Jump to content


Photo

Ics Under Osx With Mkiv


  • Please log in to reply
7 replies to this topic

#1 DAV

DAV

    Hak5 Fan

  • Active Members
  • PipPip
  • 30 posts

Posted 18 March 2012 - 04:17 PM

so, it wasn't easy, but i managed to get the ICS working with the MKIV, using some stuff i read here, but still having some issues...
before my question, let me recap:

because OSX (1.6.8) is only letting ICS through 192.168.2.1 gateway, i edited /etc/config/network to look like so:

config interface lan
        option ifname   eth0
        option type     bridge
        option proto    static
        option ipaddr   192.168.2.254
        option netmask  255.255.255.0
        option gateway  192.168.2.1
        option dns      8.8.8.8

and, i edited /etc/config/firewall to enable forwarding (not sure it was helpful, but it worked after i've done it)
config zone
	option name		lan
	option network		'lan'
	option input		ACCEPT 
	option output		ACCEPT 
	option forward		ACCEPT

reboot the MKIV, turned on my ICS in OSX and configured the dhcp for the Ethernet to be
192.168.2.200 <-- osx as client
255.255.255.0

with no router or dns addresses..

so far so good. im able to ping from the MKIV and do an nslookup.. it all seem great!

EXCEPT, when loggin in via wifi with a pwnt device, not connection what so ever.. i've been on the issue for the last 3 days and so far, im only been able to ping outside..

any ideas?

#2 Darren Kitchen

Darren Kitchen

    Hak5 Junkie

  • Root Admin
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,809 posts
  • Gender:Male
  • Location:San Francisco, CA

Posted 18 March 2012 - 09:44 PM

1. Disable the firewall. /etc/init.d/firewall stop. In fact it has been removed in 1.0.1 -- causes more trouble than it's worth for a hacker tool.

2. Look into your routes. By default it looks like this:
root@Pineapple:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.42.42    0.0.0.0         UG    0      0        0 br-lan
172.16.42.0     *               255.255.255.0   U     0      0        0 br-lan

You want it to look like:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.2.200   0.0.0.0         UG    0      0        0 br-lan
192.168.2.200   *               255.255.255.0   U     0      0        0 br-lan

So from the Advanced menu in the Web UI enter:

route del default

in the bottom text field and click Execute Commands. Then from the first text field enter:

route add default gw 192.168.2.200 br-lan

and click the Update Routing Table button.

If that doesn't do the trick a little iptables lovin' should.
Posted ImagePosted ImagePosted Image

#3 DAV

DAV

    Hak5 Fan

  • Active Members
  • PipPip
  • 30 posts

Posted 19 March 2012 - 12:36 AM

The route table is actually pointing to 192.168.2.1 which is the bridge address (and I can ping it)

#4 niggizito

niggizito

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 43 posts

Posted 19 March 2012 - 10:17 AM

The route table is actually pointing to 192.168.2.1 which is the bridge address (and I can ping it)


DAV,

Your MAC is the "bridge" for the pwnd clients, not the MarkIV. Typical connection setup: MarkIV PoE (172.16.42.1)-->LAN interface of the Win or *nix or MAC computer (172.16.42.42)-->wireless card of the same Win or *nix or MAC (whatever it is).
The LAN interface of the computer doesn't have a default route as it only needs to communicate with Mark. Mark in its turn communicates with the rest of the world through your computer. And the default gateway for Mark is your LAN interface of the computer. The computer through its default routing table taken from the wireless card forwards the packets to inet.
So, in your case, the routing table in the Mark should point to 192.168.2.200.

Correct me if I'm wrong.

#5 DAV

DAV

    Hak5 Fan

  • Active Members
  • PipPip
  • 30 posts

Posted 19 March 2012 - 11:26 AM

192.168.2.200 is the ip of my machine in front of the mkiv, the ICS is also providing a gatway address - 192.168.2.1, bridged to the wireless interface (10.0.0.138).
All routing should go through this gw, and from there to the wireless and then the world.
It works perfectly in the ssh console when im pinging google, but the mkiv's pwnt clients cant seem to reach out through the gateway, even though the routing is pointing to the right address..:/

#6 niggizito

niggizito

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 43 posts

Posted 19 March 2012 - 01:06 PM

192.168.2.200 is the ip of my machine in front of the mkiv, the ICS is also providing a gatway address - 192.168.2.1, bridged to the wireless interface (10.0.0.138).
All routing should go through this gw, and from there to the wireless and then the world.
It works perfectly in the ssh console when im pinging google, but the mkiv's pwnt clients cant seem to reach out through the gateway, even though the routing is pointing to the right address..:/

What's the default route in Mark? 192.168.2.1 you say? As Darren points out it should be 192.168.2.200 in your case.

#7 DAV

DAV

    Hak5 Fan

  • Active Members
  • PipPip
  • 30 posts

Posted 19 March 2012 - 05:03 PM

SUCCESS!!! :)

ok, so i learned few interesting stuff..

OSX (1.6) ICS for some reason randomly shuts off, probably when i was switching IP for my Ethernet connection, but the little V box is kept checked, so make sure to ifconfig to see if you can see this:
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255

i have routed the default gateway to point at my machine it was flawless :)

THANK YOU GUYS!

#8 barry99705

barry99705

    Hak5 1337 Fan

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,476 posts
  • Gender:Male

Posted 19 March 2012 - 06:07 PM

SUCCESS!!! :)

ok, so i learned few interesting stuff..

OSX (1.6) ICS for some reason randomly shuts off, probably when i was switching IP for my Ethernet connection, but the little V box is kept checked, so make sure to ifconfig to see if you can see this:

inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255

i have routed the default gateway to point at my machine it was flawless :)

THANK YOU GUYS!

It will shut off if you change any of the ethernet settings. I was about to log in and say the settings we posted here will work. I also found that the firewall in Lion is a bit strict, and once I turn it off everything is golden.

Edited by barry99705, 19 March 2012 - 06:08 PM.

The Pineapple Wiki

http://wiki.wifipineapple.com

1JRos2rbs9wKRBMchL9Ahw.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users