MK2: Best HowTo - Setup Internet Connection Forwarding on "Linux" & Jasager

[taiyed14]

looking forward to seeing your /etc/config/network and /etc/config/wireless settings.

I'm thinking that Webif simply configures those files.

You're right Darren, Webif does configure these files. You can also edit them with vi/vim or make changes with uci from the command line.

root@fonz1:~# cat /etc/config/network 

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'proto' 'static'
    option 'ipaddr' '10.168.1.254'
    option 'netmask' '255.255.255.0'
    option 'ifname' 'eth0.0'
    option 'gateway' '10.168.1.1'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'

root@fonz1:~# cat /etc/config/wireless 
# Copyright (C) 2006 OpenWrt.org

config wifi-device wifi0
    option type atheros
    option channel auto

config wifi-iface
    option device wifi0
    option network lan
    option mode ap
    option ssid private
    option encryption none

[echoblack]

OK,

pineapple-setup-0.1 Is Uploaded

Now This HowTo is all but worthless :)

The setup need some work though. All I had was my file form my La Fonera

It only sets /etc/config/dhcp and /etc/config/network

-------------

It would problay be best to just tar up the whole /etc/config from the La Fonera and La Fonera+

Then ask the user what one they have and dump it on the Fon

[taiyed14]

Couple of things.

The script is reporting that I don't have python twisted lib installed because the im.py file lives in /usr/lib/python2.6/dist-packages/twisted/im.py. Running Ubuntu 9.10.

also getting [: to many arguments error on lines 451 and 493

echo "SSL is $SSL" # I added for debugging

if [ $Ssl == "Y" -o $Ssl == "y" -o $Ssl == "yes" ]; then

edit: the error on lines 451 and 493 are because SSL var is empty.

[echoblack]

Awe, good to know

How about you write the pineapple-setup

and I'll fix the pineapple.sh

I'll upload my tar'ed up /etc/config off of my Fon and you can do what you want with it.

[taiyed14]

Awe, good to know

How about you write the pineapple-setup

and I'll fix the pineapple.sh

I'll upload my tar'ed up /etc/config off of my Fon and you can do what you want with it.

Sure thing. so this pineapple set up will configure DHCP and IPs etc. needed for this script to work?

[echoblack]

Ya I think these 3 should do it

Well here is the

/etc/config/dhcp

network

wireless

http://rapidshare.com/files/324692818/configs.tar.gz

[echoblack]

""""

Couple of things.

The script is reporting that I don't have python twisted lib installed because the im.py file lives in /usr/lib/python2.6/dist-packages/twisted/im.py. Running Ubuntu 9.10.

also getting [: to many arguments error on lines 451 and 493

echo "SSL is $SSL" # I added for debugging

if [ $Ssl == "Y" -o $Ssl == "y" -o $Ssl == "yes" ]; then

edit: the error on lines 451 and 493 are because SSL var is empty.

""""

Awe, OK I bet if I fix that one thing the rest will fall in line

[echoblack]

bla

[echoblack]

bla

[echoblack]

Well I added the check to make sure the install.sh is running as root. The way you did it Taiyed14.

I also put that * in there. And $Ssl as a default value of "N".

I just want to get a sold working script up then I'll start waiting longer to update.

I also stopped listing who did what your an Author and so am I.

New Version pineapple-0.4

[echoblack]

Sure thing. so this pineapple set up will configure DHCP and IPs etc. needed for this script to work?

Just to clearly answer this question

Ya, a script so all the IP's get set to the ones in the pineapple.sh

10.110.0.0/24

10.110.0..2 for the Fon

10.110.0.1 for the LapTop GW NIC

maybe ask the user what the MAC address is of the NIC that they will be using as the Laptop GW NIC

That way you could set a Static IP of 10.110.0.1 for it and stuff.

No need to ask what they want the IP's to be set to. Because they are Hard Coded into thepineapple.sh

-----

You know what there is no need to set a static IP for the Laptop NIC. As log as 10.110.0.1 is not in the DHCP range the pineapple is dishing out.

Basically pineapple.sh is setting the static IP of the laptop NIC with the ifconfig command.

All pineapple-setup has to do is ask if they have a Fon or a Fon+

Then cat ./file > /etc/config/fileOK I forgot an fi ..Clasic

Ya your right after reading throgh the code agin. If the user never gives and answer to the Do you Want To use sslstip. Then the $Ssl Never got a value and there was still Two IF blocks checking it.

So I should be fixed now.

Pineapple-0.3.2.tar.gz

http://rapidshare.com/files/324698659/pineapple-0.3.2.tar.gz

sha1sum = 4ab8c56bee3137405b08d61a3c396c869f16b07e

Hum, Do you think I should just do this change instead.... Or will the * cause problems in the log run?

ls /usr/lib/$Py_Version/site-packages/twisted/im.py

TO

ls /usr/lib/$Py_Version/*/twisted/im.py

---------------

Hum ya I am just going to add the *

Or other things if you like.

--------------------------------

I am going to start coding in an option to spawn a new xterm with tcpdump and ask what -flags they want to set.

. . . moving along . . . I mite try to figure out how to make a Class in BASH so I can make the tcpdump thing it's own file. If you know how let me know. I can call the script but what is the best way to get the output from it? I guess I could brake it up into a whole bunch of tinny scripts but would be better to make a Class with Functions in it that I call and pass input to and get output from. I want to avoid having some 1,000 line script. I don't care if it is a 1,000 of Comments but a 1,000 of code is a problem.

I could make a sudo-class (I made up that word if there really is such a thing that is not what i meen)

I like I could make a whole buch of script. One function per scrip and then put them in one Folder. So the Folder would be like a Class. . . You know what I'm saying.

--

I'd almost like to rewrite the whole thing in Python... Na. . No need to get that nuts.

Hum if I did though I could write a GUI and stuff for it too. Na na too much too much.. well maybe leave what I have in bash and then go ahead and start the rest in Python.... no promises

Well I don't know do would you use a GUI with embedded terminals and auto logfile greping of passwords and auto cracking of md5 password hashes and stuff. Maybe make a Karmetasplot kind of thing as an option . . Hum think BIG what could this thing end up being? I know I would have fun coding it and I would become a better programmer. No harm in that. I mean the only way I am going to get better at coding it if I have a project to work on that I think is fun even if only a few people use it.

[firebrand]

In the OP it says

If you have a FON La Fonera NOT a la Fonera+

Then you can just use this scrip to set up your pineapple for use with the Pineapple.sh script below

Now, I'm going to get a FON router to pineapple up. But the one I'm planning to buy is the Fonera+ because:

1. It's only £29.99 plus shipping;

2. It's the only FON router I can find (apart from the Fonera 2.0N which I believe cannot do the jaseger thing).

So can you just clarify for me: does this HOWTO not work with the Fonera+? Or have I misunderstood this? And, if it doesn't work with the Fonera+: can someone point me in the right direction for a HOWTO that will work?

[carloss]

Okay my problem is solved :D

[taiyed14]

So can you just clarify for me: does this HOWTO not work with the Fonera+? Or have I misunderstood this? And, if it doesn't work with the Fonera+: can someone point me in the right direction for a HOWTO that will work?

Yes this WILL work with a Fon+ (i have the Fon+). The difference between the Fon and Fon+ is an extra Ethernet port.

@echoblack. We dont need to ask the user for their MAC, there is no need for a DHCP reservation. The pineapple.sh changes their eth0 to a static address. BTW, do you have a Fon or Fon+? I see some potential issues...

@echoblack. I don't know if there is such a thing as "Classes" with bash.. I know you can do functions, but you would be better off executing a script from within the script.

#!/bin/bash

echo "Running"

./somthing.sh

and if you want to rewrite all this in Python, be my guest... my Python skills are being developed.

[echoblack]

In the OP it says

Now, I'm going to get a FON router to pineapple up. But the one I'm planning to buy is the Fonera+ because:

1. It's only £29.99 plus shipping;

2. It's the only FON router I can find (apart from the Fonera 2.0N which I believe cannot do the jaseger thing).

So can you just clarify for me: does this HOWTO not work with the Fonera+? Or have I misunderstood this? And, if it doesn't work with the Fonera+: can someone point me in the right direction for a HOWTO that will work?

Ya, I just say that because it has one more Ethernet port and so there needs to be one more entry in the. . . ./etc/config/dhcp for that port. It should be fully supported by the end of today by the pineapple-setup script.

It is trivial to add that in.

and NO the new "Fon N" is NOT supported by jasager.

[echoblack]

taiyed14: I think I leave what is written as bash. I already have it checking for Python2.6 and 2.5 so I think I mite start making a GUI to use with it if Python is installed.

I'm going finish this tcpdump feature in bash and see where it go's from there. Glad to here your learning Python too and we can go down the route if we want to. It is just that Python is so much more powerful then Bash and I'd like to improve my Python skills.

I am also afraid I am picking up bad coding habits coding in Bash.

--------------

Owe ya I do NOT have the +.... You do right.

[echoblack]

Here is what I have wiritten so far for the tcpdump option.

I have to install Ubuntu on my room mates laptop now so I may not get a chance to code this anymore today. I'll try though..

http://rapidshare.com/files/325081606/test.sh

test.sh

#!/bin/bash


#
# SET GLOBAL VARIABLES
#


# Location of tcpdump
#
TCPDUMP_DIR="/usr/sbin"

# Default Log location for tcpdump
#
TCPDUMP_LOG="/usr/src"




    # This checks if tcpdump is installed
    #
    # This dose this by running ls $TCPDUMP_DIR/tcpdump
    # 
    # If this command gives a return code other then 0
    # The variable $Tcpdump is set to "N"
    # Otherwise it is set to "Y"
    #
    ls $TCPDUMP_DIR/tcpdump
    if [ $? != 0 ]; then
    
        $Tcpdump="N"
        
        echo "tcpdump is NOT installed"
        echo "tcpdump option is disabled"
        echo ""
        
    else
        $Tcpdump="Y"

        echo "tcpdump is installed"
        echo "tcpdump option is enabled"
        echo ""
        
        
    fi


    # This Asks the user if they want to start tcpdump
    # 
    # This scrip check if $Tcpdump is set to "Y"
    # If it is then the user is asked if they would like to start tcpdump
    # The user imput it sent to variable $Run_Tcpdump
    #
    # 
    # The user leave this blank then the default value of "N"
    # If the user enters Y, y or yes then the tcpdump is enabled
    #
    #
    Run_Tcpdump="N"
    if [ $Tcpdump == "Y" ]; then
    
        read -p "Whould you like to start tcpdump? Y/N: " Run_Tcpdump
        
        if [ $Run_Tcpdump == "Y" -o $Run_Tcpdump == "y" -o $Run_Tcpdump == "yes" ]; then
        
            echo "tcpdump is enabled"
            echo ""
        
        else
            echo "tcpdump is disabled"
            echo ""
            
            
        fi
        
        
    fi


    # This askes the user where they would like to the tcpdump log file to be
    # 
    # The user input is sent to variable $Tcpdump_Log_User
    # 
    # If the user leaves it blank then the default tcpdump logfile of $TCPDUMP_LOG/tcpdump.log is used
    #
    #
    X="N"
    while [ $X == "N" ]; do
    
        echo ""
        echo ""
        echo "Where would you like tcpdump log file to be located?"
        echo ""
        echo "If left blank the default location of $TCPDUMP_LOG/tcpdump.log will be used"
        read -p "Enter the /full/path/and/LogName.log: " Tcpdump_Log_User
        echo ""

        if [ -z $Tcpdump_Log_User ]; then
                
            Tcpdump_Log_User=$TCPDUMP_LOG
            X="Y"
                    
        else
            # This Varifies the /full/log/path/and/logname.log by User
            # 
            # Would be better if script could verify
            #
            Y="N"
            while [ $Y == "N" ]; do
                
                echo "Are You sure you want tcpdump to write to log file $Tcpdump_Log_User?"
                echo "If $Tcpdump_Log_User is not a valid path tcpdump will fail"
                echo ""
                read -p "So you sure ?: Y/N" Verify
                echo ""


                if [ $Verify != "Y" -o $Varify != "y" -o $Varify != "yes" ]; then
                            
                    echo "Asking agin. . ."
                            
                else
                    echo "$Verify path User verified"
                    echo ""
                            
                    Y="Y"


                fi
                        
                        
            done
                
                
        fi
                
                
    done


    # This asks for any -flags or expression the user would like to use with tcpdump
    # 
    # This checks if $Run_Tcpdump is = to Y, y or yes If so
    # 
    # This sets user input to $Tcpdump_Flags
    # If left blank $Tcpdump_Flags is set to "N" Make sure to clear this before adding to tcpdump command
    #
    # If user inters input the while loop will varify with that the user would like to use the -flags and expressions
    #
    #
    X="N"
    while [ $X == "N" ]; do

        if [ $Run_Tcpdump == "Y" -o $Run_Tcpdump == "y" -o $Run_Tcpdump == "yes" ]; then

            echo ""
            echo ""

            tcpdump --help

            echo "What tcpdump -flags and expression would you like to use?"
            echo "You may want to open a new shell and look at the tcpdump man page"
            echo ""
            echo "The -flags and expression will enclued the logfile location alredy given"
            echo ""
        
            read -p "Enter -flas and expression: " Tcpdump_Flags


            # If the user left that question blank then $Tcpdump_Flags are set to "N"
            # $X is set to "Y" to leve the loop
            #
            if [ -z $Tcpdump_Flags ]; then
            
                Tcpdump_Flags="N"
                X="Y"
            
                echo "No tcpdump flags set"
                
            
            # This echos $Tcpdump_Flags to the user and asked if they really want to use these
            # 
            # It sents user input to $Varify
            #
            # If the user leves the question blank then the defult value of "N" is left on $Verify
            # So, $X stays = to"N" and the question loops agin
            #
            else
                Verify="N"
                echo "These are the tcpdump -flags and expressions you have set"
                echo "$Tcpdump_Flags"
                echo ""
                read -p "So you sure these are the -flags and setting you want? Y/N:" Verify
                echo ""

                
                # This checks if the user intered Y, y or yes the Varify question
                # If so it sets $X to "Y" to leve the loop
                # 
                # Otherwise it will loop through the question agin.
                #
                if [ $Verify == "Y" -o $Varify == "y" -o $Varify == "yes" ]; then

                    echo "OK flags and expression set"
                    X="Y"

                else
                    echo "Asking agin. . ."
                    echo ""


                fi


            fi


        # Set the Value of $X to "Y" to leave the loop if the user did want to start tcpdump
        #
        else
            echo "tcpdump is disabled so no flags set"
            X="Y"


        fi        


    done




exit

[chasebadkids]

I used your scripts and got a few errors returned when running pineapple.sh

Ill post what they were shortly, Im still not 100% sure if this is working, Ive tried turning on my Netbook with windows 7, and also my sisters macbook, set it right next to jasager, (so it was clsoer than my actual home router) and booted them up, logged in and they both associated with my actual home network, rather than jasager, although sparactically my neighborsa are hitting it. and also if I use one of my other wireess interfaces to do an airodump-ng I can see that the particaluar bssid that the karma is running on has its essid changing constantly, which I assume is correct.... hmmm!

I was also thinking itd be cool to write this script, so that you can make it switch between using ICS, and actually using the WAN port for an ethernet tap, so that if you CAN be wired into the network, you run the script one way, and if you have to associate to a wireless network and cant get eth to the fon, then you run the other part of the script. Could make it very versatile ;)

----------------

Question:

Why can't I ping any of my associated clients from my main operating system?

I have the ICS running, through my netbook which is running backtrack, eth0 is 10.110.0.1 , and Im trying to ping my other laptop that I had wirelessly get captured by jasager, 10.110.0.216 , neither system can ping the other. why might this be?

[echoblack]

I used your scripts and got a few errors returned when running pineapple.sh

Ill post what they were shortly, Im still not 100% sure if this is working, Ive tried turning on my Netbook with windows 7, and also my sisters macbook, set it right next to jasager, (so it was clsoer than my actual home router) and booted them up, logged in and they both associated with my actual home network, rather than jasager, although sparactically my neighborsa are hitting it. and also if I use one of my other wireess interfaces to do an airodump-ng I can see that the particaluar bssid that the karma is running on has its essid changing constantly, which I assume is correct.... hmmm!

I was also thinking itd be cool to write this script, so that you can make it switch between using ICS, and actually using the WAN port for an ethernet tap, so that if you CAN be wired into the network, you run the script one way, and if you have to associate to a wireless network and cant get eth to the fon, then you run the other part of the script. Could make it very versatile ;)

----------------

Question:

Why can't I ping any of my associated clients from my main operating system?

I have the ICS running, through my netbook which is running backtrack, eth0 is 10.110.0.1 , and Im trying to ping my other laptop that I had wirelessly get captured by jasager, 10.110.0.216 , neither system can ping the other. why might this be?

Hum, Yes there vary well could be bugs in the script still. See I am on Archlinux and things are set up a bit different then any other Linux system. Archlinux uses BSD rc files. However, it should be all working now on v0.4.

I defiantly need the output your getting to fix the script or tell you what is wrong. Make sure your Fon-Pineapple is set up on 10.110.0.2 and all the stuff in the /etc/config/dhcp is setup how I show you.

To test the ICS. Just deliberately connect to the AP and watch wireshark on eth0

To deliberately connect you need to go into the Webif Admin page and create a Wireless Vlan.

Give it an essid and just live it unencrypted. Remember you WANT people to connect so no need to setup WPA.

---------------

I am not too sure what you were asking but...... You CAN connect to the INTERNET with Ethernet on your Laptop. Then run your wireless in Ad-Hoc mode. Then set up a Wireless V-lan on the Fon-Pineapple and make the connection.

Then run the pineapple.sh and enter eth0 for the first question asking what is the Internet facing NIC

And wan0 for the Pineapple facing NIC.

I don't like that setup though. Because I simply can not get WEP to work on Any of my Wireless cards in Ad-Hoc.

---------

Ya, the Jasager works best at a Coffee shop. When the persons Home AP Really is in range. It will most likely connect to that. I think the fact that the Jasager doesn't spoof it's MAC has something to do with it too.

Also, Jasager Will spoof an AP that has WEP or WPA. However, Jasager will Not spoof the WEP or WPA. So, the client computer could just forget about the WEP/WPA and connect to Jasager Unencrypted Or it could just insist on using encryption and not connect to the Jasager.

You can also run a DOS attack on the person home AP. Then the client Can't connect to that AP.

I guess to test you could change the ESSID on your Home AP. Then connect your Host laptop to it.

However, non of the other computers in the house will know the New essid so they will still be probing for that Old essid. The Jasager will spoof it and they should connect.

Really though. The Jaserger works. Just make sure the ICS is working and head to town.

[echoblack]

This is a problem with the script that was reported on a different thread.

I put this here so all the stuff about this script is easy to find.

--------------------

The problem with sslstrip not working is do to the fact that the install.sh errorred out and quit without installing anything. So ya, you can run pineappple.sh from the install folder itself but it is trying to call sslstrip from /usr/src/sslstrip-0.7

If you just move sslstrip-0.7 to /usr/src It will Still NOT work. Because you still need to

sudo chmod -R 777 /usr/src/sslstrip-0.7

Because the default log file is written in that folder.

-------

The problems you are having are do to the script being depending on the computer speaking English.

I'll explain.

Here is the line of code that is giving you the problem in pineapple.sh.

However, the install.sh problem may be a problem with something ells. I'll talk about that latter

# This sets up the Default Route
#
GW=`ifconfig $Wan | grep "inet addr:"| grep -v "127.0.0.1" | cut -d: -f2 | awk '{ print $1}' | cut -d. -f1,2,3`
GW=`echo $GW.1`

You see that line of code is all assuming that the ifconfig $Wan will report back in English. So, if it dose NOT have the line with the string "inet addr:" then grep will report nothing. Leaving $GW blank. Then when the next line

GW=`echo $GW.1`

is run ... $GW="" and then only the ".1" is assigned to $GW.

SO, when the comand that sets the route is called

route add default gw $GW $Wan

You get the error

.1: Unknown host
Default route set to .1 through ra0

AND that is why DNS is not working for your WiFi connected clients.

YOU COULD EDIT the script and change that line of code to this. It still mite not work though.

GW=`ifconfig $Wan | grep "inet Adresse:"| grep -v "127.0.0.1" | cut -d: -f2 | awk '{ print $1}' | cut -d. -f1,2,3`

--------

Also Note, That this line of code is dependent on the Internet facing NIC Already being connected to the Internet.

Otherwise this line of code will not set the proper Route.

I need to do some more checking here.

I also need to ad a block to make sure iptables is installed.

I could add in check to make it work in Germen if that modified line of code works for you.

------------------

Now the install.sh problem..

This line of code is not working on your Germen computer.

cp ./pineapple.sh $PINEAPPLE_INSTALL_DIR/pineapple.sh

You DID do this right?

tar pxzvf pineapple-0.4.tar.gz
cd pineapple-0.4
sudo install.sh

Dose this directory exist on your computer?

/usr/bin

You do have the cp command in Germen Right?

Dose the default exit code on a Germen Linux Box still 0

will English bash scripts Run on a Germen Linux Box ?

[Grishanko]

Quick question, im sure i must be missing something. I have run the script on my Fon, and confimed the configs were transfered correctly. and I have run the script on my netbook. (running Ubuntu 9.10) and it also seems to have run correctly. before i connect the etho to fon i am able to get to the internet. however after I am no longer able to and the other computer (mac) i am testing with cannot either. Please help

[Grishanko]

also, after connecting the pineapple i am still able to access the web int of my home dslmodem/router. but cannot get past that.

a nslookup gives me the following results

root@CrazyIvan:/proc/sys/net/ipv4# nslookup google.com

Server: 10.110.0.2

Address: 10.110.0.2#53

** server can't find google.com.myhome.westell.com: REFUSED

Ping

root@CrazyIvan:/proc/sys/net/ipv4# ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

From 10.110.0.175 icmp_seq=2 Destination Host Unreachable

From 10.110.0.175 icmp_seq=3 Destination Host Unreachable

From 10.110.0.175 icmp_seq=4 Destination Host Unreachable

From 10.110.0.175 icmp_seq=5 Destination Host Unreachable

^C

--- 8.8.8.8 ping statistics ---

8 packets transmitted, 0 received, +4 errors, 100% packet loss, time 7026ms

, pipe 3

and a ping to a domain i never connect to

root@CrazyIvan:/proc/sys/net/ipv4# ping bbc.co.uk

PING bbc.co.uk (212.58.224.138) 56(84) bytes of data.

From CrazyIvan.lan (10.110.0.175) icmp_seq=2 Destination Host Unreachable

From CrazyIvan.lan (10.110.0.175) icmp_seq=3 Destination Host Unreachable

From CrazyIvan.lan (10.110.0.175) icmp_seq=4 Destination Host Unreachable

[g3rax]

I don't know if it is relevant to any problems any one is having but this scrips assumes that you internet gateway IP end in "1"

But if you are like me were your modem or router is set to 254 you have to change the following line.

# This sets up the Default Route

#

GW=`ifconfig $Wan | grep "inet addr:"| grep -v "127.0.0.1" | cut -d: -f2 | awk '{ print $1}' | cut -d. -f1,2,3`

GW=`echo $GW.1`

to

# This sets up the Default Route

#

GW=`ifconfig $Wan | grep "inet addr:"| grep -v "127.0.0.1" | cut -d: -f2 | awk '{ print $1}' | cut -d. -f1,2,3`

GW=`echo $GW.254`

Or to whatever your gateway ends with.

[Grishanko]

Thanks for the information. unfortunately that will not work for me. My gateway is 192.168.0.1. any other ideas?

[digininja]

I'm away at the moment so don't have time to help with this problem, if you are still having the problem in a couple of weeks I'll be back home then, just bump this thread and I'll see what I can do.