View previous topic :: View next topic |
Author |
Message |
mir3x Guru
Joined: 02 Jun 2012 Posts: 455
|
Posted: Mon Jul 17, 2017 1:18 pm Post subject: hostapd, iptables and MAC [solved] |
|
|
Hi, I tried to setup access point from my desktop, but my ISP allows only connection from certain MAC numbers like my eth0.
( I just need that router MAC cloning stuff to do properly)
I've setup hostapd from my eth0 to wlan0.
( I used https://wiki.gentoo.org/wiki/Hostapd and https://forums.gentoo.org/viewtopic-t-960258-start-0.html )
I used: iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
(btw Im not really sure what Im doing )
Im connecting with phone, connected, got ip address, but no internet.
I cloned my eth0 MAC to my wlan MAC for tests, but it still didnt helped.
Any idea how to fix this ? ( im not sure even which needs fixing).
For sure dnsmasq and hostapd is working. _________________ Sent from Windows
Last edited by mir3x on Mon Jul 17, 2017 6:35 pm; edited 1 time in total |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9655 Location: almost Mile High in the USA
|
Posted: Mon Jul 17, 2017 4:55 pm Post subject: |
|
|
Did you
Code: | # echo "1" > /proc/sys/net/ipv4/ip_forward |
?
The ISP locked MAC address needs to be on the interface that's connected to the ISP. All other MAC addresses don't really matter and they should be different.
Just wanted to be sure, you want the desktop to share its internet connection:
phone(wifi)->desktop(hostap/wifi)
and desktop(ethernet) -> ISP(cablemodem/dslmodem,ethernet)
? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
mir3x Guru
Joined: 02 Jun 2012 Posts: 455
|
Posted: Mon Jul 17, 2017 4:58 pm Post subject: |
|
|
eccerr0r wrote: | Did you
Code: | # echo "1" > /proc/sys/net/ipv4/ip_forward |
?
|
Yeah.
eccerr0r wrote: |
Just wanted to be sure, you want the desktop to share its internet connection:
phone(wifi)->desktop(hostap/wifi)
and desktop(ethernet) -> ISP(cablemodem/dslmodem,ethernet)
? |
hmm. ISP->desktop(ethernet)->desktop(wifi)->phone
I think maybe dns is not working? I'll check in a while
EDIT: i cannot connect to google by ip
I found that i got ipv4 and ipv6 on phone ( my isp dosnt allow, ipv6), ill try disabling it _________________ Sent from Windows |
|
Back to top |
|
|
ntnn n00b
Joined: 20 Mar 2017 Posts: 10
|
Posted: Mon Jul 17, 2017 5:24 pm Post subject: Re: hostapd, iptables and MAC |
|
|
mir3x wrote: | but my ISP allows only connection from certain MAC numbers like my eth0. |
mir3x wrote: | my isp dosnt allow, ipv6), ill try disabling it |
Jesus christ, what kind of a shit ISP do you have?
But to answer the question:
Basically you want to turn your PC into a router, which should provide DHCP and DNS to the network (not necessarily DNS, you could also push e.g. Google's DNS via DHCP options and ignore DNS completely).
You'll want to have a closer look at this wiki page:
https://wiki.gentoo.org/wiki/Home_Router/en
It doesn't go too deep, but it shows enough to get a dnsmasq instance configured and running als well as other stuff. If you're not 100% sure you've set it up correctly please follow along that guide as well to check.
If you can't get to IPs outside of your local range your dnsmasq isn't pushing the correct routes to clients - without the routing information the devices won't know where to send their packets.
Also - please post the output of mtr or traceroute when trying to reach a WAN IP from a client of your PC (e.g. your phone, there are some apps giving access to the local shell). |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9655 Location: almost Mile High in the USA
|
Posted: Mon Jul 17, 2017 5:27 pm Post subject: |
|
|
can you ping your desktop (both ip addresses - the IP address of your desktop's wifi and ethernet)?
Then can you ping your ISP?
Apparently DHCP is working because the phone got an IPV4 and IPV6 address ... or did it? What addresses did they get, is it in the expected DHCP range? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
mir3x Guru
Joined: 02 Jun 2012 Posts: 455
|
Posted: Mon Jul 17, 2017 6:04 pm Post subject: |
|
|
I dont have any stuff on my phone yet, and my transfer limit is already over
I can ping my phone from desktop:
Code: | PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=590 ms |
cat /var/lib/misc/dnsmasq.leases
Quote: | 1500357077 c4:0b:cb:34:c1:8b 10.0.0.4 RedmiNote4-Fuckundi 01:c4:0b:cb:34:c1:8b |
grep ^[^#] /etc/conf.d/net
Code: | dns_domain_lo="terrorland"
config_eth0="dhcp"
modules_wlan0="!iwconfig !wpa_supplicant"
config_wlan0="10.0.0.1/24" |
grep ^[^#] /etc/hostapd/hostapd.conf
Code: | interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=test
country_code=PL
hw_mode=g
channel=0
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee80211n=1
ieee80211ac=1
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
network_auth_type=00
ipaddr_type_availability=14
ssid=fuckundi
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=topsecret |
grep ^[^#] /etc/dnsmasq.conf
Code: | dhcp-range=10.0.0.2,10.0.0.5,255.255.255.0,12h
interface=wlan0
bind-interfaces
dhcp-host=10.0.0.1 |
Also i run it:
Code: | iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
iptables -A INPUT -i wlan0 -j ACCEPT |
and ip_forward is in sysctl.conf
cat /proc/sys/net/ipv4/ip_forward
1
iwconfig:
Code: | wlan0 IEEE 802.11 Mode:Master Tx-Power=20 dBm |
ifconfig
Code: | eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.9.44.221 netmask 255.255.252.0 broadcast 10.9.47.255
ether 00:1e:4f:4b:f6:7c txqueuelen 1000 (Ethernet)
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
ether 00:4f:62:2d:4c:45 txqueuelen 1000 (Ethernet)
RX packets 1034 bytes 77155 (75.3 KiB) |
( i tried with subnet 192.168.x.x - nothing changed)
I still have no clue if its isp blocking me or I srewed something up. _________________ Sent from Windows |
|
Back to top |
|
|
ntnn n00b
Joined: 20 Mar 2017 Posts: 10
|
Posted: Mon Jul 17, 2017 6:16 pm Post subject: |
|
|
Yes, you're missing the routing information.
Add the following to your dnsmasq conf, then restart and have your phone request a new IP:
Code: |
dhcp-option=121,10.0.0.0/24,10.0.0.1
|
Assuming that 10.0.0.0/24 is your lan ip range and 10.0.0.1 is your PC. |
|
Back to top |
|
|
mir3x Guru
Joined: 02 Jun 2012 Posts: 455
|
Posted: Mon Jul 17, 2017 6:39 pm Post subject: |
|
|
Ok, i've jut put all those iptables stuff from https://wiki.gentoo.org/wiki/Home_Router/en
and then i received email via phone
Finally i can fill up my 60 Gb free space on phone
Thx guys.
( btw I tried on windows that morning, first i put some old realtek but it didnt had AP mode, and it failed, later i put airlive x-usb but windows had nop drivers, i installed a lot of crapdriverware genius, but noone of them found driver for this Ovislink Corp. AirLive X.USB 802.11abgn [Atheros AR9170+AR9104]) _________________ Sent from Windows |
|
Back to top |
|
|
|