Internet Connection Sharing Problems

[bobbyb1980]

Hello all. I am having a few problems getting internet connection sharing working correctly on my Pineapple (recently flashed :) )and Ubuntu 10.10 machine.

I have followed the tutorial written by Dareen in the forum and am using the pineapple-0.9 script.

So I complete the setup, and it looks something like this.

10.110.0.1 - Router (Pineapple)

10.110.0.2 - Computer (eth0 connected to Pineapple and wlan0 facing internet)

192.168.1.9 - Client connected to Pineapple

192.168.1.10 - wlan0 facing internet

Upon completion, I am able to connect to the Pineapple's wifi network. When I connect though, I am only able to ping the router and eth0 of the connected computer. I am not able to ping wlan0.

So I am led to believe there is a problem in the connections being bridged between eth0 and wlan0. Should I be enabling internet connection sharing from the network manager interface on eth0 (or possibly wlan0)? Currently all I am doing is running the script and setting the ip's as instructed.

I tried to read the scripts to find out exactly but can't seem to figure it, if some one could give me their 2 cents it would be appreciated. Thanks.

[Mr-Protocol]

How much background do you have in advanced networking?

[bobbyb1980]

I am now following the method for the "best how to ICS" which is basically editing the /etc/config/dhcp file and running the pineapple-0.9 script.

If I ssh into the pineapple, I am able to ping google's IP successfully. I am also able to ping all other devices on the network.

However when I connect to the pineapple via wifi, I am only able to ping the router and the eth0 interface that is connected to the router on the other laptop. I still think my problem lies in bridging eth0 to wlan0 but I don't understand why the pineapple has internet access but doesn't want to give it to client via wifi?

[bobbyb1980]

Not much heavy networking experience Mr. Protocol.

I just fired up wireshark to listen on eth0 on the machine running ICS. When the client connects to the router there are several "MDNS" packets highlighted with bright red.

I also tried connecting to the internet via a client connected through wifi to the pineapple. When I look for the traffic in Wireshark there is nothing... any ideas?

[spisakni]

Here's how I got mine to work. In backtrack 5 I ran the pineapple script that is pinned in the forum http://forums.hak5.org/index.php?showtopic=15200 after following the tutorial exactly as instructed but was unable to render the pages on a client connected to the pineapple (10.110.0.0/24) network. I used a cross over cable ( my understanding is that ethernet should work since its going through the pineapple router). So here is how I was able to get it to work.

1. Follow the tutorial EXACTLY.

2. Connect to wlan0 on backtrack (internet facing connection)

3. Run the script on the backtrack box.

4. In terminal copy and paste (wlan0 is internet facing and eth0 is the ethernet connection from your NIC on your backtrack box to the LAN on the pineapple):

iptables --flush

iptables --flush INPUT

iptables --flush OUTPUT

iptables --flush -t nat

iptables --flush -t mangle

iptables --policy INPUT ACCEPT

iptables --policy OUTPUT ACCEPT

iptables --policy FORWARD ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p ICMP --icmp-type echo-request -j ACCEPT

iptables -A INPUT -p ICMP --icmp-type echo-reply -j ACCEPT

iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT

iptables -A OUTPUT -p ICMP --icmp-type echo-reply -j ACCEPT

iptables -A FORWARD -p icmp -j ACCEPT

iptables -A FORWARD -i lo -j ACCEPT

iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

iptables -A FORWARD -o wlan0 -i eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

After the copy and paste I was successfully able to forward packets to the 10.110.0.0/24 network and successful render pages and view traffic in wireshark. As a side note I'm still learning about iptables and the coding and some of the copy and paste may be unnecessary so if anyone has a more efficient way of coding it I would love to learn more.

My configurations:

wlan0 (internet facing): 192.168.1.0/24

pineapple default gateway: 10.110.0.1

pineapple: 10.110.0.2

dhcp range 10.110.0.3-254

subnet: 255.255.255.0

eth0: 10.110.0.1 (set by the script)

Edited September 8, 2011 by spisakni

[Mr-Protocol]

Umm, not sure what that pineapple script is doing.. but setting up ICS is pretty easy.

Here is a link (yet again) to my setup notes from when I built my Fon(Pineapple) way back when...

https://docs.google.com/document/d/1Gus31kNT-Bn9BFt7rRUdQbEVcaWQb4TBu1JghHKKOZs/edit?hl=en_US&authkey=CJ6w2ZIJ

[bobbyb1980]

Thank you all very much for your replies. After trying several different methods and several different tutorials, I am still having problems pinging wlan0 on the attacker machine from the victim machine.

I have also noticed my wlan0 (atheros chipset w/ath9k driver) is starting to hang up a lot. I did a lot of testing of the aircrack-ng suite earlier in the week, and after cracking WEP's the driver will just hang up, it will stay connected to an AP for 5 min or so, then disconnect. Reboot does not solve the problem. I am starting to think this is part of my problem with ICS. This is a little off subject, but the driver will also not switch channels on wifi. I noticed the only way to get it to lock into a channel is to manually change the channel using iwconfig (iwconfig wlan0 channel x) then do airmon-ng start wlan0 x and it will lock into the channel. Judging by the tutorials I read this isn't normal, so I've decided to download BT5 and give everything a shot with a fresh install and try using the jasagerPwn script.

Once again huge thanks to those who've helped. Will keep updated with progress.

[bobbyb1980]

Hey guys. I finally got it up and running. I was able to redit the /etc/config/dhcp file to original settings and use the jasagerPwn.sh script on a fresh Backtrack 5 install.

I noticed on Ubuntu there was some difficult with communication between the wlan0 and eth0 interfaces. Often times when I would connect eth0 to the router my wlan0 internet connection would hang up, then if I disconnected it it would come back. I think it might also be possible that network-manager was causing some problems. Even after running service stop network-manager and service stop avahi-daemon and killall -9 wpa_supplicant, Network Manager remained active. Then on a BT5 install it worked with little effort. Thanks a lot for all the help in the thread.

[spisakni]

Glad to hear you got it up and running. Have fun!