honey4free Posted April 26, 2017 Posted April 26, 2017 Hi i have a wierd problem where my wifi pinapple looks like it's connected to the internett but it don't get dns lookup so it don't work. It works on my android device with cable and the pinapple app, this is wierd but dns lookups when bridging trough my new install of ubuntu 16.04 LTS with all updates installed and dnsmasq disabled My wifi pinapple can ping the internet eks: 8.8.8.8 #WIFI pinapple ##Ping root@pie:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=55 time=18.029 ms ##NSLOOKUP root@pie:~# nslookup vg.no Server: 127.0.0.1 Address 1: 127.0.0.1 localhost (No respons) ##NSLOOKUP with different dns server defined root@pie:~# nslookup vg.no 8.8.8.8 Server: 8.8.8.8 (No respons) ## WGET test to adobe.com (IP 192.150.16.117) root@pie:~# wget 192.150.16.117 --no-check-certificate --2017-04-26 19:45:11-- http://192.150.16.117/ Connecting to 192.150.16.117:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f [following] --2017-04-26 19:45:11-- https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f Connecting to 192.150.16.117:6081... connected. WARNING: certificate common name 'sd1-pa-01.int.honeysec.com' doesn't match requested host name '192.150.16.117'. HTTP request sent, awaiting response... 200 OK Length: 3030 (3.0K) [text/html] Saving to: 'index.html' index.html 100%[===================>] 2.96K --.-KB/s in 0s 2017-04-26 19:45:12 (23.0 MB/s) - 'index.html' saved [3030/3030] ## ifconfig root@pie:~# ifconfig br-lan Link encap:Ethernet HWaddr 00:C0:CA:8F:9A:CC inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2147 errors:0 dropped:0 overruns:0 frame:0 TX packets:2035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:371610 (362.9 KiB) TX bytes:846393 (826.5 KiB) eth0 Link encap:Ethernet HWaddr 00:C0:CA:8F:9A:CC UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2155 errors:0 dropped:0 overruns:0 frame:0 TX packets:2044 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:402148 (392.7 KiB) TX bytes:846807 (826.9 KiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:193 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12840 (12.5 KiB) TX bytes:12840 (12.5 KiB) wlan0 Link encap:Ethernet HWaddr 00:C0:CA:8F:69:4A UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:1566 (1.5 KiB) wlan1 Link encap:Ethernet HWaddr 00:C0:CA:8F:84:37 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wlan2 Link encap:Ethernet HWaddr 00:19:86:51:80:16 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ## Route root@pie:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.42.42 0.0.0.0 UG 0 0 0 br-lan 172.16.42.0 * 255.255.255.0 U 0 0 0 br-lan ## IP-Tables root@pie:~# sudo iptables -L -ash: sudo: not found root@pie:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_usb_forward all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN zone_lan_input all -- anywhere anywhere zone_usb_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_usb_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_usb_rule (1 references) target prot opt source destination Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_usb_rule (1 references) target prot opt source destination Chain input_wan_rule (1 references) target prot opt source destination Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_usb_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (0 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan_dest_ACCEPT (6 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_usb_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> usb */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_usb_dest_ACCEPT (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_usb_forward (1 references) target prot opt source destination forwarding_usb_rule all -- anywhere anywhere /* user chain for forwarding */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* forwarding usb -> lan */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_usb_dest_ACCEPT all -- anywhere anywhere Chain zone_usb_input (1 references) target prot opt source destination input_usb_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_usb_src_ACCEPT all -- anywhere anywhere Chain zone_usb_output (1 references) target prot opt source destination output_usb_rule all -- anywhere anywhere /* user chain for output */ zone_usb_dest_ACCEPT all -- anywhere anywhere Chain zone_usb_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (3 references) target prot opt source destination Chain zone_wan_forward (0 references) target prot opt source destination forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_lan_dest_ACCEPT esp -- anywhere anywhere /* @rule[7] */ zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* @rule[8] */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* forwarding wan -> lan */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_input (0 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT igmp -- anywhere anywhere /* Allow-IGMP */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_wan_src_ACCEPT all -- anywhere anywhere Chain zone_wan_output (0 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_ACCEPT (1 references) target prot opt source destination # Now over to the host (ubuntu 16.04 box) computer ## Verifying that dnsmasq is disabled (tested with dnsmasq also same problem) master@Castle:~$ more /etc/NetworkManager/NetworkManager.conf [main] plugins=ifupdown,keyfile,ofono #dns=dnsmasq [ifupdown] managed=false ## DNS server used by host master@Castle:~$ more /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.3.3.1 search (redacted) ## verifying that DNS works master@Castle:~$ nslookup adobe.com Server: 10.3.3.1 Address: 10.3.3.1#53 Non-authoritative answer: Name: adobe.com Address: 192.150.16.117 ## ifconfig on the ubuntu host root@Castle:/home/master# ifconfig eth0 Link encap:Ethernet HWaddr 00:c0:ca:8f:b3:ea inet addr:172.16.42.42 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2771 errors:0 dropped:0 overruns:0 frame:0 TX packets:2897 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:961043 (961.0 KB) TX bytes:580359 (580.3 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:700 errors:0 dropped:0 overruns:0 frame:0 TX packets:700 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:53380 (53.3 KB) TX bytes:53380 (53.3 KB) wlan0 Link encap:Ethernet HWaddr 44:1c:a8:e1:88:5b inet addr:10.3.100.3 Bcast:10.3.100.255 Mask:255.255.255.0 inet6 addr: fe80::abec:d514:8472:1ac3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21566 errors:0 dropped:0 overruns:0 frame:0 TX packets:16288 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23408735 (23.4 MB) TX bytes:1627835 (1.6 MB) ## iptables on the ubuntu host root@Castle:/home/master# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 172.16.42.0/24 anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ## Routes on the host root@Castle:/home/master# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.3.100.1 0.0.0.0 UG 0 0 0 wlan0 10.3.100.0 * 255.255.255.0 U 600 0 0 wlan0 link-local * 255.255.0.0 U 1000 0 0 wlan0 172.16.42.0 * 255.255.255.0 U 0 0 0 eth0 I have bashed my head all day at this problem and i am not a step closer to a solution. Please someone help figure this out. I can't be the onlyone with this problem. Quote
honey4free Posted April 26, 2017 Author Posted April 26, 2017 Figured out the problem. Looking trough the firewall logs i noticed that my wifipinapple was stoped at my firewall. I forgot to check my strict rules and saw that my DNS exfiltration killer also killed my wifi pinapple dns requests. So short case solved :) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.