Connect All Your IoT Through Your Pi 3

If you’re playing Hackaday Buzzword Bingo, today is your lucky day! Because not only does this article contain “Pi 3” and “IoT”, but we’re just about to type “ESP8266” and “home automation”. Check to see if you haven’t filled a row or something…

Seriously, though. If you’re running a home device network, and like us you’re running it totally insecurely, you might want to firewall that stuff off from the greater Interwebs at least, and probably any computers that you care about as well. The simplest way to do so is to keep your devices on their own WiFi network. That shiny Pi 3 you just bought has WiFi, and doesn’t use so much power that you’d mind leaving it on all the time.

Even if you’re not a Linux networking guru, [Phil Martin]’s tutorial on setting up the Raspberry Pi 3 as a WiFi access point should make it easy for you to use your Pi 3 as the hub of your IoT system’s WiFi. He even shows you how to configure it to forward your IoT network’s packets out to the real world over wired Ethernet, but if you can also use the Pi 3 as your central server, this may not even be necessary. Most of the IoT services that you’d want are available for the Pi.

Those who do want to open up to the world, you can easily set up a very strict firewall on the Pi that won’t interfere with your home’s normal WiFi. Here’s a quick guide to setting up iptables on the Pi, but using even friendlier software like Shorewall should also get the job done.

Still haven’t filled up your bingo card yet? “Arduino!”

34 thoughts on “Connect All Your IoT Through Your Pi 3

    1. Take a look at openhab, that’ll get you the mobile phone app. And possibly some links to kickstarters that are compatible. not sure about water kettle, what’s that?

      1. I believe Angry Dog was referring to his buzzword bingo card, and not features that were missing from this implementation.

        But with regards to mobile apps, I use ImperiHome tied to node-red on the Pi to visualize all the IOT stuff. It’s not perfect, but quite nice and easy to use.

      1. Damn, I didn’t notice my phone auto-corrected it to “Picture” when I meant to write “Pi.” I’m not used to typing things on a phone and I hate touchscreens :(

  1. And for the extra round – comment bingo:

    ‘you could also use XXX for hardware’
    ‘I fucking hate the arduino IDE’
    ‘Brian we love you’
    ‘i did that 10 years ago’
    ‘i love that other thing way more’
    ‘you can’t even write the word right’
    ‘why does nobody proof read’
    ‘I hate the new blog layout’
    ‘had.io sucks’

    1. Agreed. A couple of years ago, I was working on a project where the client’s network was completely flat. Servers, user workstations, printers, and wireless were all on one network/sub-net/broadcast domain. Once you were in, you could start hammering away at everything. I wanted to protect the services I was setting up from their network and vice-versa. Setting up really tight firewalls on a bunch of Linux containers and the container host was straight-forward and well documented. I now do something similar on every server system I deploy, including any VMs or containers.

      But in the spirit of a layered security model, using a Pi or a wireless router running OpenWRT is a great idea. [werecatf] is right on that point. You’ll also get much better wireless coverage and network throughput.

        1. One basket for sure. I’m quite sure that they haven’t learned their lesson because nobody on staff has the technical knowledge to realize that there is a problem. Worse, this network handles a lot of information about individuals that privacy laws apply to.

          This is a common problem in rural communities. My bet is that every government organization in our town, with the possible exception of the hospital, is running a completely flat network. When one of them is eventually badly hacked, my services will be very much in demand.

  2. Don’t forget folks, if it’s a real IoT project and actually using IPv6, that iptables doesn’t handle IPv6 rules! You’ll need to set up ip6tables for that.

    I’m sure firewalld has some ultra-intuitive totally-didn’t-spend-all-day-reading-the-manual-to-find-out-I-can’t way of handling it. Or use a *BSD with pf.

  3. No arduino, no go. Without one, it’s hard to take a RasPi project like this seriously.

    Back in my day, we had to make do with a watering can and a couple 555s…

    Not a hack.

    That plastic will shatter and poke your eye out.

    Phew… I think I covered the rest of the lines on the bingo card!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.