Results 1 to 4 of 4

Thread: Transparent Airbase to wireless AP MASQ, need help!

  1. #1

    Transparent Airbase to wireless AP MASQ, need help!

    Hey guys, wondering if I could get a little help? Ive been working on turning my laptop into a wireless access point for a few days now and it is driving me nuts. The upside is ive learned a ton about how networks and how things such as DNS and DHCP work, the downside is that they don't want to work for me!

    EDIT: I am using a slackware distro with the 2.6.21.5 kernel

    Im using a program call airbase-ng to mimic wireless AP functionality. This program uses my wlan1 ALFA USB card and creates a new interface called at0 which gets traffic from connected clients.

    I am trying to get simple internet connectivity for the clients connected to my laptop AP, let me illustrate.

    Client>>><<<Airbase AP>>><<<RealAP>>><<<Internet

    My client is an 1ghz pentium 256meg ram running xp unpatched with an old dell truemobile wireless b only card.

    My Airbase host is a Dell 1525, x2 2.0ghz core2duo, 3gigs ram, Intel 4965AGN internal wifi (wlan0), and ALFA 500mW USB with RTL 8187 chip (wlan1)

    My Real AP is a Netgear wireless BGN router with standard firmware connected to a comcast cable modem.

    I have tried a few different methods to get this to work, such as:
    Modifying the dhcpd.conf and using dhcpd
    Using the DNSMasq program
    Using brctl and bridging to simply forward packets from one MAC to another.

    Currently I have had the most luck with IPMASQ using a script from:
    hxxp ://tldp.org/HOWTO /IP-Masquerade-HOWTO /firewall-examples. html#RC.FIREWALL-IPTABLES (remove spaces for link)

    Here is the script without all the #junk from the website: START
    -----------------------------------------------------------------------------------------------------------
    #!/bin/sh
    #
    # rc.firewall-iptables
    FWVER=0.76

    echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"

    #IPTABLES=/sbin/iptables
    IPTABLES=/usr/sbiniptables
    DEPMOD=/sbin/depmod
    MODPROBE=/sbin/modprobe

    EXTIF="wlan0"
    INTIF="at0"
    echo " External Interface: $EXTIF"
    echo " Internal Interface: $INTIF"

    echo -en " loading modules: "
    echo " - Verifying that all kernel modules are ok"
    $DEPMOD -a

    echo "----------------------------------------------------------------------"
    echo -en "ip_tables, "
    $MODPROBE ip_tables
    echo -en "ip_conntrack, "
    $MODPROBE ip_conntrack
    echo -en "ip_conntrack_ftp, "
    $MODPROBE ip_conntrack_ftp
    echo -en "ip_conntrack_irc, "
    $MODPROBE ip_conntrack_irc
    echo -en "iptable_nat, "
    $MODPROBE iptable_nat
    echo -en "ip_nat_ftp, "
    $MODPROBE ip_nat_ftp
    #echo -e "ip_nat_irc"
    #$MODPROBE ip_nat_irc
    echo "----------------------------------------------------------------------"
    echo -e " Done loading modules.\n"
    echo " Enabling forwarding.."
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo " Enabling DynamicAddr.."
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr

    echo " Clearing any existing rules and setting default policy.."
    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -F INPUT
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -F OUTPUT
    $IPTABLES -P FORWARD DROP
    $IPTABLES -F FORWARD
    $IPTABLES -t nat -F

    echo " FWD: Allow all connections OUT and only existing and related ones IN"
    $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
    $IPTABLES -A FORWARD -j LOG

    echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
    $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

    echo -e "\nrc.firewall-iptables v$FWVER done.\n"
    ---------------------------------------------------------------------------------------------------------------------
    SCRIPT END

    Here is my method for arriving where I am.

    I start an airbase AP
    "airbase-ng -c 11 -e "TestWifi" wlan1"
    This starts airbase on my ALFA, I am just using it for testing right now so I omitted the -C -P and all that and made a basic AP

    I then set my new at0 interface
    "ifconfig at0 up"
    "ifconfig at0 192.168.1.1 netmask 255.255.255.0"
    I wasnt sure what I should set the ip of at0 to so I have tried multiple things such as 10.0.0.1 and 192.168.1.10 all with the same netmask."

    Then I run the rc.firewall-iptables script from the link above. The only modification I made to it was to set the location of iptables from
    "IPTABLES=/usr/local/sbin/iptables" to
    "IPTABLES=/usr/sbin/iptables"
    I also set all references to eth0 as wlan0 for my EXTERNAL interface and anything as eth1 to at0 for my INTERNAL interface.

    This seemed to solve the errors I got when it said that iptables commands didnt exist, and fixed my refernces to point to the correct interfaces.

    I then run the script and get this:
    "Loading simple rc.firewall-iptables version 0.76.."

    "External Interface: wlan0"
    "Internal Interface at0"
    "loading modules: - Verifying that all kernel modules are ok"
    ---------------------------------------------------------------------------------------------
    "ip_tables, ip_conntrack_ftp, ip_conntrack_irc, iptable_nat, ip_nat_ftp"
    ----------------------------------------------------------------------------------------------
    "Done loading modules."

    "Enabling forwarding.."
    "Enabling DynamicAddr.."
    "Clearing any existing rules and setting default policy.."
    "FWD: Allow all connections OUT and only existing and related ones IN"
    "Enabling SNAT (MASQUERADE) functionality on wlan0"

    "rc.firewall-iptables v0.76 done."

    So far so good, I then connect to the internet through my router with wlan0 and connect my client to my Airbase AP, and I get nothing. I can successfully connect my client to airbase, but it just black holes the client. I watched wireshark carefully and here is what I see.

    Wlan1 (ALFA) gets a lot of packets, most of it is just broadcasts and normal stuff.

    at0 gets packets only from clients connected to the Airbase AP, it also seems to be handling ARP requests and DHCP requests and assigning an IP address to the clients.

    wlan0 (Intel) Gets nothing, unless I try to browse from my Airbase PC then it gets normal traffic, but not a single packet makes it from at0 to wlan0 and vice versa.

    If anyone could help me get this working I would be incredibly grateful! Ive been working on this forever and it is driving me batty! If there are other simpler ways of achieving the same kind of function please let me know.

  2. #2
    Junior Member tuxette's Avatar
    Join Date
    Jan 2006
    Posts
    60
    • Without all the iptables stuff running, can you ping the Linux AP or the real AP?
    • Is the real AP, a wireless device or just a basic home internet router?
    • Is the Linux AP connected to the real AP via cable or is it relaying the traffic wirelessly?

  3. #3
    My clients are able to ping the Linux AP but not the Real AP.
    My Linux AP is able to ping the Real AP and get to the internet.

    The Real AP is a wireless home router connected to a cable modem, the Linux AP can be connected either by cable or wirelessly, either way would serve my purposes.

    When I connect my Linux AP to the Real AP my EXTERNAL NIC (wlan0/eth0) gets assigned an IP in a subnet 192.168.0.2-100 The Real AP being .0.1

    When I connect a client to my Linux AP it gets assigned to another subnet 192.168.1.2-100 The Linux APs INTERNAL NIC (at0) has 192.168.1.1

    I need to be able to get those two subnets to talk to each other inside the Linux box.

    (Clients 192.168.1.2-100)>>>>>([LinuxBoxAirbase 192.168.1.1)xxxx(LinuxBoxwlan0 192.168.0.2-100])>>>>>(WifiRouter 192.168.0.1)>>>>>(CableModemInternet)

  4. #4
    Junior Member tuxette's Avatar
    Join Date
    Jan 2006
    Posts
    60
    I think you need to enable ip forwarding and set the wireless clients to use the Linux box as the default gateway. Keep iptables off during your testing.

    The other problem may be that you need to have a route on your real WAP pointing to the 192.168.1.0 network via the Linux box.

    Another possibility, is to use iptables just to do masquerade, ip forwarding and nothing more, no packet filtering. Then use tcpdump to see whether the packets are passing through both NICs.

Similar Threads

  1. Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES
    By malcoholio in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-11-2005, 06:58 PM
  2. Transparent xterm??
    By in forum General Chat
    Replies: 4
    Last Post: 05-26-2004, 02:23 AM
  3. Transparent *terms
    By babbing in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 05-04-2004, 03:12 PM
  4. Will masq work?
    By airhead in forum Linux - Hardware, Networking & Security
    Replies: 8
    Last Post: 09-17-2002, 08:50 PM
  5. cannot send email to SMTP server from Window2000 Outlook masq through SUSE Linux
    By malexg in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 07-27-2002, 03:43 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •