taiyed14

This is telling the DHCP server on the Fon to PUSH the default gateway (option 3 - 10.110.0.1) and PUSH the primary and secondary DNS (option 6 - 10.110.0.2 and 8.8.8.8) to any clients connecting to Fon: list 'dhcp_option' '3,10.110.0.1' # This is the IP address of . . #. . The Host Laptop's Net-Interface acting as GW list 'dhcp_option' '6,10.110.0.2,8.8.8.8' # This is Option 6 define the DNS server, . . # . . Then IP of Pineapple, Then Googles DNS IP This is only setting the gateway (fine) and DNS for the Fon: option 'gateway' '10.110.0.1' option 'dns' '8.8.8.8' In other words, the Fon is a client to the DNS server, it cannot send request for its wireless clients, they must send a request themselves. That is why you are getting a "no host" error.

Agreed. But for the price ($200 before shipping) I can't complain...

I love my Mini 9. So easy to upgrade! Just pop off a panel on the bottom and there is the RAM, SSD, WiFi. I have 2GB of RAM (shipped with 512MB) and it works like a champ.

Thanks for doing this write up. It looks good! You can make the SSLStrip config section of the bash script cleaner by doing combining both IF statements if [ $SSL == "y" -o $SSL == "Y" -o $SSL == "yes" ]; then <SNIP> if $SSL is y OR $SSL is Y OR $SSL is yes. Now there is only one IF. More troubleshooting tips:

Here is a shell script I wrote (similar to the one echoblack posted) that will automatically enable routing traffic from the fon, through the laptop and out to the internet. http://alex.hrck.net/docs/traffic-forwarding.sh #!/bin/bash # # Enables "Internet Connection Sharing" on Linux # # USER=`whoami` if [ $USER == "root" ]; then read -p "Please enter Internet connected interface (wlan0): " WAN read -p "Please enter interface connected to Fon (eth0): " LAN if [ -z $WAN ]; then WAN="wlan0" fi if [ -z $LAN ]; then LAN="eth0" fi ifconfig $LAN 10.168.1.1 netmask 255.255.255.0 ipfwd=`cat /proc/sys/net/ipv4/ip_forward` if [ $ipfwd -eq 1 ]; then echo "IP forwarding enabled!" else echo '1' > /proc/sys/net/ipv4/ip_forward fi iptables --version > /dev/null 2>&1 if [ $? -eq 0 ]; then iptables -X iptables -F iptables -A FORWARD -i $WAN -o $LAN -s 10.168.1.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo "iptables configured..." #route del default GW=`ifconfig $WAN | grep "inet addr:"| grep -v "127.0.0.1" | cut -d: -f2 | awk '{ print $1}' | cut -d. -f1,2,3` GW=`echo $GW.1` route add default gw $GW $WAN echo "Default route set to $GW through $WAN" else echo "Please run as root or install iptables..." fi else echo "Please run as root." fi

.254 is the static IP of my Fon. The results of your speed tests are interesting. I'm try that and see if i notice any differences. I will post results.

On your current setup, what is the default gateway and DNS server on the wifi clients set to? For testing purposes, try setting a static IP, GW and DNS on the client. root@fonz1:~# cat /etc/config/dhcp <SNIP> config 'dhcp' 'lan' option 'interface' 'lan' option 'start' '100' option 'limit' '150' option 'leasetime' '1h' list 'dhcp_option' '3,10.168.1.1' #Push default gateway to clients (laptop eth0) list 'dhcp_option' '6,10.168.1.254,8.8.8.8' #Push DNS servers to clients config 'dhcp' 'wan' option 'interface' 'wan' option 'ignore' '1' I don't change anything in config 'dhcp' 'wan' because I don't connect anything to the WAN port (I have a Fon+)

1. SSH into the Fon. 2. ping 4.2.2.2 3. Is there a responds? No: ICS is not set up properly Yes: ping 4.2.2.2 from a client connected to the Fon. 1. Is there a responds? No: Please post the output of ipconfig /all (I want to see the IP/Gateway/DNS server of the client) Yes: ping google.com 1. Is there a responds? No: The clients aren't getting a DNS server Yes: What's the problem?

Are you referring to the WiFi clients connected to Jasager? Through a public DNS server provided by DHCP. cat /etc/config/dhcp ... config dhcp lan .... list dhcp_option '6,10.168.1.254,4.2.2.2' DHCP option 6 allows the protocol to specify the DNS server(s) http://www.networksorcery.com/enp/protocol/bootp/options.htm

I do DNS different on my setup then on yours. I don't give the pineapple a DNS server (I suppose I could), I just have the DHCP server on it dish out a public DNS server. My thought are that the Fon is configured to be a DHCP server, why bother bogging down my netbook and open up another service to a potential security hole by running DHCP on the laptop. This also makes Jasager more portable. All I need to do is enable ICS on my windows or linux laptop to be come an evil gateway. my two cents. the script is only to configure routing packets out to the Internet. It doesn't control any DNS/DHCP. Nmap will scan both Jasager and the laptop (acting as a GW). To avoid this I created a file with only those two IPs in it and can use the nmap --excludefile dont_scan.txt option. Wireshark will capture all SSH and Jasager web interface traffic from the laptop (.1) and the Fon (.254), so I created a filter to filter out this traffic. not tcp port 1471 and (not tcp port 22 and not host 10.168.1.254 or not host 10.168.1.1)

Good HowTo! One issue I've experienced is the pineapple becoming the default gateway for the laptop if it is already connected to a wireless AP, thus causing routing problems. So I was sure to check for and fix that with my script. BTW, I'd be interested to know if the shell script I wrote worked for you.

i run uShare on my CentOS box which allows me to stream audio/video to my 360, but im not sure how to go about streaming it over the internet or through a web browser other than setting up a web server and navigating to the media. sounds like you have quite the projects ahead of you.

It's late and you had a lot of questions in that post...It sounds like DHCP need to send the clients a default route and a DNS server. I usually give clients a LAN DNS server (FON) and a Public DNS server (4.2.2.2 or google's own 8.8.8.8) I wrote up a blog post about setting up Jasager and "ICS" on Linux. Hopefully it can help you: http://alex.hrck.net/?p=32 Also created a simple bash script to set up ICS automatically: http://alex.hrck.net/docs/traffic-forwarding.sh

in replay to sharing media. it depends on what you mean by 'share' I would run a samba server to share files.

i would try turning off CAPS LOCK and then retrying previous posts. Linux is case sensitive. There is also a search function for these forums that might help. And as always google.com is your friend. maybe try starting dnsmasq on the Fon. In my experience ICS does not provide IPs. maybe you could see if the Fon can ping 4.2.2.2 or 8.8.8.8

live and learn I suppose.

you should be able to give arpspoof a wild card operator. arpspoof -t thegateway *

I'm not saying anything. You asked for a staring point. Try building a reader (or use the software the mention in the article). Do a little digging.

http://edge.i-hacked.com/how-to-read-a-fed...rt-card-sle4442 how about this?

just out of curiosity, how are you running arpspoof and sslstrip working on windows?

i run my fon+ on 4 AA batteries equaling 5V.

I don't believe the Fon 2.0n has a chipset that supports OpenWRT and Jasager.

Tutorial updated. made it say "make iwpriv ath0 karma 1 the last line of the start() function." glad i could help!

Sounds like there is an issue with start up script. this is the one i have. #!/bin/sh /etc/rc.common # Copyright (C) 2008 dninja@gmail.com START=50 start() { include /lib/network scan_interfaces /karma/bin/create_option_list.rb [ -d /karma/www -a -f /karma/etc/httpd.conf ] && httpd -p 1471 -h /karma/www -r karma -c /karma/etc/ht iptables -I FORWARD -i ath0 -o br-lan -j ACCEPT logread -f | awk '{if ($0 ~ /(KARMA: |DHCPACK|DHCPDISCOVER|DHCPOFFER|DHCPREQUEST)/) {sub (/ \(.*\).*: tail -f /tmp/status.log | /karma/bin/logwatch & iwpriv ath0 karma 1 } stop() { killall httpd }

it looks like Jasager web interfaces isn't running. try running /etc/init.d/httpd stop (this stops the web server running on port 80) and then /etc/init.d/jasager start (this starts Jasager web server running on 1471) ps. what that error "Address already in use" is telling you, is that there is an http server already running on port 80. pps. if /etc/init.d/jasager start works for you, then enable jasager to run on boot: /etc/init.d/jasager enable now reboot the fon.