Home | Miscellaneous | Raspberry Pi | DHCP
Charles Varvayanis
Computer and Communication Systems
Since 1990
(209) 586-3782
charles@varvayanis.com
Raspberry Pi DHCP Server Setup
Step-by-step instructions for setting up a DHCP server with SSH, VNC, TeamViewer and a Firewall.
These procedures apply to Raspberry Pi 5, 4 or 3 with Raspberry Pi OS (64-Bit), (32-Bit) or (Legacy, 32-Bit) with or without the DHCP Server, SSH, VVNC, TeamViewer and/or a Firewall.
General Notes
1. General:
The procedures below are optimized for setting up a DHCP server on a Raspberry Pi 5, 4 or 3 with Raspberry Pi OS (64-Bit), (32-Bit) or (Legacy, 32-Bit) connected via Ethernet.
Management connectivity is provided via SSH, TeamViewer and VNC.
A firewall is included.
2. Internet access during setup:
Many of the steps below assume and require the target Raspberry Pi is connected to a network with access to the Internet and a DHCP server is on the network configured for DHCP clients to access the Internet.
This is the standard and/or default configuration for most networks, so in most cases nothing additional will need to be done.
3. Management Connectivity Options:
Certain Management Connectivity options below can be selectively omitted by not implementing the steps in any of these sections below:
"Install and configure TeamViewer", "Configure and Enable VNC".
SSH can be omitted while configuring the Raspberry Pi Imager as in the "Load Raspberry Pi OS onto a Micro SD Card" section below, after choosing the DEVICE, OS and STORAGE then clicking NEXT, EDIT SETTINGS and selecting the SERVICES tab, then unchecking "Enable SSH".
The rest of the procedure should be followed as appropriate for the required needs.
4. Firewall Option:
A firewall on the Raspberry Pi in this type of implementation is usually not required.
However, in cases where the Raspberry Pi is connected to a public network, running a firewall on the Raspberry Pi is advisable.
Raspberry Pi OS includes iptables, an IP packet filter, however it is disabled by default.
UFW (Uncomplicated FireWall) is a firewall user interface for use with iptables.
UFW together with iptables provide basic firewall features, but lack more sophisticated firewall features and protections.
The firewall on the Raspberry Pi can be omitted by not implementing the steps in the section below: "Install UFW and configure the firewall".
Notice about updates, upgrades and installations failing due to repository or network congestion or outages
Occasionally updates, upgrades and installations fail due to repository or network congestion or outages.
Sometimes there is an appropriate message saying as such, sometimes a missing file is reported, and sometimes there is just a failure message without an explanation.
When this occurs, simply run the command again.
If that does not solve the issues immediately, try again later.
Download and Install the Raspberry Pi Imager onto a PC or other computer
Download the Raspberry Pi Imager
https://www.raspberrypi.com/software
Install the Raspberry Pi Imager
Run the downloaded file and follow the installation instructions.
Load the Raspberry Pi OS onto a Micro SD Card
Connect the target Micro SD Card
Connect the target Micro SD Card to a computer with the Raspberry Pi Imager installed.
Open the Raspberry Pi Imager
Windows 10: Start | Raspberry Pi | Raspberry Pi Imager
Windows 11: Start | All Apps | Raspberry Pi | Raspberry Pi Imager
Select the Desired Options
Raspberry Pi Device | CHOOSE DEVICE | <YourRaspberryPiModel> - Example: Raspberry Pi 5
Operating System | CHOOSE OS | <DesiredRaspberryPiOS> - Example: Raspberry Pi OS (64-bit)
Storage | CHOOSE STORAGE | Generic-SD/MMC USB Device
NEXT
EDIT SETTINGS |
GENERAL |
Set hostname: | Checked <DefineYourRaspberryHostnameHere> - Example: Pi-0001
Set username and password | Checked
Username: <DefineYourRaspberryPiUsernameHere> - Example: Pi
password: <DefineYourRaspberryPiPasswordHere> - Example: PiPassword
Configure Wireless LAN | Not Checked
Set local settings | Checked
Time zone: <SelectYourTimeZone> - Example: America/Los_Angels
Keyboard Layout: <SelectYourKeyboardLayoutHere> - Example: us
SERVICES |
Enable SSH | Checked (See "General Notes" 3. near the top of this document)
Use password authentication | Selected
OPIONS |
Play sound when finished | Not Checked
Eject media when finished | Checked
OPIONS | Eject telemetry | Checked
SAVE
Would you like to apply OS customizations Settings? | YES
All existing data on 'Generic-SD/MMC USB Device' will be erased. Are you sure you want to continue? | YES
When the message "You can now remove the SD card from the reader" is displayed | CONTINUE
Remove the Micro SD card from the reader.
Insert the Micro SD Card into the Target Raspberry Pi
Be certain the Target Raspberry Pi is powered off.
Insert the Micro SD Card loaded with the Raspberry Pi OS into the target Raspberry Pi 5, 4 or 3. Note: It inserts up-side-down (contacts up) into the Raspberry Pi.
Power on the Raspberry Pi
It is typical for the Raspberry Pi to reboot two or three times the first time it is powered up before it is ready for its first use. This often takes three to five minutes.
Determine the target Raspberry Pi IP Address
Use an IP Scanner tool such as Advanced IP Scanner on a PC or alike to locate the DHCP IP Address assigned to the Raspberry Pi.
https://www.advanced-ip-scanner.com
- or -
Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse.
Open a Terminal window.
sudo hostname -I
- or -
Login to your router and examine the DHCP assignments, sometimes labeled "Connected Devices" or similar.
Connect to the target Raspberry Pi
Use SSH via a tool such as PuTTY to connect to the Raspberry Pi.
https://www.putty.org
Connect using the IP address or URL of the target Raspberry Pi.
Note: The first time a connection is made, a security warning may be displayed | Yes
- or -
Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.
Check and update the Raspberry Pi 4 or Pi 5 EEPROM Version
Note: This tool only works with Raspberry Pi 4 or Pi 5. Raspberry Pi 3B+ and below have a ROM that can not be updated.
Check if the Raspberry Pi 4 or Pi 5 EEPROM should be updated
sudo rpi-eeprom-update -a
Update the Raspberry Pi 4 or Pi 5 EEPROM if required.
sudo raspi-config
Advance Options | Bootloader Version | Latest | Yes
Install and configure TeamViewer
See "General Notes" 3. near the top of this document.
Install TeamViewer
Download latest package lists
sudo apt-get update -y
Download and install updated listed packages
sudo apt-get upgrade -y
Disable Wayland (Remote Graphics Support) and switch to the older X11 (Remote Graphics Support) because TeamViewer does not yet work with Wayland (Note: Wayland in not enabled on Raspberry Pi OS (Legacy) by default)
sudo raspi-config
Advance Options | [Enter] | Wayland | [Enter] | X11 | [Enter] | Ok | [Enter] | Finish | [Enter] | Would you like to reboot now? | Yes | [Enter]
Download and install TeamViewer - Select one of the four configurations below:
1) TeamViewer Full Client installation with a 64-Bit OS:
Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer_arm64.deb
Install TeamViewer (Note: Errors during installation are normal and can usually be ignored)
sudo dpkg -i teamviewer_arm64.deb
2) TeamViewer Full Client installation with a 32-Bit OS:
Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer_armhf.deb
Install TeamViewer (Note: Errors during installation are normal and can usually be ignored)
sudo dpkg -i teamviewer_armhf.deb
3) TeamViewer Host installation with a 64-Bit OS:
Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer-host_arm64.deb
Install TeamViewer (Note: Errors during installation are normal and can usually be ignored)
sudo dpkg -i teamviewer-host_arm64.deb
4) TeamViewer Host installation with a 32-Bit OS:
Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer-host_armhf.deb
Install TeamViewer (Note: Errors during installation are normal and can usually be ignored)
sudo dpkg -i teamviewer-host_armhf.deb
Download and install additional OS components needed by TeamViewer - This corrects for the errors above, if any.
sudo apt --fix-broken install -y
Download latest package lists
sudo apt-get update -y
Download and install updated listed packages
sudo apt-get upgrade -y
Configure TeamViewer
Set the TeamViewer password
sudo teamviewer passwd <DefineYourTeamViewerPasswordHere> - Example: sudo teamviewer passwd MyTeamViewerPassword
Accept TeamViewer Licensing only, but do no additional configuration from this setup tool
sudo teamviewer setup
Are you a resident of the Republic of Korea? (y/n) | n
Accept License Agreement? (y/n) | y
Abort the TeamViewer setup at this poit by pressing Control-C (Pressing the "Control" key and "C" key at the same time).
Obtain and record the TeamViewer ID (Note: This only only provides the TeamViewer ID if it is connected to the Internet)
sudo teamviewer info
The TeamViewer ID is displayed twice near the top of the TeamViewer information. Record the TeamViewer ID for you records.
Reboot the Raspberry Pi to get TeamViewer working. Note: "sudo teamviewer --daemon restart" or "sudo systemctl restart teamviewerd" do not get TeamViewer working
sudo reboot
Set TeamViewer to accept incoming LAN connections:
Since TeamViewer should now be working, a connection to the Raspberry Pi GUI should be possible via the TeamViewer client by using the TeamViewer ID of the target Raspberry Pi, obtained above.
Using TeamViewer from another machine, connect to the Raspberry Pi using the IP address or URL of the target Raspberry Pi.
- or -
Connect directly to the target Raspberry Pi via a Display, Keyboard and Mouse, then open a Terminal window.
From the Raspberry Pi GUI open TeamViewer by clicking on the TeamViewer icon in the right side of the Task Bar at the top of the Raspberry Pi desktop.
Click on "Extras" in the left side of the TeamViewer Menu Bar at the top of the TeamViewer window.
Click on "Options". It opens to the "General" window.
In the "General" window, click on the "Incoming LAN connections" drop down list and select "accept".
Click on the "OK" button.
Close the TeamViewer window by clicking on the X in the upper right hand corner of the TeamViewer window.
Connect to the target Raspberry Pi via TeamViewer
Use TeamViewer to connect to the Raspberry Pi
https://www.teamviewer.com
Connect using the TeamViewer ID, IP address or URL of the target Raspberry Pi.
Configure and Enable VNC
See "General Notes" 3. near the top of this document.
Set VNC Display Resolution and Enable VNC
sudo raspi-config
Interface Options | VNC | Yes | OK | Display Options | VNC Resolution | 1024x768 | OK | Finish | Yes (Reboot required for Raspberry 4 and 5)
- or -
Via the Raspberry Pi GUI (Desktop)
Click on "Start" (Raspberry) in the left side of the Task Bar at the top of the Raspberry Pi desktop
Click on "Preferences"
Click on "Raspberry Pi Configuration"
Click on the "Interfaces" tab.
Click on the "VNC:" switch to turn it on.
Click on the "Display" tab
Click on the "Headless Resolution:" drop-down list and select "1024x768"
Click on the "OK" Button.
Reboot required for Raspberry Pi 4 and 5. Click on the "OK" Button when this is displayed: "The changes you have made require the Raspberry Pi to be rebooted to take effect. Would you like to reboot now? | Yes"
Connect to the target Raspberry Pi via VNC
Use a tool such as RealNVC Viewer to connect to the Raspberry Pi
https://www.realvnc.com
- or -
https://www.realvnc.com/en/connect/download/combined
Connect using the IP address or URL of the target Raspberry Pi.
Note: The first time a connection is made, a security warning may be displayed | Continue
Install and Configure DNSMasq DNS & DHPC Server (The DNS server is disabled in this configuration)
Install DNSMasq
Download latest package lists
sudo apt-get update -y
Download and install updated listed packages
sudo apt-get upgrade -y
Download and install DNSMasq
sudo apt install dnsmasq
Configure DNSMasq
Edit the DNSMasq configuration file
Raspberry Pi GUI (Desktop) - Start Mousepad from Terminal: sudo mousepad /etc/dnsmasq.conf
- or -
SSH or Terminal: sudo nano /etc/dnsmasq.conf
Uncomment and edit (disable Integrated DNS Server): #port=5353 → port=0
Uncomment and edit: #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h → dhcp-range=<YourDHCPStartingAddress>,<YourDHCPEndingAddress>,<YourSubnetworkMask>,<YourDHCPLeaseTimeInHours>h - Example: dhcp-range=192.168.0.100,192.168.0.249,255.255.255.0,12h
Uncomment and edit: #dhcp-option=3,1.2.3.4 → dhcp-option=3,<YourDefaultGateway> - Example: dhcp-option=3,192.168.1.1
Add this line to bottom of the file: dhcp-option=6,<DNSServer1>,<DNSServer2>,<DNSServer...> - Example: dhcp-option=6,8.8.8.8,8.8.4.4
Save and close mousepad (File| Save [Ctrl+S] and File | Quit [Ctrl+Q or X out])
- or -
Save and close nano (Press CTRL + X and then press y and ENTER to save changes)
Restart DNSMasq
sudo service dnsmasq restart
Change the Raspberry Pi IP address and network settings using NetworkManager
Enable NetworkManager on Raspberry Pi OS (Legacy). NetworkManager is already enabled by default on Raspberry Pi OS.
Enable NetworkManager
sudo raspi-config
Advance Options | [Enter] | Network Config | [Enter] | NetworkManager | [Enter] | OK | [Enter] | Finish | [Enter] | Would you like to reboot now? | Yes | [Enter]
Note 1: The DHCP assigned IP Address of the Raspberry Pi will likely change and may need to be located again.
Note 2: The TeamViewer ID of the Raspberry Pi will likely change and may need to be obtained again.
Note: The Subnetwork Mask is expressed in Slash Notation along with an IP Address in certain areas of this section.
Network Subnetwork Mask and Slash Notation Relationships:
| Class | Mask | Slash | Nodes |
| A | 255.000.000.000 | /8 | 16777214 |
| B | 255.255.000.000 | /16 | 65534 |
| B | 255.255.128.000 | /17 | 32766 |
| B | 255.255.192.000 | /18 | 16382 |
| B | 255.255.224.000 | /19 | 8190 |
| B | 255.255.240.000 | /20 | 4094 |
| B | 255.255.248.000 | /21 | 2046 |
| B | 255.255.252.000 | /22 | 1022 |
| B | 255.255.254.000 | /23 | 510 |
| C | 255.255.255.000 | /24 | 254 |
| C | 255.255.255.128 | /25 | 126 |
| C | 255.255.255.192 | /26 | 62 |
| C | 255.255.255.224 | /27 | 30 |
| C | 255.255.255.240 | /28 | 14 |
| C | 255.255.255.248 | /29 | 6 |
| C | 255.255.255.252 | /30 | 2 |
| C | 255.255.255.254 | /31 | 0 |
| C | 255.255.255.255 | /32 | 0 |
Change the Raspberry Pi IP address and network settings using the NetworkManager User Interface (UI)
sudo nmtui
Edit a connection | [Enter] | Wired connection 1 | [Enter]
Change these fields (Note: Use [Tab] to move around the window, [Enter] to select, and [Esc] to back out of a window):
IPv4 CONFIURATION | <Automatic> | [Enter] | Manual | [Enter] | <Show> | [Enter]
Addresses | <Add...> | [Enter] | <YourRaspberryPiIPAddress>/<YourNetworkSubnetworkMask> - Example: 192.168.0.25/24) | [Enter]
(Note: The Subnetwork Mask is expressed in Slash Notation along with the IP Address. - See the section above for additional information)
Gateway | <YourNetworkDefaultGatewayIPAddress> (Typicaly the network router LAN IP Address - Example: 192.168.0.1 | [Enter]
DNS Servers | <Add...> | [Enter] | <DNSServer1> - Example: 8.8.8.8 | [Enter]
DNS Servers | <Add...> | [Enter] | <DNSServer2> - Example: 8.8.4.4 | [Enter]
OK | [Enter] (Note: [Tab] to bottom of the window)
[Esc] | [Esc]
Restart the connection to begin using the new settings
sudo nmcli con up "Wired connection 1"
- or -
Change the Raspberry Pi IP address and network settings using NetworkManager Command Line Interface (CLI)
Show all network connections
sudo nmcli con show
Note: "Wired connection 1" is the default Eternet connection name and is assumed in the following commands.
Set IP Address
sudo nmcli con mod "Wired connection 1" ipv4.addresses <YourRaspberryPiIPAddress>/<YourNetworkSubnetworkMask> - Example: sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.25/24
Set the Gateway Address
Note: Typicaly the Gateway Address is network router LAN IP Address
sudo nmcli con mod "Wired connection 1" ipv4.gateway <YourNetworkDefaultGatewayIPAddress> - Example: sudo nmcli con mod "Wired connection 1" ipv4.gateway 192.168.0.1
Set the DNS Servers
sudo nmcli con mod "Wired connection 1" ipv4.dns "<DNSServer1> <DNSServer2> <DNSServer...>" - Example: sudo nmcli con mod "Wired connection 1" ipv4.dns "8.8.8.8 8.8.4.4"
Set the Addressing Mode to Manual (Static)
sudo nmcli con mod "Wired connection 1" ipv4.method manual
Restart the connection to begin using the new settings
sudo nmcli con up "Wired connection 1"
For testing (Optional) - Display the IP Address, Gateway, DNS Servers and Addressing Mode
sudo nmcli -g ip4.address,ipv4.gateway,ip4.dns,ipv4.method connection show "Wired connection 1"
For testing (Optional) - Display the profile so all parameters can be reviewed
sudo nmcli -p con show "Wired connection 1"
Install and configure a firewall - UFW
See "General Notes" 4. near the top of this document.
Install UFW
Download latest package lists
sudo apt-get update -y
Download and install updated listed packages
sudo apt-get upgrade -y
Download and install UFW
sudo apt install ufw
Once installed, UFW is disabled by default.
The default configuration blocks all incoming traffic (denied), and allows all outgoing traffic (allowed).
Therefore incoming SSH, FTP HTTP, HTTPS and VNC traffic would be denied, however TeamViewer would continue functioning.
It is important to allow necessary management traffic such as SSH and/or VNC prior to enabling the firewall. Not doing so will require management via TeamViewer or a directly attached Display, Keyboard and Mouse.
Note: The Subnetwork Mask is expressed in Slash Notation along with an IP Address in certain areas of the next sections.
Network Subnetwork Mask and Slash Notation Relationships:
| Class | Mask | Slash | Nodes |
| A | 255.000.000.000 | /8 | 16777214 |
| B | 255.255.000.000 | /16 | 65534 |
| B | 255.255.128.000 | /17 | 32766 |
| B | 255.255.192.000 | /18 | 16382 |
| B | 255.255.224.000 | /19 | 8190 |
| B | 255.255.240.000 | /20 | 4094 |
| B | 255.255.248.000 | /21 | 2046 |
| B | 255.255.252.000 | /22 | 1022 |
| B | 255.255.254.000 | /23 | 510 |
| C | 255.255.255.000 | /24 | 254 |
| C | 255.255.255.128 | /25 | 126 |
| C | 255.255.255.192 | /26 | 62 |
| C | 255.255.255.224 | /27 | 30 |
| C | 255.255.255.240 | /28 | 14 |
| C | 255.255.255.248 | /29 | 6 |
| C | 255.255.255.252 | /30 | 2 |
| C | 255.255.255.254 | /31 | 0 |
| C | 255.255.255.255 | /32 | 0 |
Configure UFW
Set the firewall rules as appropriate for the installation.
Multiple rules can be applied to each service type.
Source Addresses and Source Subnets can be either internal or external of the network the Raspberry Pi is connected to.
If any of the services below have not been installed, do not set a rule for that service.
See "General Notes" 4., 5., 6. and 7. near the top of this document.
FTP
Allow from anywhere: sudo ufw allow 21/TCP - Example: sudo ufw allow 21/TCP
Allow from a specific Subnet: sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 21 - Example: ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 21
Allow from a specific IP Address: sudo ufw allow from <SourceSubnetAddress> proto TCP to <YourRaspberryPiIPAddress> port 21 - Example: ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 21
SSH
Allow from anywhere: sudo ufw allow 22/TCP - Example: sudo ufw allow 22/TCP
Allow from a specific Subnet: sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 22 - Example: ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 22
Allow from a specific IP Address: sudo ufw allow from <SourceSubnetAddress> proto TCP to <YourRaspberryPiIPAddress> port 22 - Example: ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 22
HTTP
Allow from anywhere: sudo ufw allow 80/TCP - Example: sudo ufw allow 80/TCP
Allow from a specific Subnet: sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 80 - Example: ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 80
Allow from a specific IP Address: sudo ufw allow from <SourceSubnetAddress> proto TCP to <YourRaspberryPiIPAddress> port 80 - Example: ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 80
HTTPS
Allow from anywhere: sudo ufw allow 433/TCP - Example: sudo ufw allow 433/TCP
Allow from a specific Subnet: sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 433 - Example: ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 433
Allow from a specific IP Address: sudo ufw allow from <SourceSubnetAddress> proto TCP to <YourRaspberryPiIPAddress> port 433 - Example: ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 433
VNC Server
Allow from anywhere: sudo ufw allow 5900/TCP - Example: sudo ufw allow 5900/TCP
Allow from a specific Subnet: sudo ufw allow from <SourceSubnetAddress>/<SourceSubnetMask> proto TCP to <YourRaspberryPiIPAddress> port 5900 - Example: ufw allow from 50.209.187.25/29 proto TCP to 192.168.0.25 port 5900
Allow from a specific IP Address: sudo ufw allow from <SourceSubnetAddress> proto TCP to <YourRaspberryPiIPAddress> port 5900 - Example: ufw allow from 50.209.187.26 proto TCP to 192.168.0.25 port 5900
Enable the firewall
sudo ufw enable
Note: This also enables iptables
If it is ever desirable to disable the firewall for testing or other reasons
sudo ufw disable
Note: This also disables iptables
To list current rules
sudo ufw status
- or -
sudo ufw status verbose
To remove a rule
Identify the rule ID number to be removed
sudo ufw status numbered
Remove the rule by ID number
sudo ufw delete <ID> - Example: sudo ufw delete 2
Remove packages that were automatically installed and are no longer required
Occasionally excess update, upgrade and installation packages install automatically, but are no longer required and can be removed automatically.
Automatically detect and remove packages no longer required
sudo apt autoremove -y
Charles Varvayanis
Sonora, CA 95370
e-mail: charles@varvayanis.com
Phone: (209) 586-3782
Fax: (209) 586-3761
Business Card (PDF 153 KB) 
www.varvayanis.com
© 2025 Charles Varvayanis
All rights reserved