Adding a graphical user interface (GUI) to your Raspberry Pi project is a great way to include a screen for data entry, on-screen buttons for controls or even just a smarter way to show readings from components such as sensors.
A Raspberry Pi 3 or Zero W The third iteration’s built-in Wi-Fi is what makes this project work. Why should your wireless router have all the fun? Gaining access to your network— and through.
Make an Interface for Your Project
There are a number of different GUI methods available for the Raspberry Pi, however, most have a steep learning curve.
The Tkinter Python interface may be the default 'go-to' option for most, however, beginners can struggle with its complexity. Similarly, the PyGame library offers options for making impressive interfaces but may be surplus to requirements.
If you're looking for a simple and quick interface for your project, EasyGUI could be the answer. What it lacks in graphical beauty it more than makes up for in its simplicity and ease of use.
This article will give you an introduction to the library, including some of the most useful options we've found.
Downloading and Importing EasyGUI
For this article, we're using the standard Raspbian operating system.
Installing the library will be a familiar process to most, using the 'apt-get install' method. You'll need an internet connection on your Raspberry Pi, using either a wired Ethernet or WiFi connection.
Open a terminal window (the icon of a black screen on your Pi's taskbar) and enter the following command:
This command will download the library and install it for you, and that's all the setup you need to do.
Import EasyGUI
EasyGUI needs to be imported into a script before you can use its functions. This is achieved by entering a single line at the top of your script and is the same regardless of which EasyGUI interface options you use.
Create a new script by entering the following command in your terminal window:
A blank screen will appear — this is your empty file (nano is simply the name of a text editor). To import EasyGUI into your script, enter the following line:
We use this specific version of the import to make coding even easier later on. For example, when importing this way, instead of having to write 'easygui.msgbox' we can simply use 'msgbox.'
Now let's cover some of the key interface options within EasyGUI.
Basic Message Box
This 'message box,' in its simplest form, gives the user a line of text and a single button to click. Here's an example to try — enter the following line after your import line, and save using Ctrl+X:
You should see a message box appear, with I am a Message Box written in the top bar, and Cool box huh? above the button.
Continue or Cancel Box
Sometimes you will need the user to confirm an action or choose whether or not to continue. The 'ccbox' box offers the same line of text as the basic message box above, but provides 2 buttons — Continue and Cancel.
Here's an example of one in use, with the continue and cancel buttons printing to the terminal. You could change the action after each button press to do whatever you like:
Custom Button Box
If the built-in box options aren't quite giving you what you need, you can create a custom button box using the 'buttonbox' feature.
This is great if you have more options that need covering, or perhaps are controlling a number of LEDs or other components with the UI.
Choice Box
Buttons are great, but for long lists of options, a 'choice box' makes a lot of sense. Try fitting 10 buttons in a box and you'll soon agree!
These boxes list the available options in rows one after another, with an OK and Cancel box to the side. They're reasonably smart, sorting the options alphabetically and also allowing you to press a key to jump to the first option of that letter.
Here's an example showing ten names, which you can see has been sorted in the screenshot.
Data Entry Box
Forms are a great way to capture data for your project, and EasyGUI has a 'multenterbox' option that allows you to show labeled fields to capture information with.
Once again it's a case of labeling fields and simply capturing the input. We 've made an example below for a very simple gym membership sign-up form.
There are options to add validation and other advanced features, which the EasyGUI website covers in detail.
Adding Images
You can add images to your EasyGUI interfaces by including a very small amount of code.
Save an image to your Raspberry Pi in the same directory as your EasyGUI script and make a note of the file name and extension (for example, image1.png).
More Advanced Features
We've covered the main 'basic' EasyGUI options here to get you started, however, there are lots more box options and examples available depending on how much you want to learn, and what your project requires.
Password boxes, code boxes, and even file boxes are available to name a few. It's a very versatile library that's easy to pick up in minutes, with some great hardware control possibilities as well.
If you'd like to learn how to code other things like Java, HTML or more, you can see the best online coding resources available.
If you have children at your home, you might have felt the need to block certain undesirable websites. Another common problem area are social media websites – you might feel that children (and adults) waste too much time on Facebook, Twitter etc. and want to block them, or at least make them accessible only at certain times of the day.
To make this possible, we need a router plus content filter – an appliance through which all our devices such as laptops, smartphones, and tablets connect to the internet. This appliance also intercepts the websites that these devices access, and blocks them if they try to access a blacklisted website.
There are commercial, ready-to-use content filters available in the market, but for us DIY types, there is no fun in that. Thus, we will get our hands dirty, and set up a Raspberry Pi for the job. We chose the Raspberry Pi for this project because of its tiny size and negligible power consumption. However, these instructions will work nearly unmodified with almost any computer running Debian Linux or a derivative (Ubuntu, Mint etc.).
Disclaimer: This guide assumes an intermediate level of experience with Linux, and a willingness to troubleshoot problems if and when they arise. Prior experience with command lines and firewalls is a bonus.
How it Works
Hardware
We will be using the Raspberry Pi 3 as a router cum content filter. For this, we will need two network interfaces on it – one to connect to the internet, and the other to act as a WiFi hotspot for our other devices to connect to. The Raspberry Pi 3 has a built-in Ethernet jack and WiFi module. So in this scenario, we can use an Ethernet cable (eth0) to connect to the internet, while the WiFi module (wlan0) will act as a hotspot.
Of course, connecting to the internet using Ethernet isn’t always possible. In this case, you will need a compatible USB WiFi dongle (wlan1) to connect to the internet, while the built-in WiFi module (wlan0) will act as a hotspot. This is the configuration that we will use in this guide.
Do keep in mind that while a Raspberry Pi 3 is mostly adequate for a home setup with a few laptops and smartphones, it will not provide the performance needed for a big office setup. Look into more capable hardware if a lot of clients will be connecting to your content filter.
Software
We will use the excellent E2guardian to intercept and filter our web requests. Since content filtering can have a performance impact (depending on the size of the blocklist), we will use Squid cache to offset this performance hit.
Prerequisites
1.Raspberry Pi 3 with the latest version of Raspbian OS installed, and access to the internet. If you are only getting started with the Raspberry Pi, we recommend reading our guide on how to get started with Raspberry Pi 3.
2.[Optional]USB WiFi Dongle – This is needed if, and only if you cannot connect your Raspberry Pi 3 to the internet with an Ethernet cable. If you are planning to use WiFi for both connecting to the internet and as a hotspot, this is required.
3.Physical Access to the Raspberry Pi – Due to the nature this article, a single mistake in the firewall configuration can lock you out of your Pi if you use it in headless mode. Therefore, it is recommended that you connect a monitor, keyboard and mouse while configuring it until everything is set up.
Use Raspberry Pi as Router
1.Connect your Pi to the internet using Ethernet (eth0). If you are using a USB WiFi dongle (probably wlan1) instead, connect that to the internet. Leave the built-in WiFi module (wlan0) as it is for now.
2. Get the prerequisite software that we need:
3. We will set up hostapd
so that our Pi can act as a WiFi hotspot. For this, create a config file using your favorite text editor, for example sudo nano /etc/hostapd/hostapd.conf
, and paste the content from our GitHub page.
Some lines that you might want to modify according to taste are:
This line dictates what the name of the access point will be. I chose RaspberryPiAP
.
This specifies the passphrase used to access the hotspot. I used beebom.com
, but it is recommended to change it to a strong passphrase of your choice.
4. Next, we will set up a DHCP server using dnsmasq
. Edit the config file /etc/dnsmasq.conf
, and add the following lines at the end:
[sourcecode]interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.8.20,192.168.8.254,255.255.255.0,12h[/sourcecode]
This makes the interface on wlan0
(the built-in WiFi module) hand out IP addresses to clients in the 192.168.8.20 to 192.168.8.254 range.
5. Set up a static IP address for the built-in WiFi module wlan0
. Open the file /etc/network/interfaces
. It probably looks something like this (emphasis mine):
[sourcecode]source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
allow-hotplug wlan1
iface wlan1 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf[/sourcecode]
Here, locate the lines in bold dealing with wlan0
, and change them, so that the file looks like the following:
[sourcecode]source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.8.1
netmask 255.255.255.0
allow-hotplug wlan1
iface wlan1 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf[/sourcecode]
This sets up a static IP address 192.168.8.1
on wlan0. Remember this address, as this is the address we will use to communicate with our Raspberry Pi later on.
6. Now set up IP forwarding. Edit the file /etc/sysctl.conf
, and add the following line to it:
7. Now we will configure network address translation (NAT) in our firewall. To do this, enter the following 2 commands:
The first command sets up NAT, while the second command saves our present firewall configuration to a file called /etc/iptables/rules.v4
. This makes sure that the configuration persists across reboots.
8. At this point, reboot your Raspberry Pi. This is to make sure that all the changes we made in the configuration files are functional.
9. After rebooting, you should be able to see the newly created RaspberryPiAP
hotspot (unless you changed the name in step 3) on your other devices such as laptops and smartphones. You can connect to it using the password you specified, and access the internet.
This is all you need to do to if you need a basic, low-powered router. If you want to set up a content filter as well, read on.
Set Up Content Filter Using E2guardian
E2guardian is not present in the default Raspbian repositories. To install it, go to the project’s Github page, and download the file ending in armhf.deb
. Now open Terminal, go to your Downloads folder (or wherever you chose to download the file), and install it:
You will probably see a few errors about missing packages when you install E2guardian. To rectify this, let the installation finish, and enter the following command :
Using Content Lists
There are several lists present in the /etc/e2guardian/lists
directory. These files include bannedextensionlist, bannediplist, bannedphraselist, bannedsitelist, bannedurllist, exceptionlist, and more. These files are properly documented with comments. Take a look at them to familiarize yourself.
As an example, let’s suppose you wish to block some popular social networks. Open the /etc/e2guardian/lists/bannedsitelist
file, and under the Blanket SSL/CONNECT block (since these websites use https instead of plain http), add the following lines:
Now reload the E2guardian service using the command sudo service e2guardian reload
(you will have to run this command every time you modify the configuration files). Any clients using the content filter will now be unable to access these websites. Even the mobile sites (eg. m.twitter.com) and dedicated smartphone apps will not work.
E2guardian also blocks porn by default. If you wish to allow it (hey, we aren’t judging), open the /etc/e2guardian/lists/bannedphraselist
file, and locate the following line:
Comment it out by adding a hash (# symbol) to the front, so that it looks like this:
Again, reload the configuration with sudo service e2guardian reload
, and you’re done.
Configuring Clients
Now that our proxy server is set up, we can move on to configuring the clients. To use the content filter, all clients need to be connected to the Rapberry Pi’s hotspot, and configured to use the proxy. Configuring a proxy is different across all operating systems and devices. However, we will demonstrate how to set it up on Windows and Android, since these are more popular.
Windows
Go to Control Panel > Network and Internet > Internet Options. In the window that opens up, navigate to the Connections tab, and click on LAN settings.
Here, click on Advanced, and enter 192.168.8.1
as the proxy address, and 8080
as the port. Make sure that the Use the same proxy server for all protocols box is checked. Click OK.
That is all you need to do. Most popular web browsers such as Google Chrome and Firefox will automatically pick up the system proxy settings.
Android
Go to System Settings > WiFi. Now tap and hold the Raspberry Pi hotspot, and select Modify network. Under Advanced options, set the Proxy option to Manual. Now, under Proxy hostname, enter the IP address of the Pi 192.168.8.1
. Under Proxy port, enter 8080
, and tap on Save.
You can now test the configuration of the proxy. Try going to a website in your blacklist – you will see an “Access Denied” page like this:
Enforcing Proxy Usage
So far, we are relying on clients playing nice and using the internet through the content filter. Of course, this rarely happens in the real world. So to enforce all clients to go through the proxy, run the following commands:
This will automatically redirect all http (port 80) and https (port 443) traffic on the raspberry Pi’s hotspot to the content filter proxy. Now, without configuring proxy settings on your devices, they will not be able to access secure https websites such as Facebook, Gmail, Twitter etc. at all. This makes sure that anyone who wishes to connect to your Pi hotspot has to go through the proxy.
This is all you need to know for basic usage of the content filter. If you wish to learn some advanced features, read on.
Advanced Usage Scenarios
Setting Up a Time-Based Filter
Let’s say you want to block the websites we mentioned in the Using Content Lists section above, but only at certain times of the day. I personally prefer to block Reddit, Facebook and Twitter during work hours (9am – 5pm) on weekdays because they are a productivity nightmare.
Open the /etc/e2guardian/lists/bannedsitelist
file, and add the following line to it:
This line works as follows – the timer starts at 9 (9 am) 0 (00 minutes), till 17 (5 pm in 24-hr format) 0 (00 minutes), from 0 (Monday) to 4 (Friday).
Let’s take another example:
This will block the configured sites from 10:30 am (10 30) till 8:45 pm (20 45) on Monday (0), Wednesday (2), and Friday (4).
Letting Certain IP Addresses Bypass the Proxy
It is possible to let certain IP addresses bypass the content filter. This can be set up by configuring the firewall. You might have noticed that in our dnsmasq.conf
, we only set the hotspot to assign IP addresses from 192.168.8.20 to 192.168.8.254 to clients. That means addresses from 192.168.8.2 to 192.168.8.19 will not be automatically assigned to any client (we cannot use 192.168.8.1 because that is what our Raspberry Pi itself uses).
To do this, first set up a static IP on the device to which you want to give full access. For example, to set up a static IP of 192.168.8.2 on a Windows machine, use these settings:
Now, on your Raspberry Pi, run the following commands.
Now, disable the usage of proxy on your device, and try to open a banned website. You should be able to open it. If there are more IP addresses that you want to add to the whitelist, run the above two commands again, but replace the IP address with the one you want. Once you are satisfied with the whitelist, run the following command to save your firewall config:
One important thing to keep in mind is that you should not let anyone know the whitelisted IP addresses. Otherwise, they can simply set their device to that IP address to bypass the proxy.
Security Concerns
Since your Raspberry Pi will be the entry and exit point for all your communications, it is important to secure it. Here are some tips on how to improve security. Keep in mind that these are just basic pointers and not a comprehensive list of security pitfalls. The amount of security will depend on the nature of your network (home, small office etc.) and how mischievous the users are.
Disable Unneeded Services
Since this is a router, it is best to only run the services that we require. More services running means more vulnerabilities that can potentially be exploited. Definitely do not use this system as a regular desktop.
Go to Menu > Preferences > Raspberry Pi Configuration. In the Interfaces tab, disable all services that you do not require.
Change the Default Password
A fresh Raspbian installation comes with the default password ‘raspberry’ for the default user ‘pi’. It is recommended to change this to a more secure password. To change it, open a terminal run this command:
Remove the Monitor and Other Peripherals
Since all that will run on this Pi is the software required to use it as a router and web filter, we do not need a monitor or other peripherals such as a mouse and keyboard attached to it. If you do need to change settings and such, you can always use SSH, or attach a monitor and keyboard as needed.
Turn off Auto Login
Raspbian is set up to automatically log in with the ‘pi’ user credentials without prompting for password. This might be ok for a general purpose family desktop, but dangerous for a router. To disable this, on the Raspbian desktop, go to Menu > Preferences > Raspberry Pi Configuration. In the System tab, in front of the Auto login heading, uncheck the Login as user ‘pi’ checkbox.
In the same dialog box, it is also advisable to set the Boot setting to To CLI. This will save resources since we do not need a GUI on a router. If you do want to use the desktop for any reason, log in with your username, and run the startx
command to turn on the graphical interface.
Troubleshooting Common Problems
Interfaces Keep Getting Renamed
This is very common if you are using two wireless interfaces on your Pi. If you are using Ethernet to connect your Pi to the internet, you can safely ignore this section. The problem is that both the wireless interfaces (wlan0 and wlan1) sometimes swap names after a reboot. That is, the built-in WiFi module wlan0 gets renamed to wlan1, and vice versa. This is of course a big problem since we rely on them having a consistent name for our configuration files. Here is how to make it consistent across reboots:
1. Find out the MAC address of your interfaces. Run the command ifconfig | grep HWaddr
on your Raspberry Pi. You will see an output like the following:
Note down the text to the right of the word ‘HWaddr’ in the wlan0 and wlan1 section. You can safely ignore the eth0 section. These are the MAC addresses of your wireless interfaces.
If you are not sure which MAC address belongs to which interface, simply unplug the USB WiFi dongle, and run the command again. The wlan interface that comes up now is your built-in WiFi interface, while the other one is USB.
2. Create a new file /etc/udev/rules.d/10-network.rules
using your favorite text editor. For example :
3. Enter the following text in this file. Replace the xx:xx:xx:xx etc. with the appropriate MAC address:
[sourcecode]# Set up the built-in WiFi module as wlan0. Replace the xx:xx:xx etc. with the
# built-in module’s MAC address
SUBSYSTEM'net', ACTION'add', ATTR{address}'xx:xx:xx:xx:xx:xx', NAME='wlan0'
# Set up the USB WiFi dongle as wlan1. Replace the yy:yy:yy etc. with the
# USB dongle’s MAC address
SUBSYSTEM'net', ACTION'add', ATTR{address}'yy:yy:yy:yy:yy:yy', NAME='wlan1'[/sourcecode]
Make sure that the built-in WiFi interface’s MAC address corresponds to wlan0, and the USB WiFi to wlan1 since that is the convention we are following in this guide.
4. Reboot your Raspberry Pi. Your interfaces will start with the correct name now.
Resetting Firewall Configuration
Another common problem is a badly configured firewall. Depending on your network configuration, it might take several tries before you get the firewall right. If at any point you think that you might have messed up the firewall configuration, run the following commands to start from scratch:
This will delete all firewall configuration. You can now start configuring the firewall from scratch. Once you are satisfied, run the command sudo iptables-save | sudo tee /etc/iptables/rules.v4
to make the configuration permanent.
SEE ALSO: How To Run Commands on Raspberry Pi by Email
Use Your Raspberry Pi as Router and Content Filter
That is all on turning your Raspberry Pi into a potent router plus content filter proxy. You can get the exact configuration files we used for our setup on our GitHub page. Do let us know how it works out for you. If something does not work as expected, or a step feels too confusing, feel free to ask us a question in the comments section below.