Jump to content

Using Eth0 connected to a router (with dhcp) to supply internet


wolfdale
 Share

Recommended Posts

Hi guys, i'm struggling with this for the past few days. I want to supply internet to the wifi pineapple via an ethernet cord connected to my router. I'm using dhcp on my router with the standard addresses 192.168.0.X. Darren in one thread recommended setting proto dhcp for the lan interface on the pineapple. The bad news is that i'm no longer man in the middle with the pineapple, because the main router is now providing addresses and acting as DHCP server.

I've no idea if this is possible, but I want to use the pineapple dhcp for the wireless interface (wlan0) and use the router dhcp for the ethernet interface to provide internet.

I've tried looking at openwrt documentation, but I need help on this one.

If anyone is doing something like this already, maybe can help me shed some light on this matter.

Thanks in advance !

Edit should have posted the guide earlier, sorry here it is:

So here is how I did it. First you have to unbridge wireless and ethernet interfaces. This is because the wireless interface (the one on wlan0, with the access point) must have its own DHCP server to be able to sniff packets, otherwise the DHCP server on the main router will do all the work and you won't be Man in the middle (which is what we want!)

Edit /etc/config/wireless and modify only the config regarding radio0, only the line "option network lan" has to be changed.

config wifi-iface
    option device   radio0
    option network  wifi
    option mode     ap
    option ssid     Pineapple5_08B7
    option encryption none

Now to create that network you have to edit /etc/config/network

add:

config interface wifi
    option proto static
    option ipaddr 172.16.42.1
    option netmask 255.255.255.0

and modify 'lan' interface as follows:

config interface lan
    option ifname    eth0
    option proto    dhcp

This means that eth0 will get dhcp from the main router, but the wifi will use the usual pineapple static IP.

Now to add DHCP to our wifi edit /etc/config/dhcp and add

config 'dhcp' 'wifi'
     option 'interface' 'wifi'
     option 'start' '100'
     option 'limit' '150'
     option 'leasetime' '12h'

to the file.

Now the most important part, the firewall ! Edit /etc/config/firewall

add:

To allow traffic from the wireless interface to flow to the main router.

config zone
     option name wifi
     list network 'wifi'
     option input ACCEPT
     option output ACCEPT
     option forward ACCEPT

Now this part is not on the guide, but I did some research. I did not want clients on the pineapple to be able to access my main LAN. So I added the following rule:

config rule
    option src wifi
    option dest lan
    option dest_ip 192.168.2.0/24
    option target REJECT

Now all traffic except ping is not allowed to my LAN (as you can see i'm using the following IP for the main router, 192.168.2.0, change it accordingly to the IP you are using). To block PING also you have to block ICMP traffic.

I have not tested it, but this should work

config rule 
     option src wifi
     option dest lan
     option proto icmp
     option icmp_type echo-request
     option target REJECT
Edited by wolfdale
Link to comment
Share on other sites

I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples).

I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;)

Link to comment
Share on other sites

Good idea! You could also use one Alfa awus036nh from the hackshop to get that fast wifi connection, and save yourself one pineapple for another deployment.

At the moment i'm using a dd-wrt router in client mode to supply internet via ethernet cable to the pineapple, as I found out it was faster than client-mode with the pineapple alone (of course :P)

Link to comment
Share on other sites

I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples).

I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;)

What's the plug look like? It's not in the store yet.

Link to comment
Share on other sites

barry99705 - The pineapple plug is a device that allows you to physically "marry" two pineapples and then makes them act like 4 radios.

Configuration is still required of the pineapples to set up the routing. Look at the video from wifi village at defcon. Darren and Seb discussed it there.

Link to comment
Share on other sites

I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples).

I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;)

Which plug? Do you mean the Alfa adapter? I got the OTG kit which included that one :)

Link to comment
Share on other sites

barry99705 - The pineapple plug is a device that allows you to physically "marry" two pineapples and then makes them act like 4 radios.

Configuration is still required of the pineapples to set up the routing. Look at the video from wifi village at defcon. Darren and Seb discussed it there.

Doh! Post came out too late, you already answered the question. Oh well, I only got one Pineapple, but it sounds quite interesting. As it is, I'm using the ALFA radio plug so that I can have 3 radios available …

Link to comment
Share on other sites

I followed the steps outlined above and the pineapple can access the internet but the wireless clients can't. My router has the same IP as the original post 192.168.0.1. In the details i see the line "option dest_ip 192.168.2.0/24". How does that work with the router at 192.168.0.1? Any ideas why this isnt working?

Link to comment
Share on other sites

I am having the same results as sUbZeRo following these steps, even after a factory reset and rebooting the device after making the changes. The Pineapple itself has an internet connection, showing a proper IP address in the network tile and I am able to download infusions and such, but wireless clients are not able to connect to the net. Running firmware 2.0.3.

Link to comment
Share on other sites

I followed the steps outlined above and the pineapple can access the internet but the wireless clients can't. My router has the same IP as the original post 192.168.0.1. In the details i see the line "option dest_ip 192.168.2.0/24". How does that work with the router at 192.168.0.1? Any ideas why this isnt working?

Well, the /24 is denoting the subnet. That just means the dest_ip will be in the same subnet represented by the 254 IPs in the 192.168.2.x subnet.

I am also having the issue with the internet, however. I can access internet through the pineapple itself to download infusions, but the ICS is not working, and if it does, it is only for a few seconds. I don't know why, but I have had very little success with much of what the MKV has to offer thus far.

Link to comment
Share on other sites

  • 2 months later...

Ops, sorry for the late reply. Apparently my configurations don't work with 2.0.4 (I was testing with 2.0.2).

I solved it by adding the option masq 1 for the lan zone.

You have to edit /etc/config firewall and add masquerading:

config zone
        option name             lan
        option network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT
        option masq '1'

You also have to add forwarding from wifi to wan (append it in /etc/config firewall)

config forwarding
        option src wifi
        option dest wan

This works again for me. If you have any problem post your issue here, I'll check this thread more often, I promise :P

Link to comment
Share on other sites

would a simple crossover cable work for this reason? or is it too dependant on the fw and config of the users router and pineapple. havent tried it yet, but if someone else has, feel free to chirp in :)

and seb, where can we find this beta FW?

Edited by datahead
Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...