Raspberry Pi DHCP Server Setup

Home | Miscellaneous | Pi | DHCP

Sonora Computer Repair
A subsidiary of Charles Varvayanis

Since 1990
(209) 586-3782
charles@varvayanis.com

Raspberry Pi DHCP Server Setup

Step-by-step instructions for setting up a DHCP server using DNSMasq with Raspberry Pi Connect, SSH, VNC, TeamViewer and a Firewall.

These procedures apply to Raspberry Pi 5, 4 or 3 with Raspberry Pi OS (64-Bit), (32-Bit) or (Legacy, 32-Bit) with or without the DHCP Server, Raspberry Pi Connect, SSH, VNC, TeamViewer and/or a Firewall.

General Notes

1. General: The procedures below are optimized for setting up a DHCP server on a Raspberry Pi 5, 4 or 3 with Raspberry Pi OS (64-Bit), (32-Bit) or (Legacy, 32-Bit) connected via Ethernet. DNSMasq was selected as the DHCP Server service because it tends to have the best support of the popular DHCP servers available for Raspberry Pi: DNSMasq, ISC DHCP and Pi-Hole. It is important to note that ISC DHCP reached End-of-Life (EOL) as of October 2022 and is no longer updated or supported, having been replaced by ISC Kea. ISC Kea is very good, but but is too resource intensive for use with typical Raspberry Pi configurations. Management connectivity is provided via Raspberry Pi Connect, SSH, TeamViewer and/or VNC. A firewall is included. While Ethernet connections are highly recommended for DHCP Server applications, a Wi-Fi connection can be used by setting up Wi-Fi in the section below "Load the Raspberry Pi OS onto a Micro SD Card" and by substituting your Wi-Fi Connection for "Wired Connection 1" in the section below "Change the Raspberry Pi IP address and network settings using the Raspberry Pi Desktop Interface (GUI), NetworkManager User Interface (UI), or Command Line Interface (CLI)".

2. Internet access during setup: Many of the steps below assume and require the target Raspberry Pi is connected to a network with access to the Internet and a DHCP server is on the network configured for DHCP clients to access the Internet. This is the standard and/or default configuration for most networks, so in most cases nothing additional will need to be done.

3. Management Connectivity Options: Certain Management Connectivity options below can be selectively omitted by not implementing the steps in any of these sections below: "Install or update and setup Raspberry Pi Connect", "Install and configure TeamViewer", "Enable SSH" and/or "Enable and Configure VNC. Raspberry Pi Connect and/or SSH can be omitted while configuring the Raspberry Pi Imager in the "Load Raspberry Pi OS onto a Micro SD Card" section below. Important note about Raspberry Pi Connect and TeamViewer: Both screen sharing programs can exist on a Raspberry Pi without interfering with each other, but the Raspberry Pi Connect screen sharing program requires Wayland (Remote Graphics Support A.K.A. compositor) and TeamViewer currently uses only the older X11 (compositor). Raspberry Pi Connect Remote shell does not use the compositor and will work with either compositor in use. It is posable to switch between Wayland and X11, however a reboot may be required. Raspberry Pi Connect is recommended for typical users, while TeamViewer may be more attractive to more experienced users.

4. Firewall Option: A firewall on the Raspberry Pi in this type of implementation is usually not required. However, in cases where the Raspberry Pi is connected to a public network, running a firewall on the Raspberry Pi is advisable. Raspberry Pi OS includes iptables, an IP packet filter, however it is disabled by default. UFW (Uncomplicated FireWall) is a firewall user interface for use with iptables. UFW together with iptables provide basic firewall features, but lack more sophisticated firewall features and protections. The firewall on the Raspberry Pi can be omitted by not implementing the steps in the section below: "Install UFW and configure the firewall".

Notice about updates, upgrades and installations failing due to repository or network congestion or outages

Occasionally updates, upgrades and installations fail due to repository or network congestion or outages. Sometimes there is an appropriate message saying as such, sometimes a missing file is reported, and sometimes there is just a failure message without an explanation. When this occurs, simply run the command again. If that does not solve the issues immediately, try again later.

Skip past Raspbery Pi OS and optional components setup:

Install and configure the DHCP server - DNSMasq

Display DHCP Leases (Optional)

Raspberry Pi OS Documentation

https://www.raspberrypi.com/documentation/computers/os.html

Download and Install the Raspberry Pi Imager onto a Windows PC, Mac, Rapberry Pi or Linux Computer

Download the Raspberry Pi Imager

https://www.raspberrypi.com/software

Install the Raspberry Pi Imager

Run the downloaded file and follow the installation instructions.

Load the Raspberry Pi OS onto a Micro SD Card

Connect the target Micro SD Card

Connect the target Micro SD Card to a computer with the Raspberry Pi Imager installed.

Open the Raspberry Pi Imager

Select the Desired Options

APP OPTIONS | (Located near the lower left corner of the window)

Play sound when finished | Off

Eject media when finished | On

Enable anonymous statistics (telemetry) | On

Disable warnings | Off

[SAVE]

Device |

Select your Raspberry PI device |

<Your Raspberry Pi model>
Example:
Raspberry Pi 5

[NEXT]

OS |

Choose operating system |

<Select the desired operating system>
(Raspberry Pi OS, preferrably (64-bit) for this configuration)
Example:
Raspberry Pi OS (64-bit)

[NEXT]

Storage |

Select your storage Device |

Exclude system drives | Checked

<Select the target storage Device>
Example:
Generic-SD/MMC USB Device

[NEXT]

Customisation |

Hostname |

<Enter your hostname>
(This gives the Raspberry Pi a name)
Example:
Pi-0001

[NEXT]

Localisation |

Capital city:
<Select your Wi-Fi Country>
Example:
Washinton, D.C. (United States)

Time zone:
<Select your time zone>
Example:
America/Los_Angels

Keyboard layout:
<Select your keyboard layout>
Example:
us

[NEXT]

User |

Username:
<Enter your username>
(This gives the Raspberry Pi a username)
Example:
pi

Password:
<Enter your password>
(This gives the Raspberry Pi a password)
Example:
PiPassword

Confirm password:
<Re-enter your password>
(This confirms the Raspberry Pi password)
Example:
PiPassword

[NEXT]

Wi-Fi |

[SECURE NETWORK]

SSID:
<Network name>
This field can be ignored for Ethernet only installations.

Password:
<Network password>
This field can be ignored for Ethernet only installations.

Confirm password:
<Re-enter password>
This field can be ignored for Ethernet only installations.

Hidden SSID | Un-Checked

[NEXT]

Remote access |

Enable SSH | On
(Optional - See "General Notes" 3. near the top of this document)

Use password authentication | Selected

[NEXT]

Raspbery Pi Connect |

Enable Raspbery Pi Connect | On
(Optional - See "General Notes" 3. near the top of this document)

[OPEN RASPBERRY PI CONNECT]

"Sign in with Raspberry Pi ID" or "create one for free"

Create auth key and launch Raspberry Pi Imager

Go back to the "Raspberry Pi Imager" window if it did not go there automaticly

[NEXT]

Writing |

[WRITE]

You are about to ERASE all data on: Generic-SD/MMC USB Device |

[I UNDERSTAND, ERASE AND WRITE]

When the message "Write Complete" is displayed | [FINISH]

Remove the Micro SD card from the reader.

Insert the Micro SD Card into the Target Raspberry Pi

Be certain the Target Raspberry Pi is powered off.

Insert the Micro SD Card loaded with the Raspberry Pi OS into the target Raspberry Pi 5, 4 or 3. Note: It inserts up-side-down (contacts up) into the Raspberry Pi.

Power on the Raspberry Pi.

It is typical for the Raspberry Pi to reboot one to three times the first time it is powered up before it is ready for its first use. This often takes three to five minutes.

Connect to the target Raspberry Pi

Via Raspberry Pi Connect Remote shell or Raspberry Pi Connect Screen share then open a Terminal window.

https://www.raspberrypi.com/software/connect

- or -

Via a Display, Keyboard and Mouse, then open a Terminal window.

- or -

Via SSH

Determine the target Raspberry Pi IP Address:

Via Raspberry Pi Connect Remote shell or Raspberry Pi Connect Screen share then open a Terminal window.

https://www.raspberrypi.com/software/connect
sudo hostname -I
- or -

Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.

sudo hostname -I
- or -

Use an IP Scanner tool such as Advanced IP Scanner on a PC or alike to locate the DHCP IP Address assigned to the Raspberry Pi.

https://www.advanced-ip-scanner.com
- or -

Login to your router and examine the DHCP assignments, sometimes labeled "Connected Devices" or similar.

Use SSH via a tool such as PuTTY to connect to the Raspberry Pi.

https://putty.software/

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

https://www.putty.org

Connect using the IP address determined above or URL of the target Raspberry Pi.

Note: The first time a connection is made, a security warning may be displayed | Yes

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Update the Raspberry Pi 4 or Pi 5 EEPROM Version

Note: This tool only works with Raspberry Pi 4 or Pi 5. Raspberry Pi 3B+ and below have a ROM that can not be updated.

Check if the Raspberry Pi 4 or Pi 5 EEPROM should be updated

sudo rpi-eeprom-update -a

Update the Raspberry Pi 4 or Pi 5 EEPROM if required.

Install or update and setup Raspberry Pi Connect (Optional)

Notes:

Raspberry Pi Connect runs on Raspberry Pi OS bookworm (debian 12), trixie (debian 13) and above, older versions of Raspberry Pi OS are not supported. Raspberry Pi Connect is installed by default in newer Raspberry Pi OS bookworm (debian 12) installations, all trixie (debian 13) and above installations, but is disabled by default. However, it could have been enabled and setup during SD card setup as an option in Raspberry Pi Imager 2.0 (released in November 2025) and above. If it was enabled and setup in Raspberry Pi Imager, it sould not require being enabled and setup here. There is no danger in enabeling and seting it up it here as well.

See "General Notes" 3. near the top of this document.

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Install or update Raspberry Pi Connect as required

sudo apt install rpi-connect

Setup Raspberry Pi Connect

rpi-connect signin

"rpi-connect signin" will return a message similar to:

"Complete sign in by visiting https://connect.raspberrypi.com/verify/XXXX-XXXX"

Paste or type the provided URL into a browser on any device.

"Sign in with Raspberry Pi ID" or "Create one for free"

The Raspberry Pi has been automticaly added to your account when you see the message below on the Raspberry Pi:

✓ Signed in

Connect to the target Raspberry Pi via Raspberry Pi Connect (Optional)

https://www.raspberrypi.com/software/connect

Usefull Raspberry Pi Connect Commands (Optional)

Raspberry Pi Connect Diagnostics

rpi-connect doctor

Disable Raspberry Pi Connect

rpi-connect off

Enable Raspberry Pi Connect

rpi-connect on

Install and configure TeamViewer (Optional)

See "General Notes" 3. near the top of this document.

Install TeamViewer

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Download and install TeamViewer - Select one of the four configurations below:

1) TeamViewer Full Client installation with a 64-Bit OS:

Download TeamViewer

wget https://download.teamviewer.com/download/linux/teamviewer_arm64.deb

Install TeamViewer

(Errors during installation are normal and can usually be ignored.)
sudo dpkg -i teamviewer_arm64.deb

2) TeamViewer Full Client installation with a 32-Bit OS:

Download TeamViewer

wget https://download.teamviewer.com/download/linux/teamviewer_armhf.deb

Install TeamViewer

(Errors during installation are normal and can usually be ignored.)
sudo dpkg -i teamviewer_armhf.deb

3) TeamViewer Host installation with a 64-Bit OS:

Download TeamViewer

wget https://download.teamviewer.com/download/linux/teamviewer-host_arm64.deb

Install TeamViewer

(Errors during installation are normal and can usually be ignored.)
sudo dpkg -i teamviewer-host_arm64.deb

4) TeamViewer Host installation with a 32-Bit OS:

Download TeamViewer

wget https://download.teamviewer.com/download/linux/teamviewer-host_armhf.deb

Install TeamViewer

(Errors during installation are normal and can usually be ignored.)
sudo dpkg -i teamviewer-host_armhf.deb

Download and install additional OS components needed by TeamViewer

(This corrects for the errors above, if any.)
sudo apt --fix-broken install -y

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Configure TeamViewer

Set the TeamViewer password

sudo teamviewer passwd <DefineYourTeamViewerPassword>
Example:
sudo teamviewer passwd MyPassword

Ensure the TeamViewer service has started

sudo teamviewer --daemon start

Accept TeamViewer Licensing only, but do no additional configuration from this setup tool

sudo teamviewer setup

Are you a resident of the Republic of Korea? (y/n) | n

Accept License Agreement? (y/n) | y

Abort the TeamViewer setup at this poit by pressing Control-C (Pressing the "Control" key and "C" key at the same time).

Obtain and record the TeamViewer ID (Note: This only provides the TeamViewer ID if it is connected to the Internet)

sudo teamviewer info

The TeamViewer ID is displayed twice near the top of the TeamViewer information. Record the TeamViewer ID for you records.

Disable Wayland (Remote Graphics Support) and switch to the older X11 (Remote Graphics Support) because TeamViewer does not yet work with Wayland (Note: Wayland is not enabled on Raspberry Pi OS (Legacy) by default)

Reboot the Raspberry Pi to get TeamViewer working. Note: "sudo teamviewer --daemon restart" or "sudo systemctl restart teamviewerd" do not get TeamViewer working

sudo reboot

Since TeamViewer should now be working, a connection to the Raspberry Pi GUI should be possible via the TeamViewer client by using the TeamViewer ID of the target Raspberry Pi, obtained above.

Set TeamViewer to accept incoming LAN connections, i.e., add the additional methods of connecting to TeamViewer via IP address or URL (Optional):

Using TeamViewer from another machine, connect to the Raspberry Pi using the TeamViewer ID of the target Raspberry Pi, obtained in the section above.
- or -
Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.

From the Raspberry Pi GUI open TeamViewer by clicking on the TeamViewer icon in the right side of the Task Bar at the top of the Raspberry Pi desktop.

Close or cancel any windows that appear asking for Username and/or password.

Click on "Extras" in the left side of the TeamViewer Menu Bar at the top of the TeamViewer window.

Click on "Options". It opens to the "General" window.

In the "General" window, click on the "Incoming LAN connections" drop down list and select "accept".

Click on the "Close" Button

Reboot required for Raspberry Pi 4 and 5. When this is displayed: "The changes you have made require the Raspberry Pi to be rebooted to take effect. Would you like to reboot now?" | Yes

Connect to the target Raspberry Pi via TeamViewer (Optional)

Use TeamViewer to connect to the Raspberry Pi

https://www.teamviewer.com
Connect using the TeamViewer ID, IP address or URL of the target Raspberry Pi.

Enable SSH (Optional)

Notes:

SSH is preinstalled in Raspberry Pi OS, but is disabled by default. However, it may have been enabled as an option in Raspberry Pi Imager during SD Card setup. If you are uncertain, there is no danger in enabeling it here as well.

See "General Notes" 3. near the top of this document.

Port used by SSH: 22, Type TCP

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Enable SSH

Via Raspberry Pi Config

sudo raspi-config

Interface Options | SSH | Yes | OK | Finish | Yes

- or -

Via the Raspberry Pi GUI (Desktop)

Connect to the target Raspberry Pi via SSH (Optional)

Determine the target Raspberry Pi IP Address:

Via Raspberry Pi Connect Remote shell or Raspberry Pi Connect Screen share then open a Terminal window.

https://www.raspberrypi.com/software/connect
sudo hostname -I
- or -

Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.

sudo hostname -I
- or -

Use an IP Scanner tool such as Advanced IP Scanner on a PC or alike to locate the DHCP IP Address assigned to the Raspberry Pi.

https://www.advanced-ip-scanner.com
- or -

Login to your router and examine the DHCP assignments, sometimes labeled "Connected Devices" or similar.

Use SSH via a tool such as PuTTY to connect to the Raspberry Pi.

Enable and Configure VNC (Optional)

Notes:

VNC is preinstalled in Raspberry Pi OS, but is disabled by default.

See "General Notes" 3. near the top of this document.

Port used by VNC: 5900, Types TCP and UDP

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Enable VNC and Set VNC Display Resolution

Via Raspberry Pi Config

sudo raspi-config

Interface Options | VNC | Yes | OK | Display Options | VNC Resolution | 1024x768 | OK | Finish | Yes

- or -

Via the Raspberry Pi GUI (Desktop)

Click on "Start" (Raspberry) On the left side of the Task Bar at the top of the Raspberry Pi desktop
Click on "Preferences"
Click on "Control Centre"
Click on the "Interfaces"
Click on the "VNC:" | On
Click on the "Display"
Click on the "Headless Resolution:" | "1024x768"
Click on the "Close" Button
When this is displayed: "The changes you have made require the Raspberry Pi to be rebooted to take effect. Would you like to reboot now?" | Yes

Connect to the target Raspberry Pi via VNC (Optional)

Determine the target Raspberry Pi IP Address:

Via Raspberry Pi Connect Remote shell or Raspberry Pi Connect Screen share then open a Terminal window.

https://www.raspberrypi.com/software/connect
sudo hostname -I
- or -

Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.

sudo hostname -I
- or -

Use an IP Scanner tool such as Advanced IP Scanner on a PC or alike to locate the DHCP IP Address assigned to the Raspberry Pi.

https://www.advanced-ip-scanner.com
- or -

Login to your router and examine the DHCP assignments, sometimes labeled "Connected Devices" or similar.

Use a tool such as RealNVC Viewer to connect to the Raspberry Pi

https://www.realvnc.com/en/connect/download/viewer (Free / Recommended)

https://www.realvnc.com/en/connect/plan/lite (Free)

https://www.realvnc.com/en/connect/download/combined (Paid)

https://www.realvnc.com

Connect using the IP address or URL of the target Raspberry Pi.

Note: The first time a connection is made, a security warning may be displayed | Continue

Install and configure the DHCP server - DNSMasq

Notes:

DNSMasq manual page: https://manpages.debian.org/trixie/dnsmasq-base/dnsmasq.8.en.html

DNSMasq's DNS server is disabled in this configuration.

Ports used by DHCP: 67 and 68, Type UDP

Install DNSMasq

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Download and install DNSMasq

sudo apt install dnsmasq

Configure DNSMasq

Edit the DNSMasq configuration file using either Mousepad in the Raspberry Pi GUI or nano via SSH or Terminal

Launch Mousepad from Terminal in the Raspberry Pi GUI (Desktop)

sudo mousepad /etc/dnsmasq.conf
- or -

Launch nano via SSH or Terminal

sudo nano /etc/dnsmasq.conf

Disable the Integrated DNS Server

Uncomment and edit:
#port=5353 → port=0
Example:
port=0

Set the DHCP Range, Subnet Mask, and Lease Time

Uncomment and edit:
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h → dhcp-range=<YourDHCPStartingAddress>,<YourDHCPEndingAddress>,<YourSubnetworkMask>,<YourDHCPLeaseTimeInHours>
Example:
dhcp-range=192.168.0.100,192.168.0.249,255.255.255.0,12h

Set the Default Gateway

Uncomment and edit:
#dhcp-option=3,1.2.3.4 → dhcp-option=3,<YourDefaultGateway>
Example:
dhcp-option=3,192.168.0.1

Specify one or more DNS Servers

Add this line to bottom of the file:
dhcp-option=6,<DNSServer1>,<DNSServer2>,<DNSServer...>
Example:
dhcp-option=6,8.8.8.8,8.8.4.4

Add DHCP Reservations (Optional)

Add or uncomment and edit:
#dhcp-host=11:22:33:44:55:66,192.168.0.60 → dhcp-host=<DeviceMACAddress>,<DeviceIPAddressReservation>
Note: The DeviceIPAddressReservation must fall within the "dhcp-range" configured above.
Example:
dhcp-host=ac:1b:fc:32:b6:cd,192.168.0.200

Save and close mousepad

File| Save [Ctrl+S] and File | Quit [Ctrl+Q] or X out
- or -

Save and close nano

Press CTRL + X and then press y and ENTER to save changes

Restart DNSMasq

sudo service dnsmasq restart

Display DHCP Leases (Optional)

Display DHCP Leases from Terminal or SSH

Open a Terminal window or SSH into the Raspberry Pi.

Enter the DHCP Leases command

cat /var/lib/misc/dnsmasq.leases

Display DHCP Leases from a Shell Script on the Desktop

Download "DHCP Leases.sh" to the Desktop

wget -P /home/pi/Desktop "https://www.varvayanis.com/miscellaneous/Raspberry Pi/Raspberry Pi DHCP Server Setup/DHCP Leases.sh"

Add the execute permission to "DHCP Leases.sh".

sudo chmod +x "/home/pi/Desktop/DHCP Leases.sh"

Double click on "DHCP Leases.sh" to display leases.

Change the Raspberry Pi IP address and network settings using the Raspberry Pi Desktop Interface (GUI), NetworkManager User Interface (UI), or Command Line Interface (CLI)

Note: While the steps below are specific to setting the IP Address of the Ethernet Port, they can be used for setting the IP Address of a Wi-Fi connection by substituting the references to "Wired Connection 1" with your Wi-Fi Connection.

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Enable NetworkManager on Raspberry Pi OS (Legacy) only. Note: NetworkManager is already enabled by default on Raspberry Pi OS (64-bit) and (32-Bit).

Enable NetworkManager

Note: The Subnetwork Mask is expressed in Slash Notation along with an IP Address in certain areas of this section.

Network Subnetwork Mask and Slash Notation Relationships

Class	Mask	Slash	Nodes
A	255.000.000.000	/8	16777214
B	255.255.000.000	/16	65534
B	255.255.128.000	/17	32766
B	255.255.192.000	/18	16382
B	255.255.224.000	/19	8190
B	255.255.240.000	/20	4094
B	255.255.248.000	/21	2046
B	255.255.252.000	/22	1022
B	255.255.254.000	/23	510
C	255.255.255.000	/24	254
C	255.255.255.128	/25	126
C	255.255.255.192	/26	62
C	255.255.255.224	/27	30
C	255.255.255.240	/28	14
C	255.255.255.248	/29	6
C	255.255.255.252	/30	2
C	255.255.255.254	/31	0
C	255.255.255.255	/32	0

Change the Raspberry Pi IP address and network settings using the Raspberry Pi GUI (Desktop)

Note: "Wired connection 1" is the default Ethernet connection name and is assumed in the following commands.

Click on the two arrows facing up and down on the right side of the Task Bar at the top of the Raspberry Pi desktop

Click on "Advanced Options" | "Edit Connections..."

Doubke Click on "Ethernet" | "Wired connection 1"

Click on the "IPv4 Settings" Tab

Click on these fields to edit them:

"Method" | Manual

"Address"
(Your Rspbrry Pi IP Address)
Example:
192.168.0.25

"Netmask"
(See the section above "The Subnetwork Mask is expressed in Slash Notation...")
Example:
/24

"Gateway"
(Typicaly the network router LAN IP Address)
Example:
192.168.0.1

"DNS servers"
(Use commas to seperate multiple domain name server addresses)
Example:
8.8.8.8,8.8.4.4

Click on the "Save" Button

X out of the "Network Connections" window

- or -

Change the Raspberry Pi IP address and network settings using the NetworkManager User Interface (UI)

Note: "Wired connection 1" is the default Ethernet connection name and is assumed in the following commands.

Open the NetworkManager User Interface (UI)

Restart the connection to begin using the new settings

sudo nmcli con up "Wired connection 1"

- or -

Change the Raspberry Pi IP address and network settings using NetworkManager Command Line Interface (CLI)

Show all network connections

sudo nmcli con show

Note: "Wired connection 1" is the default Ethernet connection name and is assumed in the following commands.

Set IP Address

(Note: The Subnetwork Mask is expressed in Slash Notation along with the IP Address)
sudo nmcli con mod "Wired connection 1" ipv4.addresses <YourRaspberryPiIPAddress>/<YourNetworkSubnetworkMask>
Example:
sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.25/24

Set the Gateway Address

(Note: Typicaly the Gateway Address is network router LAN IP Address)
sudo nmcli con mod "Wired connection 1" ipv4.gateway <YourNetworkDefaultGatewayIPAddress>
Example:
sudo nmcli con mod "Wired connection 1" ipv4.gateway 192.168.0.1

Set the DNS Servers

(Note: Use spaces to seperate multiple domain name server addresses)
sudo nmcli con mod "Wired connection 1" ipv4.dns" <DNSServer1> <DNSServer2> <DNSServer...>"
Example:
sudo nmcli con mod "Wired connection 1" ipv4.dns "8.8.8.8 8.8.4.4"

Set the Addressing Mode to Manual (Static)

sudo nmcli con mod "Wired connection 1" ipv4.method manual

Restart the connection to begin using the new settings

sudo nmcli con up "Wired connection 1"

Network information commands (Optional)

Display the IP Address, Gateway, DNS Servers and Addressing Mode (Short version)

sudo nmcli -g ip4.address,ipv4.gateway,ip4.dns,ipv4.method connection show "Wired connection 1"

Display general network information (Medium version)

sudo nmcli device show

Display the complete profile for "Wired connection 1" so all parameters can be reviewed (Long version)

sudo nmcli -p con show "Wired connection 1"

Install and configure a firewall - UFW (Optional)

Notes:

See "General Notes" 4. near the top of this document.

UFW manual page: https://manpages.debian.org/trixie/ufw/ufw.8.en.html

Install UFW

Update Raspberry Pi OS and Components

Download latest package lists

sudo apt-get update -y

Download and install updated listed packages

sudo apt-get upgrade -y

Download and install UFW

sudo apt install ufw

Once installed, UFW is disabled by default. The default configuration blocks all incoming traffic (denied), and allows all outgoing traffic (allowed). Therefore incoming SSH and VNC traffic would be denied, however Raspberry Pi Connect and TeamViewer would continue functioning. It is important to allow necessary management traffic such as SSH and/or VNC prior to enabling the firewall. Not doing so will require management via Raspberry Pi Connect, TeamViewer or a directly attached Display, Keyboard and Mouse.

Note: The Subnetwork Mask is expressed in Slash Notation along with an IP Address in certain areas of the next sections.

Network Subnetwork Mask and Slash Notation Relationships:

Class	Mask	Slash	Nodes
A	255.000.000.000	/8	16777214
B	255.255.000.000	/16	65534
B	255.255.128.000	/17	32766
B	255.255.192.000	/18	16382
B	255.255.224.000	/19	8190
B	255.255.240.000	/20	4094
B	255.255.248.000	/21	2046
B	255.255.252.000	/22	1022
B	255.255.254.000	/23	510
C	255.255.255.000	/24	254
C	255.255.255.128	/25	126
C	255.255.255.192	/26	62
C	255.255.255.224	/27	30
C	255.255.255.240	/28	14
C	255.255.255.248	/29	6
C	255.255.255.252	/30	2
C	255.255.255.254	/31	0
C	255.255.255.255	/32	0

Configure UFW

Set the firewall rules as appropriate for the installation. Multiple rules can be applied to each service type. Source Addresses and Source Subnets can be either internal or external of the network the Raspberry Pi is connected to. If any of the services below have not been installed, do not set a rule for that service. See "General Notes" 3. and 4. near the top of this document.

DHCP

Allow:
sudo ufw allow bootps
Example:
sudo ufw allow bootps

FTP

Allow from anywhere:
sudo ufw allow 21/TCP
Example:
sudo ufw allow 21/TCP

Allow from a specific Subnet:
sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 21
Example:
ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 21

Allow from a specific IP Address:
sudo ufw allow from <SourceAddress> proto TCP to <YourRaspberryPiIPAddress> port 21
Example:
ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 21

SSH

Allow from anywhere:
sudo ufw allow 22/TCP
Example:
sudo ufw allow 22/TCP

Allow from a specific Subnet:
sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 22
Example:
ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 22

Allow from a specific IP Address:
sudo ufw allow from <SourceAddress> proto TCP to <YourRaspberryPiIPAddress> port 22
Example:
ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 22

VNC Server

Allow from anywhere:
sudo ufw allow 5900/TCP
sudo ufw allow 5900/UDP
Example:
sudo ufw allow 5900/TCP
sudo ufw allow 5900/UPD

Allow from a specific Subnet:
sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 5900

sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto UDP to <YourRaspberryPiIPAddress> port 5900
Example:
ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 5900

ufw allow from 50.209.187.25/29 proto UDP to 192.168.0.25 port 5900

Allow from a specific IP Address:
sudo ufw allow from <SourceAddress> proto TCP to <YourRaspberryPiIPAddress> port 5900

sudo ufw allow from <SourceAddress> proto UDP to <YourRaspberryPiIPAddress> port 5900
Example:
ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 5900

ufw allow from 50.209.187.26 proto UDP to 192.168.0.25 port 5900

Enable the firewall

sudo ufw enable

Note: This also enables iptables

If it is ever desirable to disable the firewall for testing or other reasons (Optional)

sudo ufw disable

Note: This also disables iptables

Check UFW status to see if it's active (Optional)

sudo ufw status

To list current rules (Optional)

sudo ufw status
- or -
sudo ufw status verbose

To remove a rule (Optional)

Identify the rule ID number to be removed

sudo ufw status numbered

Remove the rule by ID number

sudo ufw delete <ID>
Example:
sudo ufw delete 2

Remove packages that were automatically installed and are no longer required

Occasionally excess update, upgrade and installation packages install automatically, but are no longer required and can be removed automatically.

Automatically detect and remove packages no longer required

sudo apt autoremove -y

Sonora Computer Repair
Sonora, CA 95370
e-mail: charles@varvayanis.com
Phone: (209) 586-3782
Fax: (209) 586-3761
Business Card (PDF 153 KB)

www.sonoracomputer.com