Jump to content

Recommended Posts

Posted

Hi i have a wierd problem where my wifi pinapple looks like it's connected to the internett but it don't get dns lookup so it don't work.
It works on my android device with cable and the pinapple app, this is wierd

but dns lookups when bridging trough my new install of ubuntu 16.04 LTS with all updates installed and dnsmasq disabled


My wifi pinapple can ping the internet eks: 8.8.8.8

#WIFI pinapple

##Ping

root@pie:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=55 time=18.029 ms

##NSLOOKUP

root@pie:~# nslookup vg.no
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost
(No respons)

##NSLOOKUP with different dns server defined

root@pie:~# nslookup vg.no 8.8.8.8
Server:    8.8.8.8
(No respons)

## WGET test to adobe.com (IP 192.150.16.117)

root@pie:~# wget 192.150.16.117 --no-check-certificate
--2017-04-26 19:45:11--  http://192.150.16.117/
Connecting to 192.150.16.117:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f [following]
--2017-04-26 19:45:11--  https://192.150.16.117:6081/php/urladmin.php?vsys=1&cat=16383&title=unknown&rulename=Internet Access&sip=10.3.100.3&post=0&token=913AB4C748D6DE9FFDA3664A4FB58B279D2A2B9C&url=http://192.150.16.117%2f
Connecting to 192.150.16.117:6081... connected.
    WARNING: certificate common name 'sd1-pa-01.int.honeysec.com' doesn't match requested host name '192.150.16.117'.
HTTP request sent, awaiting response... 200 OK
Length: 3030 (3.0K) [text/html]
Saving to: 'index.html'

index.html          100%[===================>]   2.96K  --.-KB/s    in 0s      

2017-04-26 19:45:12 (23.0 MB/s) - 'index.html' saved [3030/3030]

## ifconfig

root@pie:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:C0:CA:8F:9A:CC  
          inet addr:172.16.42.1  Bcast:172.16.42.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2147 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2035 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:371610 (362.9 KiB)  TX bytes:846393 (826.5 KiB)

eth0      Link encap:Ethernet  HWaddr 00:C0:CA:8F:9A:CC  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2044 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:402148 (392.7 KiB)  TX bytes:846807 (826.9 KiB)
          Interrupt:4

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:193 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12840 (12.5 KiB)  TX bytes:12840 (12.5 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:C0:CA:8F:69:4A  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1566 (1.5 KiB)

wlan1     Link encap:Ethernet  HWaddr 00:C0:CA:8F:84:37  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan2     Link encap:Ethernet  HWaddr 00:19:86:51:80:16  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

## Route

root@pie:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.42.42    0.0.0.0         UG    0      0        0 br-lan
172.16.42.0     *               255.255.255.0   U     0      0        0 br-lan

## IP-Tables

root@pie:~# sudo iptables -L
-ash: sudo: not found
root@pie:~#  iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
delegate_input  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
delegate_forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
delegate_output  all  --  anywhere             anywhere            

Chain delegate_forward (1 references)
target     prot opt source               destination         
forwarding_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
zone_lan_forward  all  --  anywhere             anywhere            
zone_usb_forward  all  --  anywhere             anywhere            

Chain delegate_input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
input_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
zone_lan_input  all  --  anywhere             anywhere            
zone_usb_input  all  --  anywhere             anywhere            

Chain delegate_output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
output_rule  all  --  anywhere             anywhere             /* user chain for output */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
zone_lan_output  all  --  anywhere             anywhere            
zone_usb_output  all  --  anywhere             anywhere            

Chain forwarding_lan_rule (1 references)
target     prot opt source               destination         

Chain forwarding_rule (1 references)
target     prot opt source               destination         

Chain forwarding_usb_rule (1 references)
target     prot opt source               destination         

Chain forwarding_wan_rule (1 references)
target     prot opt source               destination         

Chain input_lan_rule (1 references)
target     prot opt source               destination         

Chain input_rule (1 references)
target     prot opt source               destination         

Chain input_usb_rule (1 references)
target     prot opt source               destination         

Chain input_wan_rule (1 references)
target     prot opt source               destination         

Chain output_lan_rule (1 references)
target     prot opt source               destination         

Chain output_rule (1 references)
target     prot opt source               destination         

Chain output_usb_rule (1 references)
target     prot opt source               destination         

Chain output_wan_rule (1 references)
target     prot opt source               destination         

Chain reject (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP       all  --  anywhere             anywhere            

Chain zone_lan_dest_ACCEPT (6 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain zone_lan_forward (1 references)
target     prot opt source               destination         
forwarding_lan_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* forwarding lan -> wan */
zone_usb_dest_ACCEPT  all  --  anywhere             anywhere             /* forwarding lan -> usb */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port forwards */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere            

Chain zone_lan_input (1 references)
target     prot opt source               destination         
input_lan_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port redirections */
zone_lan_src_ACCEPT  all  --  anywhere             anywhere            

Chain zone_lan_output (1 references)
target     prot opt source               destination         
output_lan_rule  all  --  anywhere             anywhere             /* user chain for output */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere            

Chain zone_lan_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain zone_usb_dest_ACCEPT (3 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain zone_usb_forward (1 references)
target     prot opt source               destination         
forwarding_usb_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* forwarding usb -> lan */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port forwards */
zone_usb_dest_ACCEPT  all  --  anywhere             anywhere            

Chain zone_usb_input (1 references)
target     prot opt source               destination         
input_usb_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port redirections */
zone_usb_src_ACCEPT  all  --  anywhere             anywhere            

Chain zone_usb_output (1 references)
target     prot opt source               destination         
output_usb_rule  all  --  anywhere             anywhere             /* user chain for output */
zone_usb_dest_ACCEPT  all  --  anywhere             anywhere            

Chain zone_usb_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain zone_wan_dest_ACCEPT (3 references)
target     prot opt source               destination         

Chain zone_wan_forward (0 references)
target     prot opt source               destination         
forwarding_wan_rule  all  --  anywhere             anywhere             /* user chain for forwarding */
zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* @rule[7] */
zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* @rule[8] */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* forwarding wan -> lan */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port forwards */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere            

Chain zone_wan_input (0 references)
target     prot opt source               destination         
input_wan_rule  all  --  anywhere             anywhere             /* user chain for input */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* Allow-DHCP-Renew */
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* Allow-Ping */
ACCEPT     igmp --  anywhere             anywhere             /* Allow-IGMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* Accept port redirections */
zone_wan_src_ACCEPT  all  --  anywhere             anywhere            

Chain zone_wan_output (0 references)
target     prot opt source               destination         
output_wan_rule  all  --  anywhere             anywhere             /* user chain for output */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere            Chain zone_wan_src_ACCEPT (1 references)
target     prot opt source               destination  

 

# Now over to the host (ubuntu 16.04 box) computer

## Verifying that dnsmasq is disabled (tested with dnsmasq also same problem)

master@Castle:~$ more /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq

[ifupdown]
managed=false

## DNS server used by host

master@Castle:~$ more /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.3.3.1
search (redacted)

## verifying that DNS works

master@Castle:~$ nslookup adobe.com
Server:        10.3.3.1
Address:    10.3.3.1#53

Non-authoritative answer:
Name:    adobe.com
Address: 192.150.16.117

## ifconfig on the ubuntu host

root@Castle:/home/master# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:c0:ca:8f:b3:ea  
          inet addr:172.16.42.42  Bcast:172.16.42.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2771 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2897 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:961043 (961.0 KB)  TX bytes:580359 (580.3 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:700 errors:0 dropped:0 overruns:0 frame:0
          TX packets:700 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:53380 (53.3 KB)  TX bytes:53380 (53.3 KB)

wlan0     Link encap:Ethernet  HWaddr 44:1c:a8:e1:88:5b  
          inet addr:10.3.100.3  Bcast:10.3.100.255  Mask:255.255.255.0
          inet6 addr: fe80::abec:d514:8472:1ac3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21566 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16288 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23408735 (23.4 MB)  TX bytes:1627835 (1.6 MB)

 


## iptables on the ubuntu host

root@Castle:/home/master# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  172.16.42.0/24       anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

## Routes on the host

root@Castle:/home/master# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.3.100.1      0.0.0.0         UG    0      0        0 wlan0
10.3.100.0      *               255.255.255.0   U     600    0        0 wlan0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
172.16.42.0     *               255.255.255.0   U     0      0        0 eth0

I have bashed my head all day at this problem and i am not a step closer to a solution.

Please someone help figure this out.
I can't be the onlyone with this problem.

Posted

Figured out the problem.
Looking trough the firewall logs i noticed that my wifipinapple was stoped at my firewall.
I forgot to check my strict rules and saw that my DNS exfiltration killer also killed my wifi pinapple dns requests.

So short case solved :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...