MITM with Jasager

[siblbombs]

I guess I missed something, but what would be really helpful would be a description of how the traffic is routed. After a client connects to Jasager on a Fon, does the Fon then in turn route the traffic directly to the internet or to a laptop then the internet? Obviously it would be great to be able to run different programs on a laptop with the traffic moving through it, can anyone shed some light on this issue?

[Darren Kitchen]

If you follow the guide so far the clients connect and are issued an IP. It is my intention to use my laptop, connected via WiFi, as the default gateway to the internet (via EVDO or HSDPA). I haven't had a chance to play with the net config yet but I know it's possible. It's just a matter of setting the gateway.

[digininja]

I guess I missed something, but what would be really helpful would be a description of how the traffic is routed. After a client connects to Jasager on a Fon, does the Fon then in turn route the traffic directly to the internet or to a laptop then the internet? Obviously it would be great to be able to run different programs on a laptop with the traffic moving through it, can anyone shed some light on this issue?

This is completely optional, you chose where to route the traffic. They way I have it set up is that the fon sits on my network through the wired port. It has a default gateway of my internet gateway so that all traffic is routed out onto the internet or onto the internal network as appropriate.

The hard bit for most people is getting the default route back to the fon setup. Quick example...

Jasager gives out IP's on the 10.1.1.0/255 subnet

Your internal network is on 192.168.0.0/255

A Jasager client sends a packet to the internet on the wireless, the fon knows the two subnets and knows to route it to the gateway.

The gateway checks the destination IP and sends it out to the internet.

All is good so far.

The packet comes back in and the gateway checks the IP, it is for 10.1.1.1. The gateway checks to see if it knows about that subnet, it doesn't so it throws it back out to the internet.

The packet gets lost in the cloud.

The way to solve this is to tell the router that it needs to use the fon to route all the traffic for the 10.1.1.0 subnet. I have an openwrt device as my router so I simply ran:

route add -net 10.1.1.0 netmask 255.255.255.0 gw 192.168.0.111

(Where 192.168.0.111 is the IP of my fon)

on my router. This then tells the router how to route traffic for the 10 subnet.

Depending on your IP tables rules, you may have to adjust them to allow the extra traffic. This depends on how you have things setup.

If you are running an off the shelf router then check it and see if it will allow you to set routes, if not then you may be out of luck with this solution. I'm sure there is probably a way to do it by routing through another machine and re-writing headers or proxy'ing or something but I'll leave that for someone else to explain.

<note>All IP's and subnets are made up, substitute your own in where appropriate</note>

[DeepN1KE]

Robin,

I have a similar setup, however when the Fon is plugged into my wired network it doesnt show up in the connected devices, so I cant easily see the AP to connect to it.

Any tips?

[siblbombs]

I am getting a better understanding of how this all works, but i still have a few questions. Can I connect my laptop to my fon via Ethernet then bridge a wifi connection to the fon? Is there a way to bridge connections from the command line in Ubuntu?

[digininja]

Robin,

I have a similar setup, however when the Fon is plugged into my wired network it doesnt show up in the connected devices, so I cant easily see the AP to connect to it.

Any tips?

What do you mean connected devices? On Jasager? If so, then it won't, they are only connected clients.

I think I'm missing a key thing about what you are asking, give me a bit more info and I'll help

[digininja]

I am getting a better understanding of how this all works, but i still have a few questions. Can I connect my laptop to my fon via Ethernet then bridge a wifi connection to the fon? Is there a way to bridge connections from the command line in Ubuntu?

Simple answer, Yes.

Harder answer, how to do it!

Bridging is controlled by btcrl. A really good place to look for info on this is in the instructions for setting up VirtualBox, an opensource VMware replacement (or at least it used to be). You basically take down the IP on eth0 by setting it to 0.0.0.0 (there may be better ways but I know this works) then you create a bridge with brctl and add eth0 and your wifi to it. You can then treat the bridge (usually br0) as if it were a single network interface, e.g. bring up dhcp on it etc.

If you do this, make sure you kill any dhcp clients that are working on eth0, they will interfere and try to get eth0 an IP when it shouldn't have one.

[siblbombs]

If i understand right, wlan0 would have the active internet connection then i would bring down eth0 and bridge with

brctl addbr br0

brctl addif br0 wlan0

brctl addif br0 eth0

From there, br0 would have all the packets routed through it and could be treated as a normal network interface for monitoring and such?

p.s. Thanks for all the help, i started watching hak 5 when rev3 picked them up, and the Forum has been really responsive and helpful

[DeepN1KE]

What do you mean connected devices? On Jasager? If so, then it won't, they are only connected clients.

I think I'm missing a key thing about what you are asking, give me a bit more info and I'll help

I mean when my Fon is connected to my wired network, I am unable to access it as I cant identify the IP address it has been allocated.

I assume this is because the Fon thinks it 192.168.10.1 and my network doesnt use that range.

Although it is assiging connected client via dhcp from my network.

So basically in your scenario (and mine) how are you monitoring and connecting to the Fon to see what going on in real time.

[digininja]

I mean when my Fon is connected to my wired network, I am unable to access it as I cant identify the IP address it has been allocated.

I assume this is because the Fon thinks it 192.168.10.1 and my network doesnt use that range.

Although it is assiging connected client via dhcp from my network.

So basically in your scenario (and mine) how are you monitoring and connecting to the Fon to see what going on in real time.

Got you. Just ssh in through the wifi interface and do an ifconfig eth0 to find the ip address of it. If it is getting it through your dhcp server then it should be on your subnet. If not you have two options, either change its ip with ifconfig eth0 x.x.x.x or give your laptop a second interface on the right subnet by creating eth0:1. The first option is the easiest, the second one would probably require special routing on the gateway.

[crater]

digininja, I've got the fon connecting as a client, and serving out a signal and i can for example ping google from the fon VIA ssh. Can't get internet via fon client, net is fine on the other network the fon is bridging to. Mind posting all your routes to give me an idea of what i may have missed?

[DeepN1KE]

Ok I have resolved my issue, and can now have the Fon connected to the Internet, and be able to access it myself over my network to view the status.

This is how. (Help Also from byte_bucket on PaulDotCom IRC)

I SSHed into the Fon (Wired or Wireless)

I then typed

/etc/config/network

To see the configuration, showing me as expected static IP is 192.168.1.1

I then confirmed this with

uci get network.lan.ipaddr

Then I did the following

uci set network.lan.ipaddr="x.x.x.x"

uci commit

Then confirm again with

uci get network.lan.ipaddr

then

reboot

Job done.

Hope it helps someone.