0. Preface
I got the Raspberry Pi 3 (Pi3) yesterday, and couldn't wait to start using it. I plan to make it an NAS server and a downloader. I have already imagined that everyday I got some interesting movies or comics downloaded before I am back home. I just need to connect the Pi3 to the TV to enjoy the movies without waiting for buffering...
But the first thing to do now, it to set up the Pi3 making it available to login from the Internet.
Here is what I have got:
- the Pi3 board
- a 5V power
- a USB wire
- a LAN wire
Though I have HDMI wire but no available monitor, so I have to setup the Pi3 under command line environment.
1. Prepare the Raspbian
I used the Raspbian Jessie Lite as the OS for Pi3, downloaded from the official website.
Or directly download the zip file from here.
After unzip the file, I got the OS image:
Then use the Win32DiskImager to write the OS to TF card. The Win32DiskImager can be downloaded from SourceForge.
When it's done, insert the TF card to the Pi3 and turn on the power.
2. Find the IP of Pi3 with LAN wire
Connect the Pi3 to router with LAN wire. The Pi3 is default to setup DHCP and will get an IP from the router. The next thing to do is just simply login to the router as admin and find out the IP of Pi3 which will use the hostname "raspberrypi".
If you don't have access to the router just like me, then you need to download the Advanced IP scanner from it's official website to scan the IP of raspberry:
When the IP is found, ssh to Pi3 with putty download from official website. The default username and passwords are:
username: pi
passwords: raspberry
3. Connect the Pi3 to wifi
If the Pi3 is preferred to use wifi instead of LAN, we can configure the ssid and password of the wifi inside Pi3:
#If there's no vim in Pi3, then install it.
$ sudo apt-get install vim
$ sudo vim /etc/wpa_supplicant/wpa_supplicant.conf
# Add the following lines and save:
network={
ssid="wifi_name"
psk="Password"
}
#Check if there is IP under **wlan0**
$ ifconfig
#If not, then
$ sudo ifdown wlan0
#Normally will get the IP in 1 min.
$ sudo ifup wlan0
Then we can get rid of the LAN wire! (But I prefer to use LAN because my wifi is not fast enough to support NAS)
4. Change sshd port and setup firewall
If the Pi3 is going to be exposed to the Internet, it is not safe to use the default sshd port 22. To change it:
$ sudo vim /etc/ssh/sshd_config
#Find the line: Port 22 and change to other number
Port 2222
$ service sshd restart
To setup firewall, I use iptables:
$ whereis iptables
#Make sure there is iptables in raspbian
>iptables: /sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz
# It means iptables is installed
# If not, then install iptables first
$ sudo apt-get install iptables
#Create rules for the iptables
$ sudo vim /etc/iptables.rules
#Add the following lines and save file:
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Enables the rules
$ sudo iptables-restore < /etc/iptables.rules
#Enables the iptables every after Pi3 is restarted
$ sudo vim /etc/network/if-pre-up.d/iptables
#!/bin/bash
iptables-restore < /etc/iptables.rules
$ sudo chmod +x /etc/network/if-pre-up.d/iptables
The end.
Now the Raspberry Pi is ready to work.