Jump to content

Network Configuration

.exe

By .exe
in WiFi Pineapples Mark I, II, III

 Share

Recommended Posts

.exe Newbie

.exe

Posted
Posted

I think its time we discussed how the network configuration of how this device works as I still cant get this setup in a way that is easy for me to use and this im sure is annoying others just as much quietly.

There are two interfaces:

1. WIFI (actually the LAN)

2. LAN (actually the link to the INTERNET, your LAN or WAN etc)

I cant seem to control the DHCP addresses assigned by the WIFI interface to connecting clients. How do I configure DNS and GATEWAY options for this interface to distribute to wireless clients? None of these settins are available on the OpenWRT config page.

The LAN interface appears to exist on the same subnet as the WIFI interface which I think is really bad as it allows clients to access the config page. Are these interfaces bridged and they need to exist on the same subnet in order to exchange information (this is what im assuming)? How to I stop wireless clients (and only wireless clients) accessing the Jasager config page (http://192.168.1.1) as I have been told this can be done with IPTables? Is it possible to change the address this is accessed from or this interfaces IP?

Finally what are the names of these interfaces within the OpenWRT OS (I think one is eth0 but i dont think the LAN interface is called this and its called br-lan).

Just a general overview of how this all works together would be really appreciated and some links would at least provide me with a starting point.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

OK, I've just got a new Fon flashed so it is completely clean. I'll go through and set it up and then let you know the process of getting it completely online.

Got to fit a new hdd to my desktop tonight so give me a day or so and I'll get what I can up.

Link to comment
Share on other sites
.exe Newbie

.exe

Posted
  • Author
Posted
OK, I've just got a new Fon flashed so it is completely clean. I'll go through and set it up and then let you know the process of getting it completely online.

Got to fit a new hdd to my desktop tonight so give me a day or so and I'll get what I can up.

The device is working fine :) Its just set up really weirdly from a networking prespective.

For example both interfaces share the same subnet therefore both get issued DHCP leases (wtf.....).

Ideally you want both interfaces communicating but using different subnets which should be possible if this is using OpenWRT.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

You can probably do this quickly with webif. Just go through the interface and see what you can set.

I've just got my new hdd installed so that is one job out of the way, this is moving up the list!

Link to comment
Share on other sites
Bitstream Newbie

Bitstream

Posted
Posted
Both Jasager and webif are password protected. The username is root and the password is whatever your root password is.

Hmmm, for me, the Jasager page is protected if you go to it on port 1471 but not if you connect straight to port 80...then it will just happily forward you with no authentication required. The webif.html is protected on port 80 though.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
Hmmm, for me, the Jasager page is protected if you go to it on port 1471 but not if you connect straight to port 80...then it will just happily forward you with no authentication required. The webif.html is protected on port 80 though.

Sounds like the .htaccess maybe ended up in the wrong place. I'll have a look.

Link to comment
Share on other sites
RchGrav Newbie

RchGrav

Posted
Posted
Same results here. Jasager page is accessible without authentication. /webif.html asks for a username/password.

Hi Everyone... The step where Darren told you to copy over all of the karma\www stuff wasn't necessary as far as I can tell... Digininja has it running on the 1471 port PW protected right where it sits under karma/www. At this point, your best bet is to do some command line cleanup of the main www folder. You can figure out what to delete by looking at what copied over.. luckily all of the webif stuff is still there and wasn't overwritten. Thats what I did to clean up mine, and I was wondering why Darren had that extra step in there. Maybe the instructions should be edited a bit.

Mine is working great with both sites PW protected.

Link to comment
Share on other sites
RchGrav Newbie

RchGrav

Posted
Posted
I think its time we discussed how the network configuration of how this device works as I still cant get this setup in a way that is easy for me to use and this im sure is annoying others just as much quietly.

There are two interfaces:

1. WIFI (actually the LAN)

2. LAN (actually the link to the INTERNET, your LAN or WAN etc)

I cant seem to control the DHCP addresses assigned by the WIFI interface to connecting clients. How do I configure DNS and GATEWAY options for this interface to distribute to wireless clients? None of these settins are available on the OpenWRT config page.

The LAN interface appears to exist on the same subnet as the WIFI interface which I think is really bad as it allows clients to access the config page. Are these interfaces bridged and they need to exist on the same subnet in order to exchange information (this is what im assuming)? How to I stop wireless clients (and only wireless clients) accessing the Jasager config page (http://192.168.1.1) as I have been told this can be done with IPTables? Is it possible to change the address this is accessed from or this interfaces IP?

Finally what are the names of these interfaces within the OpenWRT OS (I think one is eth0 but i dont think the LAN interface is called this and its called br-lan).

Just a general overview of how this all works together would be really appreciated and some links would at least provide me with a starting point.

I also found this to be true, webif is a little (lot) wacked as it sits. I was going to tweak a few things but was concerned if I made the wrong move I may brick my jasager (lock myself out networking wise.)

If changes are made, can they be safely set back to default using the reset switch?

I also have the same questions .exe has.

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
I also found this to be true, webif is a little (lot) wacked as it sits. I was going to tweak a few things but was concerned if I made the wrong move I may brick my jasager (lock myself out networking wise.)

I did lock myself earlier today and was afraid i was gonna be out 40 bucks but discovered that if you go back to "Step 11: Flash FON's firmware." you can reflash and start over again.

If changes are made, can they be safely set back to default using the reset switch?

As far as my testing the reset switch appears to be useless.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
Im just glad people are beginning to talk about this......

This needs password protection and should only be accessed via something exotic like the webif page.

In my standard install anything on port 1471 is protected by the equivalent of htaccess. The setting for that is in /karma/etc/httpd.conf.

Darren adding the step to rename index.html and replace it with mine is to stop the need for adding port 1471 onto the url. The problem may be the redirect that this is doing.

Try closing browser down completely (all windows) and then hitting <fon>:1471/ directly, see what happens.

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
In my standard install anything on port 1471 is protected by the equivalent of htaccess. The setting for that is in /karma/etc/httpd.conf.

Darren adding the step to rename index.html and replace it with mine is to stop the need for adding port 1471 onto the url. The problem may be the redirect that this is doing.

Try closing browser down completely (all windows) and then hitting <fon>:1471/ directly, see what happens.

If you copy the httpd.conf from the karma/etc folder to the root/etc folder and overwrite the existing one it will prompt with UN/PWD for both jasager and webif.

Link to comment
Share on other sites
.exe Newbie

.exe

Posted
  • Author
Posted

Thats cool :)

Thats much more secure now and worth adding to the guide.

However I would advise everyone to take into account this doesnt used cookie based authentication. So to logout in firefox you will have to clear your private data so it forgets the httpd credentials.

It would be nice if you could stop clients connecting to that IP altogether though. Any news on how to do this with IPTables Darren?

Link to comment
Share on other sites
.exe Newbie

.exe

Posted
  • Author
Posted

The next step is connecting the jasager to the internet. Anything free or low cost available to do this in europe? Ideally it needs to be a mobile device so any recommendations?

UPDATE: Heres the best I could come up with http://threestore.three.co.uk/dealsummary....code=18MB1GD017 but it would require running XP which is not good if you wanna run BT3 over Madwifi. A second pc is not practical either.

I have also noticed this post: http://hak5.org/forums/index.php?showtopic=10215&st=20

Its interesting that he has used ICS to leaverage his internet but this overcomplicates the setup and anchors you to XP (again).

Link to comment
Share on other sites
semperfive Newbie

semperfive

Posted
Posted

I agree.

While I understand the benefits of Karmetasploit already running on BT3, I'm interested in attempting to bridge or share an internet connection coming in over eth0 into my eee PC and the internet coming in and out of ath0/wifi0.

I think that ultimately the modular nature of the jasager combined with the pre installed environment of BT3 will be the ultimate in pentesting.

I am very interested in any sage advice someone would have in performing this bridge in linux (specifically BT3). I can't get it to work.

But, regardless of the frustration with the internet connection sharing, this has been a very fun project!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...