Jump to content

2 Noob questions


Recommended Posts

Hello agin,

Hopefully I'll answer my own question again but I'll post anyway. Maybe it will help someone ells.

What is a safe Tx Power setting for the Fon La Fontenna ? Is 16dbm Safe ?

Has anyone gotten Internet connection sharing working with Linux ?

----------------

I got the Internet connection sharing working with Linux. Or it "Should" be working.

I did this....

Internet GW IP range is 192.168.1.1 255.255.255.0

- On laptop -

wlan0 = Internet

eth0 = Ethernet Port set to share

ifconfig eth0 192.168.0.1 netmask 255.255.255.0
ifconfig eth0 up

Then set of Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Then set up iptables to bridge the connection

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
/etc/rc.d/iptables save
/etc/rc.d/iptables start

-----------------------

- On Pineapple -

On. . .

http://192.168.0.2/cgi-bin/webif/network.sh

(lan Configuration)

Connection Type = "Static IP"

Type = "Bridged"

Ipaddress = "192.168.0.2"

Netmask = "255.255.255.0"

Default Gateway = "192.168.0.1"

Then I added the OpenDNS servers to the resolve.conf file. . .

echo "nameserver 208.67.222.222" >> /etc/resolv.conf
echo "nameserver 208.67.220.220" >> /etc/resolv.conf

-----------------------

I can SSH into the Pineapple root@192.168.0.2

I then then ping the the eth0@192.168.0.1 & google.com

root@OpenWrt:~# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: seq=0 ttl=64 time=1.763 ms
64 bytes from 192.168.0.1: seq=1 ttl=64 time=1.496 ms
64 bytes from 192.168.0.1: seq=2 ttl=64 time=1.471 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.471/1.576/1.763 ms

root@OpenWrt:~# ping 74.125.19.105
PING 74.125.19.105 (74.125.19.105): 56 data bytes
64 bytes from 74.125.19.105: seq=0 ttl=51 time=71.131 ms
64 bytes from 74.125.19.105: seq=1 ttl=51 time=75.533 ms
64 bytes from 74.125.19.105: seq=2 ttl=51 time=74.146 ms
^C
--- 74.125.19.105 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 71.131/73.603/75.533 ms

root@OpenWrt:~# ping google.com
PING google.com (74.125.19.105): 56 data bytes
64 bytes from 74.125.19.105: seq=0 ttl=51 time=267.918 ms
64 bytes from 74.125.19.105: seq=1 ttl=51 time=80.228 ms
64 bytes from 74.125.19.105: seq=2 ttl=51 time=77.532 ms
64 bytes from 74.125.19.105: seq=3 ttl=51 time=78.513 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 77.532/126.047/267.918 ms

------------------------

But If I connect to the Wireless connection Pineapple in a VirtualBox-BT4 It will "TRY" to resolve the DNS of http://google.com in Firefox but will not succeed. If I connect to the Wireless and then SSH into the Pineapple I can Ping Google.com... Just not in Firefox. I can turn on "Karma" and it will suck in Noobs but the Noobs can't resolve DNS in Firefox ether... Same gig as if I connected to the Pineapple essid.

The connected clients to the WiFi can Ping the Pineapple@192.168.0.2 & eth0@192.168.0.1 But NOT wlan0@192.168.1.166 Nore the real GW@192.168.1.1 Nore google.com

So, My laptop IS sharing the internet between. . .

GW>->wlan0>eth0>->Pineapple

Pineapple>->eth0>wlan0>->GW

Wifi>Pineapple>eth0>:brake:>wlan0>GW

--------------

I know I had to tun on DHCP for "WAN"? To get give Wireless clients IP's.... Shouldn't that be the "LAN"?

I when ahead and set up the Bridge for the "WAN" as well but No go.

-------------------------

I went ahead and set the DNS servers in. . .

http://192.168.0.2/cgi-bin/webif/network.sh

But still same gig.

Link to comment
Share on other sites

Well I bricked it....

I filaly listened to they stupid XP Internet connection sharing thread. And set the lan to DHCP instead of Static IP. I din't know what ells to do. Everything Should have been working...arg

http://wiki.hak5.org/wiki/Internet_Connect...mit_Der_Jasager

Now, I can't get an IP on WiFi and not on Ethernet. All I changed was a eth0 lan setting and now the WiFi will not give out IP's ? crazy.

ya ya,, I know I just need to install a DHCP server on my laptop. and that is "Suppose to Work' but so was everything ells I was doing.

Link to comment
Share on other sites

It's late and you had a lot of questions in that post...It sounds like DHCP need to send the clients a default route and a DNS server. I usually give clients a LAN DNS server (FON) and a Public DNS server (4.2.2.2 or google's own 8.8.8.8)

I wrote up a blog post about setting up Jasager and "ICS" on Linux. Hopefully it can help you: http://alex.hrck.net/?p=32

Also created a simple bash script to set up ICS automatically: http://alex.hrck.net/docs/traffic-forwarding.sh

Link to comment
Share on other sites

Thanks for the reply :)

I got it all worked out now. I wish I would have read your respose before. But I learned a lot doing it.

I even wrote my own HowTo for Linux. I guess this forums needed one even though you wrote one already :P

HowTo- Internet Connection Sharing on "LINUX"

http://hak5.org/forums/index.php?showtopic...t=0#entry148756

Link to comment
Share on other sites

Good HowTo! One issue I've experienced is the pineapple becoming the default gateway for the laptop if it is already connected to a wireless AP, thus causing routing problems. So I was sure to check for and fix that with my script.

BTW, I'd be interested to know if the shell script I wrote worked for you.

Link to comment
Share on other sites

Good HowTo! One issue I've experienced is the pineapple becoming the default gateway for the laptop if it is already connected to a wireless AP, thus causing routing problems. So I was sure to check for and fix that with my script.

BTW, I'd be interested to know if the shell script I wrote worked for you.

Owe, I see. You are have it dishing out IP's from the router. That is a better way of doing it I guess. I'll have to set up the Pineapple a to static IP and try it out. But reading through the shell script.. It looks like it will work vary well. I'm not sure though. Running a DHCP+DNS server on the Host laptop may be more resilient to changes in the network. However, I have not fully internalized the way your set up is working. So, I could just be a dumbass. With the Pineapple handling the DHCP you will be able to use the Nmap on the Pineapple which is nice.

I'll edit this post after trying your way.

Link to comment
Share on other sites

Hum,

No the traffic-forwarding.sh script is not working on my Archlinux Box.It all connects up fine but I can't resolve DNS on a connected WiFi client. . . Ya, I just did it agin and made sure to add the OpenDNS IP's in the DNS severlist and still no go in a Client connected to the WiFi. . . Can't pull up google.com. In theory though, the way your doing it should be working. It seems the problem is with the extra layer of network between the WiFi - ETH0 on the Pineapple.

Like I "can" resolve DNS if I SSH into the Pineapple just not from Clients connected to the WiFi.

Also, To answer my question about a safe Tx Power setting for the Fon router... Ya, just go ahead and max it out at 16dbm

p.s. I edited my HowTo and set the IP address range to 10.110.0.1/24 like how you did.

I think it is much less likely to be connected to a GW of a 10.110.0.1/24 then the 192.168.bla.1/24

Link to comment
Share on other sites

I do DNS different on my setup then on yours. I don't give the pineapple a DNS server (I suppose I could), I just have the DHCP server on it dish out a public DNS server. My thought are that the Fon is configured to be a DHCP server, why bother bogging down my netbook and open up another service to a potential security hole by running DHCP on the laptop. This also makes Jasager more portable. All I need to do is enable ICS on my windows or linux laptop to be come an evil gateway. my two cents.

the script is only to configure routing packets out to the Internet. It doesn't control any DNS/DHCP.

Nmap will scan both Jasager and the laptop (acting as a GW). To avoid this I created a file with only those two IPs in it and can use the nmap --excludefile dont_scan.txt option.

Wireshark will capture all SSH and Jasager web interface traffic from the laptop (.1) and the Fon (.254), so I created a filter to filter out this traffic.

not tcp port 1471 and (not tcp port 22 and not host 10.168.1.254 or not host 10.168.1.1)

Link to comment
Share on other sites

Ya, it is better to handle the DHCP on the Pineapple. But How are the WiFi clients getting DNS?

Are you referring to the WiFi clients connected to Jasager? Through a public DNS server provided by DHCP.

cat /etc/config/dhcp

...

config dhcp lan
....
list dhcp_option '6,10.168.1.254,4.2.2.2'

DHCP option 6 allows the protocol to specify the DNS server(s)

http://www.networksorcery.com/enp/protocol/bootp/options.htm

Link to comment
Share on other sites

It still is not working your way for me. Here I added the 8.8.8.8 google DNS server to both the Webif interface and that file.

With out running DHCP+DNS on my Host-Laptop. The clients connected to the Pineapple-WiFi can't get past eth0 to wlan0

I did clear all the iptables and stop my dnsmasq running on my laptop.

Then ran your script. . . Connected to the Pineapple via Ethernet. Connected OK.

Then connected to the Pineapple within a . .

Backtrack4-VirtualBox with it's own wireless card supplied via USB Pass-through

The Wireless Client can not Ping past eth0 on my laptop

Client connected to WiFi on the Pineapple

ping 10.110.0.2 # pineapple Ethernet port -> OK
ping 10.110.0.1 # eth0 on Host laptop -> OK
ping 192.168.1.166 # wlan0 on Host laptop -> FAIL
ping 192.168.1.1 # GW -> FAIL
ping 8.8.8.8 # Outside Google sever -> FAIL
ping google.com # DNS -> FAIL  Ping -> FAIL

SSH'd in to the Pineapple and Pinging from there.

ping 10.110.0.1 # eth0 on Host laptop -> OK
ping 192.168.1.166 # wlan0 on Host laptop -> OK
ping 192.168.1.1 # GW -> OK
ping 8.8.8.8 # Outside Google server -> OK
ping google.com # DNS -> OK Ping -> OK

root@OpenWrt:~# cat /etc/config/dhcp

config 'dnsmasq'
    option 'domainneeded' '1'
    option 'boguspriv' '1'
    option 'filterwin2k' '0'
    option 'localise_queries' '1'
    option 'local' '/lan/'
    option 'domain' 'lan'
    option 'expandhosts' '1'
    option 'nonegcache' '0'
    option 'authoritative' '1'
    option 'readethers' '1'
    option 'leasefile' '/tmp/dhcp.leases'
    option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'
    option 'interface' 'lan'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'
    option 'ignore' '0'
    option '6,10.110.0.254,8.8.8.8'
    
config 'dhcp' 'wan'
    option 'interface' 'wan'
    option 'ignore' '0'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'
    option '6,10.110.0.254,8.8.8.8'

Link to comment
Share on other sites

On your current setup, what is the default gateway and DNS server on the wifi clients set to? For testing purposes, try setting a static IP, GW and DNS on the client.

root@fonz1:~# cat /etc/config/dhcp

<SNIP>

config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'start' '100'
        option 'limit' '150'
        option 'leasetime' '1h'
        list 'dhcp_option' '3,10.168.1.1'       #Push default gateway to clients (laptop eth0)
        list 'dhcp_option' '6,10.168.1.254,8.8.8.8'    #Push DNS servers to clients

config 'dhcp' 'wan'
        option 'interface' 'wan'
        option 'ignore' '1'

I don't change anything in config 'dhcp' 'wan' because I don't connect anything to the WAN port (I have a Fon+)

Link to comment
Share on other sites

root@fonz1:~# cat /etc/config/dhcp

<SNIP>

config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'start' '100'
        option 'limit' '150'
        option 'leasetime' '1h'
        list 'dhcp_option' '3,10.168.1.1'       #Push default gateway to clients (laptop eth0)
        list 'dhcp_option' '6,10.168.1.254,8.8.8.8'    #Push DNS servers to clients

config 'dhcp' 'wan'
        option 'interface' 'wan'
        option 'ignore' '1'

Owe, I was suppose to literally put list 'dhcp_option' '6,10.168.1.254,8.8.8.8'

Ok, So. . .

list 'dhcp_option' '3,10.110.0.1' # This is the IP address of the Ether net port on my Laptop Providing Internet to the Fon

list 'dhcp_option' '6,10.110.0.254,8.8.8.8' # I don't understand This ? What is with the last part of the IP "254" Why is that 254 ?

Fon Ethernet port is # 10.110.0.2

Ethernet port on Laptop Provideing Internet to the Fon is # 10.110.0.1

Real GW at house is # 192.168.1.1

Link to comment
Share on other sites

Hum,

Well I got it to work with the edited /etc/config/dhcp.

root@OpenWrt:~# cat /etc/config/dhcp

config 'dnsmasq' . . . . . Edited to keep short. . . .

config 'dhcp' 'lan'
    option 'interface' 'lan'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'
    option 'ignore' '0'
    list 'dhcp_option' '3,10.110.0.1'
    list 'dhcp_option' '6,10.110.0.254,208.67.222.222'
    
config 'dhcp' 'wan'
    option 'interface' 'wan'
    option 'ignore' '1'
    option 'start' '100'
    option 'limit' '150'
    option 'leasetime' '720m'
    list 'dhcp_option' '3,10.110.0.1'
    list 'dhcp_option' '6,10.110.0.254,8.8.8.8'

However, it is super super Slow. . . . . Maybe there are some other settings I can change. It is like dial up speeds with the Fon set up like that. I even changed the DNS server form the google 8.8.8.8 to the OpenDNS 208.67.222.222. Still super slow can't even watch YouTube. My Real GW is at 1MB/down and 1Mb/up.

(Yes Mega Byte >1,300KB/s Down :) )

However, When running with my dnsmasq on the Host laptop doing DHCP+DNS I get nearly Full Down/Up bandwidth and extremely low latency. Even with all Port 80 traffic being pushed through sslstrip.

With the Pineapple doing DHCP+passing DNS

PING google.com (66.102.7.103) 56(84) bytes of data.
64 bytes from lax04s01-in-f103.1e100.net (66.102.7.103): icmp_seq=1 ttl=52 time=93.3 ms
^C64 bytes from lax04s01-in-f103.1e100.net (66.102.7.103): icmp_seq=2 ttl=52 time=80.2 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 5219ms
rtt min/avg/max/mdev = 80.237/86.783/93.329/6.546 ms

With my laptop running dnsmasq doing DHCP+DNS & pushing Port 80 through sslstrip !

PING google.com (66.102.7.104) 56(84) bytes of data.
64 bytes from lax04s01-in-f104.1e100.net (66.102.7.104): icmp_seq=1 ttl=52 time=69.5 ms
64 bytes from lax04s01-in-f104.1e100.net (66.102.7.104): icmp_seq=2 ttl=52 time=70.8 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 69.523/70.198/70.874/0.725 ms

Link to comment
Share on other sites

list 'dhcp_option' '6,10.110.0.254,8.8.8.8' # I don't understand This ? What is with the last part of the IP "254" Why is that 254

.254 is the static IP of my Fon.

The results of your speed tests are interesting. I'm try that and see if i notice any differences. I will post results.

Link to comment
Share on other sites

Ya, maybe I am just missing something.

Owe, I see in Wireshark that DNS requests are just sent on the Broadcast IP. 10.110.0.255 if all ells fails. So I guess it doesn't matter what IP I put there.... Or, maybe that is what was slowing it down. I got a noob on now so I want to play with them for a bit. He, he he.

This Jasager is SOOOO much more fun then cracking one network at a time. I always hated when I'd get into one network only to look at airodump-ng and see some other network has all the noobs.

Link to comment
Share on other sites

Woops.....

Sorry I am a dumbass. I was watching Wireshark and every time I made a DNS request I was seeing a ICMP Port Unreachable from my laptop Ethernet Port to the Pineapple 10.110.0.1 -> 10.110.0.2. Then Looked at the Webif page and it had put my Host laptop Ethernet port as a DNS server.

I took that out and now it is just as fast as when I was running the dnsmasq on my laptop.

Sorry.....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...