Joe C Posted December 1, 2008 Share Posted December 1, 2008 Hey guys, I have managed to get Jasager installed on my fon 2100, everything seems to be working well with that. However when i try and set up the ICS as per the wiki, i seem to lock myself out of the fon. I can not ping the 192.168.0.250. I have followed the wiki exactly. Anything you guys can think of that may help, I have the exact ip scheme as the wiki so feel free to reference it if that helps. Thanks Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 1, 2008 Share Posted December 1, 2008 What OS... Linux, Window, Mac? I havent read the wiki but i have done ICS before. Do you have a dhcp running on your computer to assign an IP to the fon? Quote Link to comment Share on other sites More sharing options...
Joe C Posted December 2, 2008 Author Share Posted December 2, 2008 What OS... Linux, Window, Mac? I havent read the wiki but i have done ICS before. Do you have a dhcp running on your computer to assign an IP to the fon? I am using windows xp, i do not have a dhcp server setup on it.. the wiki does not mention one however i remember Darren talking about one on the episode of hak5. Quote Link to comment Share on other sites More sharing options...
colforbin Posted December 2, 2008 Share Posted December 2, 2008 Install Angry IP Scanner and sweep the 192.168.0.0 and 192.168.1.0 networks (all possible addresses). You should be able to find your fonera's IP hiding in there somewhere. I don't know why this is happening to you, but I've seen others reporting the same behavior. Quote Link to comment Share on other sites More sharing options...
Whig Posted December 3, 2008 Share Posted December 3, 2008 It would be really cool if somebody could write good tutorial for idiots like me about ICS with Jasager and Linux. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 3, 2008 Share Posted December 3, 2008 I don't exactly do ICS in linux, I setup routing so that my fon can route traffic through my normal lan. To be able to do this you need to be able to set routing rules on your default gateway. Mine is an Asus running openwrt so setting this is easy. This way the victims are kept on their own network, my internal is 192.168, the wifi is 10.0. It means that they have less access to the network than if they were dumped directly on it as I think you get when you do ICS with windows. If you want to know how to get this working shout and I'll try to document it. Quote Link to comment Share on other sites More sharing options...
colforbin Posted December 4, 2008 Share Posted December 4, 2008 It would be really cool if somebody could write good tutorial for idiots like me about ICS with Jasager and Linux. First of all you are not an idiot. Next take a look at this. I haven't tried this myself, but I'm going to assume (and also ask anyone who can answer) that you could have a tiny Linux distro, set up as a virtual machine, inside a physical Linux distro to perform the task of masquerading, without mucking around with the settings of the host machine.? Quote Link to comment Share on other sites More sharing options...
walts Posted December 11, 2008 Share Posted December 11, 2008 I don't exactly do ICS in linux, I setup routing so that my fon can route traffic through my normal lan. To be able to do this you need to be able to set routing rules on your default gateway. Mine is an Asus running openwrt so setting this is easy. This way the victims are kept on their own network, my internal is 192.168, the wifi is 10.0. It means that they have less access to the network than if they were dumped directly on it as I think you get when you do ICS with windows. If you want to know how to get this working shout and I'll try to document it. Yes, please document it! I've been going nuts trying to get this working with Windows, with my WIFI network in 10.100 and the Jasager in 192.168. I have a Mac, and I'm fairly sure your Linux solution would work using the uderlying Unix on the Mac. Walt Quote Link to comment Share on other sites More sharing options...
digininja Posted December 11, 2008 Share Posted December 11, 2008 will try. If I haven't given you an answer by Sunday, PM me to remind me. Quote Link to comment Share on other sites More sharing options...
shodanime Posted December 12, 2008 Share Posted December 12, 2008 I have the same problem. The first thing i tried to bridge the 2 connections (wire and wireless) so I can get internet from my linksys router wireless for the fon so it can share it.(The fon is hooked up by Ethernet) That did not work what would happen is that it would only connect one of the 2 networks. Then i found ICS where all the problems really begins. I have set the fon to a static IP to 192.168.0.1 (I set it like this because i am not sure what is the best ip settings for the fon) my linksys router is 192.168.1.1. When i follow the ICS wiki the fon wouldn't even let me in to jasager anymore. In fact i wasn't even able to see a default gateway anymore. What i am really asking is how can I set the fon to share my wireless internet from my computer. I am really sorry for being such a noob. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 12, 2008 Share Posted December 12, 2008 First a diagram. on the fon I have a default route of 192.168.2.1 so route add default gw 192.168.2.1 Make sure you have ip forwarding enabled echo 1 > /proc/sys/net/ipv4/ip_forward To enable a dhcp server on the fon /usr/sbin/dnsmasq -K -d -F 10.1.1.100,10.1.1.200 This will give out the IP addresses in the range specified and will also tell clients that it is the default gateaway. The fon then knows where its default gateway is so it will then route traffic through 192.168.2.1. The problem comes when traffic comes back into the network, it hits 192.168.2.1 which looks at the subnet, doesn't recognise it as its own so sends it back out to the internet, this means traffic can flow from a client out to the net but when it comes back in it hits a barrier at the router and just gets reflected back. To solve this you need to tell the router how to get to the 10.1.1.0 subnet. My router runs openwrt so I do this with this command route add -net 10.1.1.0 netmask 255.255.255.0 gw 192.168.2.2 So, all traffic to net 10.1.1.0 with subnet mask 255.255.255.0 gets routed through 192.168.2.2 rather than bounced back to the net. The last thing I had to do was to do this on the router iptables -I FORWARD -i br0 -o br0 -j ACCEPT and this on the Fon iptables -I FORWARD -i eth0 -o ath0 -j ACCEPT iptables -I FORWARD -o eth0 -i ath0 -j ACCEPT One of the above is redundant but I can't remember which one. This basically tells iptables to allow traffic through. Hopefully all this makes sense, if not, I'm sure people will ask questions. Quote Link to comment Share on other sites More sharing options...
walts Posted December 12, 2008 Share Posted December 12, 2008 HMMM.... I get what you're doing, but unfortunately the BSD Unix that underlies OS X does not have an iptables command. Instead that is replaced by ipfw which has a forwarding function, in you example it would be ipfw add allow ip from 10.1.1.0/24 to any fwd 192.168.2.1 (If I read the man pages correctly) Unfortunately that comes back with ipfw: unrecognized option [-1] fwd\n and further reading reveals that this only works if the kernel was compiled with IPFIREWALL_FORWARD. So, unless there's a Mac expert reading this who can clarify, I will probably go back to Windows and fight with that some more. Walt Quote Link to comment Share on other sites More sharing options...
digininja Posted December 12, 2008 Share Posted December 12, 2008 You may not need it, try it without it. Quote Link to comment Share on other sites More sharing options...
walts Posted December 14, 2008 Share Posted December 14, 2008 Thanks. I'm beginning to think that my problem is more basic than that. Sorry for not being "artistic" but I'll try to describe what's happening. I have the FON connected to my Mac via wireless, connected to OpenWrt. with Karma "on" I connect to the FON from a Nokia N800 (Basically a Linux box with WIFI) N800 (192.168.0.216) <----> (?.?.?.?) FON (192.168.10.1) <--------> (192.168.0.180) Mac ifconfig on the FON does not show an IP address for ath0 or wifi0. With Wireshark running on the Mac, I can see web traffic for the control program going back and forth to the FON, but no traffic from the N800 passing through the FON to get to the outside. I do see a number of DNS refusals aimed at the FON but being sent to the Mac instead. So it looks to me as if the FON is not performing its bridging function correctly. I could re-flash it, but before I do I'd like to try to figure out what's going wrong. The web interface to OpenWrt doesn't seem to be all that friendly (per the wiki and my experience, the Network tab doesn't work reliably) so I've been working with /etc/config/network directly. Here is how it stands: root@OpenWrt:~# cat /etc/config/network # Copyright (C) 2006 OpenWrt.org config interface loopback     option ifname    lo     option proto    static     option ipaddr    127.0.0.1     option netmask    255.0.0.0 config interface lan     option ifname    eth0     option type     bridge     option proto    'static'     option ipaddr    '192.168.10.1'     option netmask    255.255.0.0 root@OpenWrt:~# I don't understand why there is no entry for ath0 or wifi0, and when you configure eth0 as "bridge", don't you need to say bridged to what? TIA for the help! Walt Quote Link to comment Share on other sites More sharing options...
digininja Posted December 14, 2008 Share Posted December 14, 2008 With my solution there is no bridge, a bridge puts two physically separate networks together onto the same one by joining two network interfaces. What I do is setup routing so that data that comes in on ath0 is then routed across to eth0 and out. You should have an ip address on both ath0 and eth0, wifi0 is just the parent of ath0 and can be ignored. Do a brctl -show (I think) and see what is there, if it shows anything, delete it, you don't want it. Your N800 should get an IP address on the subnet that you are using for the wifi clients, 10.1.1.0 in my example, ath0 should also be on that subnet (10.1.1.1). eth0 should be on the same network as your MAC (192.168.2.0). To help debug things, drop dhcp and give everything static ip addresses, set all the routing by hand and then test where you can ping to and from. The more tcpdump/wireshark monitors you can have the better, I found at one stage that traffic was flowing one way through a device but never getting back, tcpdump allowed me to spot that. See if this helps. Quote Link to comment Share on other sites More sharing options...
walts Posted December 14, 2008 Share Posted December 14, 2008 Thanks. I think the confusion about bridging came about from the ambiguity of the webif maintenance page. That's why I was thinking of re-flashing to get a "clean" start, but I like your idea better, of setting up static IP addresses for testing. I will try that tomorrow and post back what I find. Walt Quote Link to comment Share on other sites More sharing options...
Whig Posted December 22, 2008 Share Posted December 22, 2008 First of all you are not an idiot. Next take a look at this. I haven't tried this myself, but I'm going to assume (and also ask anyone who can answer) that you could have a tiny Linux distro, set up as a virtual machine, inside a physical Linux distro to perform the task of masquerading, without mucking around with the settings of the host machine.? I was lazy... I had one spare laptop so I installed Windows XP to it and now that works via ethernet cable. Is it possible to do everything wirelessly? Now I have: Jasager@Fon -- CAT5 cable --> Laptop --> USB-cable --> Nokia E90 (3G) ---> Internet and that's probably not the best way to do that =) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.