3G to WiFi Raspberry Pi gateway

[Edit]: Thanks Hackaday for the highlight! Part two of the hack – having a 77 year old learning how to use an Android phone – is ongoing. Proof of success: her instagram account.

After building my DIY 16.5 dBi (probably with pornographic levels of VSWR – hopefully i can get an antenna analyzer on that by the next few weeks) and proofing the concept of a feasible 3G gateway, i had to put everything inside a nice IP65 box and set it up outside. Initially i was aiming at using a modded WR703N with Rooter firmware and a Huawei E3131. After burning both of them, i had to resort to a Raspberry Pi Zero.

Principle of operation: Raspberry Pi handles the PPP session from the USB modem, creates an WiFi network via hostapd and uses iptables for the rest.

Notes on weatherproofing something

Basics first:

  • water + electronics = bad. Solution?
    • Sealed box.
  • heat + electronics = bad. Solution?
    • Sealed box with ventilation.
  • Sealed box with ventilation + electronics = moisture during low temperature. Solution?
    • Heat it when it’s cold.
  • 230VAC outside = bad idea. Solution?
    • Industrial grade 230VAC to 5VDC PSU – i used this one from Mean Well – RS-35-5 (link to manufacturer) placing it within the attic and routing 5m of 2×0.75mm2 cable outside – 6m total, minimum voltage drop.

So, this is not a trivial problem to solve. My solution? IP65 grade box (IP rating table right here) with a breathing hole, DHT22 sensor inside, DS18B20 outside, python measuring things. More details below…

Sure this won’t fix the issue but will allow me to keep an eye on the box health concerning humidity during winter, and heat during the summer.

I killed my WR703N

Before continuing, i burned my finished WR703N. My goal from the start was to avoid having 230VAC outside. But on my testing i used a laptop PSU with 3 wires: 5VDC and 12VDC. On my final testing i smelled smoke. You got the picture…

You don’t? Here it goes.

Smoking WR703N
Smoking hot WR703N to the corner table!

Out the WR703N, in the Pi

This was pretty much straightforward. I connected a powered 4 port USB hub to the Pi via USB OTG cable. The Hub hosts the E3131 modem and a Ralink based RT5730 dongle with RP-SMA connector.

I used USB-Y cables as a power aid for both the Pi and the Hub. Then, it was just a matter of configuring the software.

This sub-project takes care of all the temperature monitoring. But we still have work to do: after setting up Raspbian, we need to configure WVDial to dial the PPP connection and IPTables to set up NAT.

My take on a temperature HAT for DS18B20 and DHT22

PPP and NAT configuration

This is also straightforward:

All steps below should be done as root user (sudo -i )

sudo apt-get install -y usb-modeswitch ppp wvdial

Configure wvdial.conf (/etc/wvdial.conf) – for my operator MEO and for a Huawei USB dongle – settings will vary depending on the config…

[Dialer Defaults]
New PPPD = yes
Dial Command = ATDT
Dial Attempts = 3
Modem = /dev/ttyUSB0
Modem Type = Analog Modem
ISDN = 0
Baud = 115200
Username = tmn
Password = tmn
Init1 = ATZ
Init2 = AT&F E1 V1 X1 &D2 &C1 S0=0

[Dialer MEO]
Carrier Check = on
Auto Reconnect = on
Idle Seconds = 0
Phone = *99***1#
Stupid Mode = 1
Init3 = AT+CGDCONT=1,"IP","internet"

Now tune /etc/network/interfaces and insert in the end:

auto ppp0
iface ppp0 inet wvdial
provider MEO

And at /etc/rc.local

insert before

exit 0

The following information to auto startup the ppp session.

wvdial meo


sudo nano /etc/sysctl.conf

and set



$ sudo sysctl -w net.ipv4.ip_forward=1

We need iptables for NAT

sudo apt-get install iptables

And we’ll create a rule set under /root/ folder with name ipt.sh

# flush tables
iptables -F
iptables -t nat -F
# apply routing
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

Set it to executable:

chmod +x ~/ipt.sh
sudo ~/ipt.sh

And set it to start up with the system:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Go to the file /etc/rc.local and before 

exit 0



Now create the file


And insert

/sbin/iptables-restore < /etc/iptables.ipv4.nat

Set it executable

sudo chmod +x /etc/network/if-up.d/iptables

No. We're not done!


Install hostapd and dnsmasq:

aptitude install hostapd dnsmasq

Edit file with network settings to some static IP of wlan0:

nano /etc/network/interfaces

And wlan0 section should like:

allow-hotplug wlan0
iface wlan0 inet static

#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet manual

(close nano with Ctrl+X, then Y and Enter)

After that, get down and up wlan0 interface and check, if you have your IP set it up on interface

ifdown wlan0; ifup wlan0
ifconfig wlan0 # this command should wrote these informations

# as you can see, there is right IP
wlan0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr: Bcast: Mask:
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Create new configuration for hostapd in /etc/hostapd/hostapd.conf and put there this info:

# you can create it with command

nano /etc/hostapd/hostapd.conf

#write info below into file

Edit files /etc/default/hostapd and uncomment DAEMON_CONF, and add path to config. So line will looks like this:


Then, you can finally restart hostapd, and you have your hotspot up and running.

/etc/init.d/hostapd restart

# allow hostapd after boot
update-rc.d hostapd enable

Your hotspot is running, but you need to run some DHCP client for your clients which will use your hotspot. Edit and change these parameters in dnsmasq (and restart it):
#edit dnsmasq by following command
nano /etc/dnsmasq.conf

#find and change following parameters.. (or you can add these on end of the file


# restart dnsmasq
/etc/init.d/dnsmasq restart

# allow dnsmasq after boot
update-rc.d dnsmasq enable

Finished product:

What's next?

I found out my ISP blocks routing on these ppp interfaces, so i cannot get direct SSH or Web Access to the device.

On my next post i'll explain on how to do a reverse SSH session to another WAN available pi.

Also, rpi-monitor is a great project for remote monitoring. Here's a sneak peak:


And temperature graphs via rrdtool, embedded and managed via rpi-monitor. (howto to follow soon)

Leave a Reply

Your email address will not be published. Required fields are marked *