Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
hostapd, iptables and MAC [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mir3x
Guru
Guru


Joined: 02 Jun 2012
Posts: 427

PostPosted: Mon Jul 17, 2017 1:18 pm    Post subject: hostapd, iptables and MAC [solved] Reply with quote

Hi, I tried to setup access point from my desktop, but my ISP allows only connection from certain MAC numbers like my eth0.
( I just need that router MAC cloning stuff to do properly)

I've setup hostapd from my eth0 to wlan0.

( I used https://wiki.gentoo.org/wiki/Hostapd and https://forums.gentoo.org/viewtopic-t-960258-start-0.html )
I used: iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

(btw Im not really sure what Im doing :D)

Im connecting with phone, connected, got ip address, but no internet.

I cloned my eth0 MAC to my wlan MAC for tests, but it still didnt helped.


Any idea how to fix this ? ( im not sure even which needs fixing).
For sure dnsmasq and hostapd is working.
_________________
Installation aborted to prevent system self-destruction


Last edited by mir3x on Mon Jul 17, 2017 6:35 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Mon Jul 17, 2017 4:55 pm    Post subject: Reply with quote

Did you

Code:
# echo "1" > /proc/sys/net/ipv4/ip_forward

?

The ISP locked MAC address needs to be on the interface that's connected to the ISP. All other MAC addresses don't really matter and they should be different.


Just wanted to be sure, you want the desktop to share its internet connection:
phone(wifi)->desktop(hostap/wifi)
and desktop(ethernet) -> ISP(cablemodem/dslmodem,ethernet)
?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
mir3x
Guru
Guru


Joined: 02 Jun 2012
Posts: 427

PostPosted: Mon Jul 17, 2017 4:58 pm    Post subject: Reply with quote

eccerr0r wrote:
Did you

Code:
# echo "1" > /proc/sys/net/ipv4/ip_forward

?


Yeah.

eccerr0r wrote:

Just wanted to be sure, you want the desktop to share its internet connection:
phone(wifi)->desktop(hostap/wifi)
and desktop(ethernet) -> ISP(cablemodem/dslmodem,ethernet)
?

hmm. ISP->desktop(ethernet)->desktop(wifi)->phone

I think maybe dns is not working? I'll check in a while

EDIT: i cannot connect to google by ip

I found that i got ipv4 and ipv6 on phone ( my isp dosnt allow, ipv6), ill try disabling it
_________________
Installation aborted to prevent system self-destruction
Back to top
View user's profile Send private message
ntnn
n00b
n00b


Joined: 20 Mar 2017
Posts: 10

PostPosted: Mon Jul 17, 2017 5:24 pm    Post subject: Re: hostapd, iptables and MAC Reply with quote

mir3x wrote:
but my ISP allows only connection from certain MAC numbers like my eth0.

mir3x wrote:
my isp dosnt allow, ipv6), ill try disabling it


Jesus christ, what kind of a shit ISP do you have?

But to answer the question:

Basically you want to turn your PC into a router, which should provide DHCP and DNS to the network (not necessarily DNS, you could also push e.g. Google's DNS via DHCP options and ignore DNS completely).
You'll want to have a closer look at this wiki page:
https://wiki.gentoo.org/wiki/Home_Router/en

It doesn't go too deep, but it shows enough to get a dnsmasq instance configured and running als well as other stuff. If you're not 100% sure you've set it up correctly please follow along that guide as well to check.

If you can't get to IPs outside of your local range your dnsmasq isn't pushing the correct routes to clients - without the routing information the devices won't know where to send their packets.
Also - please post the output of mtr or traceroute when trying to reach a WAN IP from a client of your PC (e.g. your phone, there are some apps giving access to the local shell).
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Mon Jul 17, 2017 5:27 pm    Post subject: Reply with quote

can you ping your desktop (both ip addresses - the IP address of your desktop's wifi and ethernet)?

Then can you ping your ISP?

Apparently DHCP is working because the phone got an IPV4 and IPV6 address ... or did it? What addresses did they get, is it in the expected DHCP range?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
mir3x
Guru
Guru


Joined: 02 Jun 2012
Posts: 427

PostPosted: Mon Jul 17, 2017 6:04 pm    Post subject: Reply with quote

I dont have any stuff on my phone yet, and my transfer limit is already over :D

I can ping my phone from desktop:
Code:
PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=590 ms


cat /var/lib/misc/dnsmasq.leases
Quote:
1500357077 c4:0b:cb:34:c1:8b 10.0.0.4 RedmiNote4-Fuckundi 01:c4:0b:cb:34:c1:8b


grep ^[^#] /etc/conf.d/net
Code:
dns_domain_lo="terrorland"
config_eth0="dhcp"
modules_wlan0="!iwconfig !wpa_supplicant"
config_wlan0="10.0.0.1/24"


grep ^[^#] /etc/hostapd/hostapd.conf

Code:
interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=test
country_code=PL
hw_mode=g
channel=0
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee80211n=1
ieee80211ac=1
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
network_auth_type=00
ipaddr_type_availability=14
ssid=fuckundi
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=topsecret


grep ^[^#] /etc/dnsmasq.conf
Code:
dhcp-range=10.0.0.2,10.0.0.5,255.255.255.0,12h
interface=wlan0
bind-interfaces
dhcp-host=10.0.0.1


Also i run it:
Code:
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
iptables -A INPUT -i wlan0 -j ACCEPT


and ip_forward is in sysctl.conf

cat /proc/sys/net/ipv4/ip_forward
1


iwconfig:
Code:
wlan0     IEEE 802.11  Mode:Master  Tx-Power=20 dBm


ifconfig
Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.9.44.221  netmask 255.255.252.0  broadcast 10.9.47.255
        ether 00:1e:4f:4b:f6:7c  txqueuelen 1000  (Ethernet)
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255
        ether 00:4f:62:2d:4c:45  txqueuelen 1000  (Ethernet)
        RX packets 1034  bytes 77155 (75.3 KiB)


( i tried with subnet 192.168.x.x - nothing changed)

I still have no clue if its isp blocking me or I srewed something up.
_________________
Installation aborted to prevent system self-destruction
Back to top
View user's profile Send private message
ntnn
n00b
n00b


Joined: 20 Mar 2017
Posts: 10

PostPosted: Mon Jul 17, 2017 6:16 pm    Post subject: Reply with quote

Yes, you're missing the routing information.

Add the following to your dnsmasq conf, then restart and have your phone request a new IP:

Code:

dhcp-option=121,10.0.0.0/24,10.0.0.1


Assuming that 10.0.0.0/24 is your lan ip range and 10.0.0.1 is your PC.
Back to top
View user's profile Send private message
mir3x
Guru
Guru


Joined: 02 Jun 2012
Posts: 427

PostPosted: Mon Jul 17, 2017 6:39 pm    Post subject: Reply with quote

Ok, i've jut put all those iptables stuff from https://wiki.gentoo.org/wiki/Home_Router/en
and then i received email via phone :D

Finally i can fill up my 60 Gb free space on phone :D

Thx guys.

( btw I tried on windows that morning, first i put some old realtek but it didnt had AP mode, and it failed, later i put airlive x-usb but windows had nop drivers, i installed a lot of crapdriverware genius, but noone of them found driver for this Ovislink Corp. AirLive X.USB 802.11abgn [Atheros AR9170+AR9104])
_________________
Installation aborted to prevent system self-destruction
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum