Jump to content

Putting A Pineapple Between Router And Modem


Ploxors
 Share

Recommended Posts

Hey guys, this looks like it will probably be an iptables question.

How can I set up my pineapple to work if I want to put it inline between a home wifi router, and the cable modem it plugs into. Note that this is completely ignoring the wifi.

Basically I just want to inspect the traffic going across the line. I'll do my own scripting with that later,

Should I be plugging the modem into WAN, then the routers wan port into LAN on the pineapple?

Or should I be plugging the routers wan port into the LAN port of the pineapple, then the cable mode into the WAN port?

I've tried both, but neither will work out of the box, so now I'm guessing I will have to edit some iptables.... Which I have never done before.... So basically im just looking for advice here

Thanks everyone :)

Link to comment
Share on other sites

you want it going into the poe lan of the pineapple and wan port out assuming only reason your not using a normal box is the fact you want to monitor your traffic going across the network? you will see alot of well junk coming in as well btw

in any case try the network manager module from the pineapple bar, also you may need to change settings on the router, the pineapple trys to send data to a 172. address and the router is probably a 192 or a 10

check these settings and if you are still having problems i will go troubleshoot it on my home network and post my findings :)

Link to comment
Share on other sites

issue these commands:


iptables -A FORWARD -i eth1 -o wlan0 -s 172.16.42.0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[/CODE]

THEN plug modem into WAN/wifi router into LAN

should work, if not, post your routing table from the pineapple webgui

Link to comment
Share on other sites

this should be easy once the interceptor is in the firmware, my thoughts are is all networking settings on the poe/lan and wan/lan need to be disabled/removed leaving the wifi as a way to log into and administrator the pineapple then both ethernet ports need to be bridged between each other.

don\t ask me how to do this I am not an iptable/networking expert.

Warning this may require serial connection to fix.

Edited by petertfm
Link to comment
Share on other sites

Plug either into either then simply bridge the two interfaces, something like

brctl addbr br0

brctl addif br0 eth0

brctl addif br0 eth1

You can then sniff on br0 and that will show you all the traffic.

Link to comment
Share on other sites

hehe sniff the br0 dude

though most bro's I know don't like being sniffed by nerds like I us.

telot

Link to comment
Share on other sites

though most bro's I know don't like being sniffed by nerds like I us.

telot

***looks over shoulder***

Plug either into either then simply bridge the two interfaces, something like

brctl addbr br0

brctl addif br0 eth0

brctl addif br0 eth1

You can then sniff on br0 and that will show you all the traffic.

wouldn't one of those need to use dhclient? how does brctl know which interface should accept an ip, and which interface should hand one out? (in this case eth0/1)

Forgive me if this is a crazy (stupid question?) as I just fart my way into most of this knowledge.....

Link to comment
Share on other sites

Something similar I played with my AP121-U last weekend. I love my Pineapple and don't want to spoil it, therefore got a spare AP121U to play with :). The inline sniffer works like a charm. Performance up to ~9-9.5mbit so far. will try to tweak up if technically possible. let's see.

http://blog.kadiralt...etwork-sniffer/

Edited by governor
Link to comment
Share on other sites

Has anyone actually got this working? I got the bridge to work but when I plug the modem into WAN and the router into LAN the pineapple isn't forwarding anything. I will look into thisand see if it works.

EDIT : I ran the commands above to set iptables to do the forwarding and it works this way Then If you sniff on eth1, when you analyse the pcap later everything shows up as coming to or from your public ip.

Edited by cscash241
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...