhere at like a local coffee shop. 6:16As a final security measure, I 6:18configured NFT Tables to only allow port 6:2122 requests from the Ethernet port and 6:24from my tail. I did this so that in the 6:27weird case that someone was going 6:29through the community's network, um, 6:31they wouldn't have the ability to SSH 6:33into the Pi router across the community 6:35Wi-Fi. you would only be able to SSH in 6:38if you got into the tailet or if you 6:40physically connected to the router. So 6:42now the router is done. It is doing 6:45exactly what I needed it to. It is 6:46connecting my devices to the internet 6:49and my ISP has not yet kicked it off the 6:51network. I can also connect to it from 6:53anywhere in the world and do whatever I 6:55like on it. But even though I had the PI 6:57router set up, I wasn't quite satisfied 6:59yet. It felt pretty unpolished. So, I 7:02hopped into Fusion 360 and after 7:04printing out a few iterations, I landed 7:06on this design. 7:11I also ended up getting these small OLED 7:13screens to display like device stats and 7:16network stats on the case itself just to 7:18see how well the Pi was running and if 7:20the network was still up. But mostly, I 7:22added it because screens are cool. I 7:24also ended up adding a small button to 7:26the case and a knock to a fan to keep 7:28everything cool. After getting the pie 7:30mounted and everything wired up, I 7:32closed it up with the lid. 7:35Now, I know for a router that this seems 7:37pretty big, but it's nowhere near as big 7:38as Yama. 7:40[Music] 7:42So, with the router assembled, it was 7:43time to work on the software to run the 7:45screen to display the stats of the Pi. I 7:48just wanted a couple of scrolling pages 7:49to show how the Pi was doing, how much 7:51traffic there was on the network, and 7:53whether things were healthy or not. I 7:55also wanted a button to toggle the 7:56screen on and off, but somewhere along 7:59the way, I ended up deciding to add a 8:00Raspberry Pi screen saver as well. So, 8:03there's that. The final step was to have 8:06that screen script run every time the Pi 8:08was booted and to turn off when the Pi 8:10was shut down. This was simply done by 8:12creating a service in systemd and adding 8:15a small little power down script. And 8:17with that, the Pi router was finally 8:19complete. I've left it running for a few 8:21days now and have had a few computers 8:23connected to it streaming video and the 8:26Pi really hasn't gotten above about 42 8:28C, which is very respectable. I can't 8:30tell you how excited I am to get all of 8:32my devices and printers connected back 8:35to the internet. If you want to learn to 8:37create your own Raspberry Pi router, 8:39then check out my website. I've got 8:40links to the code for the screen, the 3D 8:43models for the case, and all of the 8:45different commands I had to run to get 8:47everything installed on the Pi. If you 8:49enjoyed this video, then I'd appreciate 8:50if you'd leave a like and subscribe so 8:52you don't miss future projects. And if 8:53you're looking for something else to 8:54watch, check out this video where I 8:56programmed my 3D printer to play Furiss 8:59and came up with an entirely unnecessary 9:01programming language to program music. 9:04Thanks for watching. Bye.