From ac2484b551f9f22d41b0b51df0c98ecb8b22d789 Mon Sep 17 00:00:00 2001 From: KING SABRI Date: Thu, 30 Mar 2017 01:12:15 +0300 Subject: [PATCH 1/2] Fix iptables rules for ICS --- wp6.sh | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/wp6.sh b/wp6.sh index 88d6ead..b76965a 100644 --- a/wp6.sh +++ b/wp6.sh @@ -3,7 +3,7 @@ # EULA https://www.wifipineapple.com/licence/eula.txt # License https://www.wifipineapple.com/licence/software_licence.txt -wpver=6.5 +wpver=6.5.1 spineapplenmask=255.255.255.0 spineapplenet=172.16.42.0/24 spineapplelan=eth1 @@ -278,14 +278,22 @@ function connectsaved { printf " $(tput setaf 6) ( _ )_ $(tput sgr0) $(tput setaf 2)<-->$(tput sgr0) $(tput setaf 7)[___]$(tput sgr0) $(tput setaf 2)<-->$(tput sgr0) $(tput setaf 3),<><>,$(tput sgr0)\n" printf " $(tput setaf 6) (_ _(_ ,)$(tput sgr0) $(tput setaf 7)\___\\$(tput sgr0) $(tput setaf 3)'<><>'$(tput sgr0)\n" ifconfig $spineapplelan $spineapplehostip netmask $spineapplenmask up #Bring up Ethernet Interface directly connected to Pineapple - echo '1' > /proc/sys/net/ipv4/ip_forward # Enable IP Forwarding - iptables -X #clear chains and rules - iptables -F - iptables -A FORWARD -i $spineapplewan -o $spineapplelan -s $spineapplenet -m state --state NEW -j ACCEPT #setup IP forwarding - iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT - iptables -A POSTROUTING -t nat -j MASQUERADE - route del default #remove default route - route add default gw $spineapplegw $spineapplewan #add default gateway + + # + # IP Forwarding Settingup + # + + # Enable kernel IP forwarding + echo '1' > /proc/sys/net/ipv4/ip_forward + # Enable iptables forwarding + iptables -I FORWARD 1 -i $spineapplewan -o $spineapplelan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "WifiPineapple to Inetnet" -j ACCEPT + iptables -I FORWARD 2 -i $spineapplelan -o $spineapplewan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "Inetnet to WifiPineapple" -j ACCEPT + # Enable connection masquerading + iptables -A POSTROUTING -t nat -o $spineapplewan -m comment --comment "Inetnet Connection Sharing (ICS)" -j MASQUERADE + # remove default route + route del default + # add default gateway + route add default gw $spineapplegw $spineapplewan printf "\n Browse to http://$spineappleip:1471\n\n" exit } @@ -297,7 +305,7 @@ function bunny { exit } -banner #remove for less 1337 +banner # remove for less 1337 showsettings if [[ "$sfirsttime" == "1" ]]; then printf " From 303da9b0f3868953f2def4462f33b77cfc5a1063 Mon Sep 17 00:00:00 2001 From: KING SABRI Date: Tue, 17 Jul 2018 17:52:34 +0300 Subject: [PATCH 2/2] validate iptables rules --- wp6.sh | 45 +++++++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 12 deletions(-) mode change 100644 => 100755 wp6.sh diff --git a/wp6.sh b/wp6.sh old mode 100644 new mode 100755 index b76965a..e10b2f1 --- a/wp6.sh +++ b/wp6.sh @@ -261,6 +261,35 @@ function savechanges { menu } +# +# IP Forwarding Settings +# +function set_ip_forward { + echo "Setting-up IP forwarding rules..." + + # Enable kernel IP forwarding + echo '1' > /proc/sys/net/ipv4/ip_forward + + wp2net=`iptables -nv -L FORWARD | grep -i "WifiPineapple to Inetnet"` + net2wp=`iptables -nv -L FORWARD | grep -i "Inetnet to WifiPineapple"` + netmsq=`iptables -t nat -nv -L POSTROUTING | grep -i "Inetnet Connection Sharing (ICS)"` + + # Enable iptables outgoing forwarding + if [ -z "$wp2net" ]; then + iptables -I FORWARD 1 -i $spineapplewan -o $spineapplelan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "WifiPineapple to Inetnet" -j ACCEPT + fi + + # Enable iptables ingoing forwarding + if [ -z "$net2wp" ]; then + iptables -I FORWARD 2 -i $spineapplelan -o $spineapplewan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "Inetnet to WifiPineapple" -j ACCEPT + fi + + # Enable connection masquerading + if [ -z "$netmsq" ]; then + iptables -A POSTROUTING -t nat -o $spineapplewan -m comment --comment "Inetnet Connection Sharing (ICS)" -j MASQUERADE + fi +} + function connectsaved { if [[ "$sfirsttime" == "1" ]]; then printf "\n Error: Settings unsaved. Run either Guided or Manual setup first.\n"; menu @@ -279,17 +308,9 @@ function connectsaved { printf " $(tput setaf 6) (_ _(_ ,)$(tput sgr0) $(tput setaf 7)\___\\$(tput sgr0) $(tput setaf 3)'<><>'$(tput sgr0)\n" ifconfig $spineapplelan $spineapplehostip netmask $spineapplenmask up #Bring up Ethernet Interface directly connected to Pineapple - # - # IP Forwarding Settingup - # - - # Enable kernel IP forwarding - echo '1' > /proc/sys/net/ipv4/ip_forward - # Enable iptables forwarding - iptables -I FORWARD 1 -i $spineapplewan -o $spineapplelan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "WifiPineapple to Inetnet" -j ACCEPT - iptables -I FORWARD 2 -i $spineapplelan -o $spineapplewan -m state --state NEW,ESTABLISHED,RELATED -m comment --comment "Inetnet to WifiPineapple" -j ACCEPT - # Enable connection masquerading - iptables -A POSTROUTING -t nat -o $spineapplewan -m comment --comment "Inetnet Connection Sharing (ICS)" -j MASQUERADE + # IP Forwarding Settings + set_ip_forward + # remove default route route del default # add default gateway @@ -313,4 +334,4 @@ if [[ "$sfirsttime" == "1" ]]; then script, Guided setup is recommended to save initial configuration.\n\ Subsequent sessions may be quickly connected using saved settings.\n" fi -menu +menu \ No newline at end of file