Jump to content

Routing issues via ICS (linux host)


hachiman

Recommended Posts

Posted

Hey everyone, 

hopefully anyone got any ideas where I might be stuck. 

Currently operate my WPVII via USB cable, tethered to a Linux host (Parrot Security). 

I am running wp7.sh and can access the WP at 172.16.42.1 via browser. 

However the WP always throws an error that no internet connectivity is detected. When I check my routing table on the WP it seems ok:

/pineapple# route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.42.42    0.0.0.0         UG    0      0        0 br-lan
default         172.16.42.42    0.0.0.0         UG    0      0        0 br-lan
default         *               0.0.0.0         U     202    0        0 eth0
169.254.0.0     *               255.255.0.0     U     202    0        0 eth0
169.254.0.0     *               255.255.0.0     U     206    0        0 br-lan
169.254.0.0     *               255.255.0.0     U     309    0        0 wlan0
169.254.0.0     *               255.255.0.0     U     310    0        0 wlan0-1
172.16.42.0     *               255.255.255.0   U     0      0        0 br-lan

 

Iptables on the linux host (which shares the internet connection)

sudo iptables -L
[sudo] password for user: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

ACCEPT     all  --  172.16.42.0/24       anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Anyone any idea what might be the problem? 

Posted

Is the Linux host using 172.16.42.42 as local IP for the interface that is connected to the Pineapple? The bash script should set it, but verify it so that it doesn't fail setting that IP for some reason.

Posted

Yes it does. Bidirectional communication from Linux host to WP works (the webinterface is accessible, ssh and scp to WP works). But internet access from the WP doesnt. 

IPtables on the linux host seems correct, ufw is off (checked it just to make sure there is nothing interfering).

Posted

OK, I extremely seldom use ICS along with the Pineapple, but I downloaded the wp7.sh file now on a Linux machine and set it all up and it results in a working ICS and the Pineapple successfully pings resources on the internet as well as downloads updates using opkg. You have two default routes in your route command output, both for the .42 IP. Not sure if that messes things up. My route output looks exactly the same apart from only having one default route entry for the .42 address.

  • 4 weeks later...
Posted

I have also had odd routing issues, and traced it back to having 2 default gateways. Having the 2 def gw's occurs whether I'm using ICS, Wifi client mode, or USB ethernet device - I always have a default gateway 172.16.42.42 AND another default gw on my list!

I once stumbled on a quick way to fix - quite by accident, but it works - Go to a command prompt (ssh, web term, etc), and type 'ip r del' .

I'm not clear as to why this works, but every time I run that command, my Firewall rules start going through.

Posted

It's buggy.. I gave up on tethered and it just wasn't consistent. If I must take it online, I use wireless.. The interfaces to wonky things also.. Sometimes not going in monitoring mode, etc.. Just..Buggy.. IMO. 

I am reeeeeal good at defaulting it and starting fresh.. Actually a pro at that, if you ever need reset advice. lol.

Posted

This is how I do it in Ubuntu 20.04 and it works for me every time I gave up on the wp7.sh script and followed this...

https://infosecwriteups.com/wifi-pineapple-how-to-setup-internet-connection-sharing-ics-on-linux-e5a544345738

However doing this STILL doesn't allow things to connect.

I don't fully remember how I came to the conclusion that I needed to change the interface priority maybe via traceroute or hours of googling it's been a long time. But I just set the metric to my pineapples interface to something much higher than my built in wan interface and then I get ICS works. I tested this out on my ubuntu laptop and desktop.

I run this command on Ubuntu

sudo ifmetric enx001337a72855 20100

My unbutu routes look like this before the command (sorry for the poor formatting) but notice the metric for the pineapple interface has priority over wlo1

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 enx001337a72855
default         _gateway        0.0.0.0         UG    600    0        0 wlo1
10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlo1
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlo1
172.16.0.0      0.0.0.0         255.255.0.0     U     100    0        0 enx001337a72855

 

Then after I run sudo ifmetric enx001337a72855 20100 my routes look like this...

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    600    0        0 wlo1
default         _gateway        0.0.0.0         UG    20100  0        0 enx001337a72855
10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlo1
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlo1
172.16.0.0      0.0.0.0         255.255.0.0     U     20100  0        0 enx001337a72855

I use 20100 because on my desktop my ubuntu wifi interface metric is 20000 for some reason.

So since the connection is being shared and wlo1 is actually the interface that has the connection traffic needs to be forced to head through that because if it hits the wifi pineapple interface first it dies.

If that makes sense. Again I should have taken notes on how I got here, but I did and it works at least for ubuntu. So now after I've set up the interface one time per the posted link now I just have to run

sudo ifmetric enx001337a72855 20100 after I plug in my pineapple and I'm good to go.

 

I JUST confirmed via traceroute that this is why.

If my metric is set to my pineapple interface as priority it fails because it hits my pineapple as the gateway...

traceroute www.google.com
traceroute to www.google.com (142.250.65.228), 30 hops max, 60 byte packets
 1  _gateway (172.16.42.1)  0.500 ms  0.561 ms  0.721 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *

but after setting the metric it works and goes out through eth0

and goes out through my actual gateway...

 

traceroute www.google.com          
traceroute to www.google.com (142.250.65.228), 30 hops max, 60 byte packets
 1  _gateway (10.0.0.1)  4.055 ms  4.032 ms  4.004 ms
 2  96.120.72.197 (96.120.72.197)  11.361 ms  17.429 ms  17.471 ms
 3  24.124.227.249 (24.124.227.249)  17.410 ms  17.357 ms  17.338 ms
 4  68.85.62.221 (68.85.62.221)  17.248 ms  17.242 ms  17.189 ms
 5  68.86.158.129 (68.86.158.129)  19.037 ms  20.289 ms  18.984 ms

 

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...