Jump to content

AussieKlutz

Active Members
  • Posts

    31
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by AussieKlutz

  1. Hi Guys, I'm creating a OpenVPN tunnel to a vps from my Mark V. Its working fine to access the Mark V from the vps, however I'm having some trouble getting the iptables to apply properly to allow internet traffic to be forwarded over the tunnel. The iptables commands i'm using are: iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT After I run the commands, then do an iptables-save, they show up but don't affect the traffic # Generated by iptables-save v1.4.10 on Tue Nov 10 13:38:41 2015 *nat :PREROUTING ACCEPT [117609:46924417] :INPUT ACCEPT [76:7931] :OUTPUT ACCEPT [383:28224] :POSTROUTING ACCEPT [210:15594] :delegate_postrouting - [0:0] :delegate_prerouting - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_usb_rule - [0:0] :postrouting_wan2_rule - [0:0] :postrouting_wan_rule - [0:0] :postrouting_wiredwan_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_usb_rule - [0:0] :prerouting_wan2_rule - [0:0] :prerouting_wan_rule - [0:0] :prerouting_wiredwan_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_usb_postrouting - [0:0] :zone_usb_prerouting - [0:0] :zone_wan2_postrouting - [0:0] :zone_wan2_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] :zone_wiredwan_postrouting - [0:0] :zone_wiredwan_prerouting - [0:0] -A PREROUTING -j delegate_prerouting -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE -A POSTROUTING -j delegate_postrouting -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule -A delegate_postrouting -o br-lan -j zone_lan_postrouting -A delegate_postrouting -o wlan1 -j zone_wan_postrouting -A delegate_postrouting -o usb0 -j zone_usb_postrouting -A delegate_postrouting -o -j zone_wan2_postrouting -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule -A delegate_prerouting -i br-lan -j zone_lan_prerouting -A delegate_prerouting -i wlan1 -j zone_wan_prerouting -A delegate_prerouting -i usb0 -j zone_usb_prerouting -A delegate_prerouting -i -j zone_wan2_prerouting -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule -A zone_usb_postrouting -m comment --comment "user chain for postrouting" -j postrouting_usb_rule -A zone_usb_postrouting -j MASQUERADE -A zone_usb_prerouting -m comment --comment "user chain for prerouting" -j prerouting_usb_rule -A zone_wan2_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan2_rule -A zone_wan2_postrouting -j MASQUERADE -A zone_wan2_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan2_rule -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule -A zone_wan_postrouting -j MASQUERADE -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule -A zone_wiredwan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wiredwan_rule -A zone_wiredwan_postrouting -j MASQUERADE -A zone_wiredwan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wiredwan_rule COMMIT # Completed on Tue Nov 10 13:38:41 2015 # Generated by iptables-save v1.4.10 on Tue Nov 10 13:38:41 2015 *raw :PREROUTING ACCEPT [123507:48622371] :OUTPUT ACCEPT [3432:2747296] :notrack - [0:0] -A PREROUTING -j notrack COMMIT # Completed on Tue Nov 10 13:38:41 2015 # Generated by iptables-save v1.4.10 on Tue Nov 10 13:38:41 2015 *mangle :PREROUTING ACCEPT [123507:48622371] :INPUT ACCEPT [3376:569065] :FORWARD ACCEPT [2716:1150203] :OUTPUT ACCEPT [3432:2747296] :POSTROUTING ACCEPT [6148:3897499] :fwmark - [0:0] :mssfix - [0:0] -A PREROUTING -j fwmark -A FORWARD -j mssfix -A mssfix -o wlan1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu -A mssfix -o usb0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "usb (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu -A mssfix -o -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan2 (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Tue Nov 10 13:38:41 2015 # Generated by iptables-save v1.4.10 on Tue Nov 10 13:38:41 2015 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :delegate_forward - [0:0] :delegate_input - [0:0] :delegate_output - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_usb_rule - [0:0] :forwarding_wan2_rule - [0:0] :forwarding_wan_rule - [0:0] :forwarding_wiredwan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_usb_rule - [0:0] :input_wan2_rule - [0:0] :input_wan_rule - [0:0] :input_wiredwan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_usb_rule - [0:0] :output_wan2_rule - [0:0] :output_wan_rule - [0:0] :output_wiredwan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_usb_dest_ACCEPT - [0:0] :zone_usb_forward - [0:0] :zone_usb_input - [0:0] :zone_usb_output - [0:0] :zone_usb_src_ACCEPT - [0:0] :zone_wan2_dest_ACCEPT - [0:0] :zone_wan2_forward - [0:0] :zone_wan2_input - [0:0] :zone_wan2_output - [0:0] :zone_wan2_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_ACCEPT - [0:0] :zone_wiredwan_dest_ACCEPT - [0:0] :zone_wiredwan_forward - [0:0] :zone_wiredwan_input - [0:0] :zone_wiredwan_output - [0:0] :zone_wiredwan_src_ACCEPT - [0:0] -A INPUT -j delegate_input -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT -A FORWARD -d 172.16.42.0/24 -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT -A FORWARD -d 172.16.42.0/24 -i 3g-wan2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j delegate_forward -A OUTPUT -j delegate_output -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_forward -i br-lan -j zone_lan_forward -A delegate_forward -i wlan1 -j zone_wan_forward -A delegate_forward -i usb0 -j zone_usb_forward -A delegate_forward -i -j zone_wan2_forward -A delegate_forward -j reject -A delegate_input -i lo -j ACCEPT -A delegate_input -m comment --comment "user chain for input" -j input_rule -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood -A delegate_input -i br-lan -j zone_lan_input -A delegate_input -i wlan1 -j zone_wan_input -A delegate_input -i usb0 -j zone_usb_input -A delegate_input -i -j zone_wan2_input -A delegate_output -o lo -j ACCEPT -A delegate_output -m comment --comment "user chain for output" -j output_rule -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_output -o br-lan -j zone_lan_output -A delegate_output -o wlan1 -j zone_wan_output -A delegate_output -o usb0 -j zone_usb_output -A delegate_output -o -j zone_wan2_output -A reject -p tcp -j REJECT --reject-with tcp-reset -A reject -j REJECT --reject-with icmp-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN -A syn_flood -j DROP -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m comment --comment "forwarding lan -> wiredwan" -j zone_wiredwan_dest_ACCEPT -A zone_lan_forward -m comment --comment "forwarding lan -> usb" -j zone_usb_dest_ACCEPT -A zone_lan_forward -m comment --comment "forwarding lan -> wan2" -j zone_wan2_dest_ACCEPT -A zone_lan_forward -j zone_lan_src_ACCEPT -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule -A zone_lan_input -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule -A zone_lan_output -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT -A zone_usb_dest_ACCEPT -o usb0 -j ACCEPT -A zone_usb_forward -m comment --comment "user chain for forwarding" -j forwarding_usb_rule -A zone_usb_forward -m comment --comment "forwarding usb -> lan" -j zone_lan_dest_ACCEPT -A zone_usb_forward -j zone_usb_src_ACCEPT -A zone_usb_input -m comment --comment "user chain for input" -j input_usb_rule -A zone_usb_input -j zone_usb_src_ACCEPT -A zone_usb_output -m comment --comment "user chain for output" -j output_usb_rule -A zone_usb_output -j zone_usb_dest_ACCEPT -A zone_usb_src_ACCEPT -i usb0 -j ACCEPT -A zone_wan2_dest_ACCEPT -o -j ACCEPT -A zone_wan2_forward -m comment --comment "user chain for forwarding" -j forwarding_wan2_rule -A zone_wan2_forward -m comment --comment "forwarding wan2 -> lan" -j zone_lan_dest_ACCEPT -A zone_wan2_forward -j zone_wan2_src_ACCEPT -A zone_wan2_input -m comment --comment "user chain for input" -j input_wan2_rule -A zone_wan2_input -j zone_wan2_src_ACCEPT -A zone_wan2_output -m comment --comment "user chain for output" -j output_wan2_rule -A zone_wan2_output -j zone_wan2_dest_ACCEPT -A zone_wan2_src_ACCEPT -i -j ACCEPT -A zone_wan_dest_ACCEPT -o wlan1 -j ACCEPT -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule -A zone_wan_forward -m comment --comment "forwarding wan -> lan" -j zone_lan_dest_ACCEPT -A zone_wan_forward -j zone_wan_src_ACCEPT -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow-Ping" -j ACCEPT -A zone_wan_input -j zone_wan_src_ACCEPT -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule -A zone_wan_output -j zone_wan_dest_ACCEPT -A zone_wan_src_ACCEPT -i wlan1 -j ACCEPT -A zone_wiredwan_forward -m comment --comment "user chain for forwarding" -j forwarding_wiredwan_rule -A zone_wiredwan_forward -m comment --comment "forwarding wiredwan -> lan" -j zone_lan_dest_ACCEPT -A zone_wiredwan_forward -j zone_wiredwan_src_ACCEPT -A zone_wiredwan_input -m comment --comment "user chain for input" -j input_wiredwan_rule -A zone_wiredwan_input -j zone_wiredwan_src_ACCEPT -A zone_wiredwan_output -m comment --comment "user chain for output" -j output_wiredwan_rule -A zone_wiredwan_output -j zone_wiredwan_dest_ACCEPT COMMIT # Completed on Tue Nov 10 13:38:41 2015 If you can help me workout where I'm screwing up, it'd be most appreciated. Thanks guys
  2. Hey guys. I wrote a file browser infusion a while ago but I have misplaced the source code. I upgraded my pineapple and wanted to get my infusion working on the new firmware. Is there anywhere we can get the old infusion versions from? Thanks.
  3. Check it out people.... http://cloud.wifipineapple.com/wiki/doku.php?id=modulecreation
  4. I have started writing up a "current stable" (2.5.0) manual on the wiki, from the book. Please, anyone who can spare 5 minutes, fill in some of the web interface details. I was also planning to include some tutorials for common pineapple configurations.
  5. Hold "CTRL" and scroll down with your mouse wheel to zoom out. I'll look into a fix soon. Should only require adjusting some form elements and a little css...
  6. I havent tried it but you could just do the same thing with your mp3 base64 encoded...
  7. I am using a similar setup. To make windows mimic a pineapple, remember to set your dns server and default gateway to 172.16.42.42 on the PC as well as setting the ip to 172.168.42.1, 255.255.255.0 As far as using the wifi pineapple as the ap, with an ethernet connection to a ddwrt router, operating as guest on a wireless network... First check you are plugged into the PoE LAN port on your pineapple.(I'm using MKIV, but you havent specified) Then check that you only have two entries in your routing table. I had plugged into the WAN/LAN port at one point, and acquired some other routes that were screwing my setup up. You dont need DHCP on the WifiGuest router then, as the PoE LAN interface on the pineapple is a static ip, with the routing configured by default. This makes for a fairly elegant solution as you can use the built in pineapple wifi for karma, use the ethernet port for internet, and use the usb for storage or an alfa. I'm using a DLink DIR-300 with DDWRT as my secondary router. Its nice cause it'll run off 5v. Oh, and one last note, ADD YOUR WIFI GUEST ROUTERS MAC ADDRESS TO KARMA'S BLACKLIST!!! this threw me off, as I was giving myself bad karma. This will stop you connecting to yourself accidentally.
  8. #Neworld I have tried that one. If you write several rules that match your target domain, it is the last rule that returns... EXCEPT when you use a global wildcard. 1.1.1.1 1.com 2.2.2.2 *.1.com 3.3.3.3 *.com 4.4.4.4 *.1.com 5.5.5.5 1.com returns 3.3.3.3 no matter what leapole thats a good workaround, however I think I'll have a go re-implementing dnsspoof anyway. I could add more functionality then.
  9. I suppose I've gotten used to other tools which either: Fall through a rule set until a match is found then quit, or Go through the rules and apply the last one that matches. Dnsspoof seems to do the latter, (created multiple rules for the same domain, and the last ip was returned from nslookup against the pineapple) however it also places global wildcards [172.16.42.1 *] of higher precedence than all other rules, meaning you cannot override a global wildcard. The only method i've found so far to make it work is to make a wildcard for each tld. They dont appear to take precedence over more specific rules then.
  10. I have been trying to configure dnsspoof to provide one ip on a global wildcard and another for a specific domain. I tried with a config of: 172.16.42.1 * 172.16.42.208 example.com thinking it would fall through. After a bunch of testing and finding dnsspoof.c, it appears that a wildcard overwrites all. I am not very well versed at c++, but I think a new dnsspoof is needed that will provide the ip for the first match only, enable blacklisting on ip's and mac's of clients (so you can still get online) and of domains. What do you guys reckon? Am I missing something? Does a better dnsspoof already exist? Here is the source I found: http://www.koders.com/c/fid68F234C7F4AC49441E468F645E43ABB3C8665B65.aspx
  11. Pineapple File Browser Module I noticed the lack of a basic file browser, so I have written one. I attempted to make it look as "pineapple-ish" as I could. Version 0.2 Features: Multi-file Copy, Move and Delete View Rename Version 0.1 Features: Browse the full filesystem of your pineapple Basic text editing - WARNING: This is my first attempt at this sort of file editor, and although I believe I have gotten all the character work (addslashes, stripslashes, htmlspecialchars, etc.) working properly... I would practice some caution editing system critical files. Strip windows line endings Planned features: Upload
  12. Yeah, I used bartender. One question... In bartender, when I edit my project, should the "start page" be just the php file to launch to start (filemanager.php), include the module directory (FileBrowser/filemanager.php), or some sort of launch script?
  13. I was just wondering how long it takes to have wiki and module submission accounts authorized? I have a File Browser module I want to get out there.
  14. I use a dd-wrt dlink dir-300 to give me wifi client gateway, while leaving the usb free. Some of these routers have usb host. That way you could store on a usb, have client gateway, use the pineapple usb with an alpha to do de-auth, all off a couple of usb power packs
  15. Never Mind... I reflashed and my routing tables changed. It seems I had somehow acquired some phantom eth1 routes that were screwing with everything. Working awesome now.
  16. Hey guys. I have recently received my MKIV and have been playing around with some simple sniffing... I had a D-Link DIR300 running dd-wrt which I was using as a wireless client to forward pinapple clients to the internet, while keeping the usb port free. (Runs on 5V, kinda cool setup.) However, I have been having trouble forwarding packets from pineapple clients to ANY 172.16.42.42 gateway since the flash... What do you guys reckon? I'm thinking I'll reflash and factory restore tonight to see if the problem goes away... And yes, I flashed on a wall wart over ethernet... Cya, Aussieklutz
  17. A modified version of pe2usb is available at: http://ezyuzin.livejournal.com/2729.html The source has been tied down and force fed spinach until it became awesome enough to work with larger disks
  18. Disregard!! I am doing a computer security assignment, and want to know what you guys think about where i should put the wireless access points. I am treating the wireless as a hostile network and dont know if i should connect it to the access router or the bastion host. It may not matter too much. I am planning routes to seperate the wireless and the internet. Is it more important to protect the wireless from the internet, or the network from the wireless. I plan to have wireless devices connect in using VPN Here is the layout:
  19. Hey guys. I'm living in accomodation on my uni campus and they charge us $20 a month for 1.5 Gig and a further $20 for each gig over that. Until just recently there was a loop hole. The network was configured like this: Accomodation Accounting Proxy -------------- Accomodation subnet | Accomodation Router | Uni Proxy | Web The subnet uses dhcp but you could just put in the Accomodation Router as a static gateway. They have since patched the hole. Being a computing student I have access to the School of Computing unix server. First thing I did was determine that I could get proxy access with Links. All well and good. I then set up Xming on my desktop and used putty to send my X desktop to my windows machine. This works well except for larger downloads as I only have about 20 MB on my unix share and cannot mount a samba share or a ftp share. My next step was to get my larger downloads with Wget and set the output -O switch to a named pipe (read fifo) which I tunneled through netcat (had to listen on my desktop as I cant connect to netcat on the unix box) to another netcat server on my desktop piping the output to file. Yay, now I can download hak5 from my desktop again... The next stage is to set up a persistant netcat tunnel between the unix server and my desktop so I can connect to the proxy through the tunnel as if I was connecting direct from my desktop. -- Your friendly neighbourhood aussieklutz
  20. This is gonna take a bit longer than I had originally planned. I want to find a better way to extract the co-ordinates from the kml files. Also trying to rewrite my blog code, so it might take a while
×
×
  • Create New...