Jump to content

Search the Community

Showing results for tags 'iptables'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 8 results

  1. Hi, i have error wnrb configure root@zion:/opt# ./wp6.sh _ ___ _______ ____ _ __ | | / (_) ____(_) / __ \(_)___ ___ ____ _____ ____ / /__ | | /| / / / /_ / / / /_/ / / __ \/ _ \/ __ '/ __ \/ __ \/ / _ \ | |/ |/ / / __/ / / / ____/ / / / / __/ /_/ / /_/ / /_/ / / __/ |__/|__/_/_/ /_/ /_/ /_/_/ /_/\___/\__,_/ .___/ .___/_/\___/ /_/ /_/ v6.4 Saved Settings: Share Internet connection from to WiFi Pineapple at eth1 through default gateway [C]onnect using saved settings [G]uided setup (recommended) [M]anual setup [A]dvanced IP settings [Q]uit WiFi Pineapple detected. Please disconnect the WiFi Pineapple from this computer and press any key to continue with guided setup. Step 1 of 3: Select Default Gateway Default gateway reported as Use the above reported default gateway? [Y/n]? Step 2 of 3: Select Internet Interface Internet interface reported as Use the above reported Internet interface? [Y/n]? Step 3 of 3: Select WiFi Pineapple Interface Please connect the WiFi Pineapple to this computer. ....[Checking] Detected WiFi Pineapple on interface eth1 Use the above detected WiFi Pineapple interface? [Y/n]? Settings saved. Saved Settings: Share Internet connection from to WiFi Pineapple at eth1 through default gateway [C]onnect using saved settings [G]uided setup (recommended) [M]anual setup [A]dvanced IP settings [Q]uit Detecting WiFi Pineapple............found. _ . ___ \||/ ( _ )_ <--> [___] <--> ,<><>, (_ _(_ ,) \___\ '<><>' Bad argument `eth1' Try `iptables -h' or 'iptables --help' for more information. SIOCDELRT: No such process Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If] inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M] [netmask N] [mss Mss] [window W] [irtt I] [mod] [dyn] [reinstate] [[dev] If] inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject inet_route [-FC] flush NOT supported Browse to http://172.16.42.1:1471 and after install, when start - don't have internet connections. PS how i can do hard reset? Maybe it will help.
  2. Hello everyone, I have create a very simple html which is the only page i want my clients to see. Like a captive portal but not intrested in giving them internet connection. I am having problems with nodogsplash which does not redirect any traffic when my pineapple is not connected to the internet. I know i can use "Evil Portal" but i am trying to make this manual. I also noticed that nodogsplash is at 0.9_beta9.9.9 but opkg brings 0.9_beta9.9.6 (not only pineapple, openwrt too) Does the pineapple have to be connected to the internet for nodogsplash to work? Is there a way to replicate the iptables rules nodogsplash creates? Is there any good alternative "captive portal manager" you can suggest? My nodogsplash.conf My /etc/config/dhcp Running: nodogsplash -d 7 -f and it stays like this even when clients connect. As an alternative i tried dnsspoof and iptables (one at a time and both together) My spooofhost.conf dnsspoof -i br-lan -f spoofhost.conf iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1 and iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1 In this case it redirects traffic to 172.16.42.1 but if pineapple is not connected to the internet Android and iPhone Devices cannot betect the "captive portal" and pop the pseudo browser.
  3. Hello all, I am having an issue with redirecting traffic for sslstrip using iptables, I have tried to use these commands: iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 60000 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 60000 Which should redirect http traffic from port 80 to 60000, where I would have my sslstrip listening, however, nothing happens. After applying the above rule I test using tcpdump -i wlan0 'port 60000' and no traffic is seen, while port 80 has traffic. I have tried flushing all tables (iptables -F, iptables -t nat -F) and running the above rules, to no avail. If anyone has any ideas any help would be appreciated.
  4. I'm trying to set up my pineapple MK4 (running 2.7.0) to be able to filter certain tcp ports on a bridge interface. I am able to do this same thing on my laptop running 12.04 ubuntu between two interface cards, but I can't seem to get it to work on the MK4. I realize the below steps are not persistant on a reboot as this is only a POC I am trying to achieve. The steps I take on the MK4: - I edit /etc/sysctl.conf and reboot the MK4 (I read this in another forum and have tried it both ways (with '1' or '0' -default) net.bride.bridge-nf-call-iptables=1 - I create a new bridge and add eth1 brctl addbr br0 ifconfig eth1 0.0.0.0 promisc up brctl addif br0 eth1 - I delete the pineapple exsisitng bridge and add eth0 to the new bridge ifconfig br-lan down ifconfig eth0 down brctl delbr br-lan ifconfig eth0 0.0.0.0 promisc up brctl addif br0 eth0 - I bring up the bridge ifconfig br0 192.168.1.1 netmask 255.255.255.0 up At this point traffic goes through the bridge between eth0 and eth1 (which is good) but I want to be able to filter the forwarding traffic via iptables. - so I add this to the iptables flush them iptables -X iptables -F add filter iptables -A FORWARD -p tcp --dport 80 -j DROP but it still continues to forward port 80 (or any port I put in) I have also tried iptables -A FORWARD -j DROP and it still continues to forward everything. If I do this on INPUT or OUTPUT it does work as I expect it to. What am I missing? I understand that bridge is layer 2 while iptables are layer 3 but I have read that "bridge-nf-call" (I have no idea what I am talking about) takes care of this. Do I need to install additional iptables packages maybe? Thanks in advance for any advice you may have. magoo
  5. While i know its very possible, I was just wondering if anyone could possibly help me try to figure out how i could go about using an MK4 essentially as Dual Wan load-balancing router. For example,
  6. I'm trying to "hide" the fact that SSH + deluge are running when port scanned. I think my options are I can firewall the server, open SSH port and keep it visible, and get to the deluge by going to localhost:8112 after a ssh -D $someport. Or, I can use knockknock and hide SSH and Deluge but need to keep 1outbound+1inbound tcp port open for deluge xfers (or use knockknock-proxy). - Server(s) running Ubuntu 10.10 --> 12.04 - knockknock --> http://www.thoughtcr...are/knockknock/ - SSH - deluge-torrent.org/ 1. Has anyone on the forums attempted to setup port knocking with knockknock before? 2. Am I correct in assuming that it would be wise to NOT use UFW to configure my firewall and instead rely strictly on iptables? I believe this to be true because knockknock will need custom iptable entries to work. 3. SSH seems simple to think through. Knock on one port and connect. All Inbound+Outbound traffic flows over one port after the connection is established -- easy enough. 4. I threw in an application like Deluge because I can't get my head around the firewall logic. "deluged" runs as a local daemon on the server. Once a Torrent is added it needs two ports to operate (1 Inbound + 1 Outbound). "deluge-web --fork" is a web gui to add/remove Torrents. It runs on a separate port (8112 by default), for a total of three. My best guess is to create a knockknock rule for the web gui (8112) and leave deluge's inbound (5000) + outbound (6000) ports open and standard SSH knockknock rule. OR should I use the knockknock-proxy? Can anyone contribute/comment on how this should be setup? THANKS
  7. Hi All, Scenario/Background: I'm on a boat. We use VSAT + two year old Cisco router. Router has been locked down. The only ports open are 80 (http), 443 (https), 25 (mail), 3389 (RDP). When travelling I used to be able to use OpenVPN (udp), PPTP VPN (tcp), or a socksified (-D) SSH connection to tunnel my traffic. That's no longer the case. I borked my VPS server trying to get around the above stated issue. It's left me in a bit of a pickle. I can use TOR to get to my VPS's CPANEL (control panel). I have to use a service like TOR, because the CPANEL is on a non-standard web port (5454). I can't reinstall the server though. To do that I need to VNC to the VPS. I use 'Chicken of the VNC' which doesn't support proxying, like a web browser. I've looked at a few options, like NoVNC, etc which are browser based HTML5 implementations of a VNC client but they rely on a companion server which my VPS is not running. Any ideas? (1A) Help! *I'm asking a friend to remotely reconfigure my server, and to run SSH on port 443 so I'll have SSH access and web proxying ability, but it has led me to even more questions. I hope that the firewall doesn't filter to the Layer 7 networking stack, otherwise I might need a better solution. What are some ways to accomplish this? (2A) Below is what I've found so far. Please help me add to the list of possibilites. Is there a software solution (Mac OS X or Ubuntu) that allows a user to specify which application uses the socksified SSH connection (ex ssh -D 8080 username@y.y.y.y) on the local machine? (3A) It woud be ideal if an application could force traffic over the SSH connection. Example, tell 'Chicken of the VNC', Adium, etc to route through SSH without having to set a proxy in their individual preferences (most don't even have the option/ability). Future Solutions 1B. #Ubuntu wiki says this might be a problem on some VPS's - https://help.ubuntu....y/IptablesHowTo #execute on remote server iptables -t nat -I PREROUTING -p tcp -m conntrack --ctstate NEW -s x.x.x.x -d y.y.y.y --dport 443 -j REDIRECT --to-port 22 or #execute on remote server iptables -t nat -I PREROUTING --src x.x.x.x --dst y.y.y.y -p tcp --dport 443 -j REDIRECT --to-ports 22 sudo iptables -t nat -L -n -v #execute on local machine in Terminal ssh -p 443 -D 8080 username@y.y.y.y 2B. http://www.thoughtcr...tware/firemole/ 3B. http://dag.wieers.co...http-tunneling/ *anyone know of a more current way to do this? (4A) software doesn't look like it's been updated since 2009 4B. sudo nano /etc/ssh/sshd_config change the line "Port 22" to "Port 443" to save --> hit ctrl+o, then ctrl+x sudo restart ssh *how does encrypted web traffic (https 443) still work if SSH is now using port 443 on the VPS? (5A)
  8. Ho can make the iptable entries in to a startup script for jasager? How do I create 2 scripts, one for WAN port routing and 1 for Android USB Tethering? iptables -A FORWARD -i eth1 -o wlan0 -s 172.16.42.0 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o usb0 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i usb0 -j ACCEPT iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o usb0 -j MASQUERADE Thnks
×
×
  • Create New...