There has been the random occasion when I need to get Internet access when benching hardware or testing out MITM stuff and have found it convenient to make use of 3G connection. Done recently on a customer site to run up a Nokia VRRP cluster that was going to replace a single production firewall. By setting a laptop up to act as the upstream ISP gateway and another PC behind the firewall, I could pull data while running fail over tests.
Kit used went along the lines of:
1 x Laptop with Backtrack 4 installed
1 x Optus 3G adaptor (Model E220)
The setup goes along the lines of....
1] BT4
1 x Optus 3G adaptor (Model E220)
The setup goes along the lines of....
1] BT4
Boot up Backtrack and config the Ethernet port to the gateway address you need to plug your router/firewall into. You can get away with assigning Internet routable addresses to this interface to lab a production configuration as the traffic will be hidden (hide NAT) before it gets passed upstream anyways. An example of setting an IP address to eth0:
# ifconfig eth0 10.254.239.1 netmask 255.255.255.224
2] 3G Adaptor
Now, I'm going to conveniently skip over details on how you can detect your 3G device using lsusb & dmesg then sorting out the wvdial.conf to make this all work and just assume you have already done this. If you haven't, Google is your friend, not my lame blog post... By this time, I'm usually in an X session and running Terminator in full screen. Breaking out a few 'root' shell windows, plug in the 3G card and run the following command in one of them. Note: The window you run this in will need to be left alone unless you want to bring down the 3G connection with a conveniently placed CTRL-C.
# wvdial Optus3G
I have included the wvdial.conf file in the post below for both the Optus and Three cards I have tested. Can;t confirm if they are optimal configs, just that they worked for me.
3] Hide NAT
In another window of my Terminator session set up IP Tables to NAT traffic
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
4] IP Forwarding
Turn on IP Forwarding to allow the Linux kernel to act as a gateway by running the following command.
# echo "1" > /proc/sys/net/ipv4/ip_forward
5] Monitoring
To keep an eye on the traffic passing through the laptop, use tcpdump in one of those Terminator shell windows.
# tcpdump -n -i eth0
6] Profit
Quick Ref:
# ifconfig eth0 10.254.239.1 netmask 255.255.255.224
# wvdial Optus3G
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# echo "1" > /proc/sys/net/ipv4/ip_forward
# tcpdump -n -i eth0
Optus3G wvdial.conf config::
# wvdial Optus3G
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# echo "1" > /proc/sys/net/ipv4/ip_forward
# tcpdump -n -i eth0
Optus3G wvdial.conf config::
[Dialer Optus3G]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode=1
Modem Type = Analog Modem
ISDN = 0
Phone = *99\#
Modem = /dev/ttyUSB0
Password = username
Username = password
Dial Command = ATDT
Baud = 466600
New PPPD = yes
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode=1
Modem Type = Analog Modem
ISDN = 0
Phone = *99\#
Modem = /dev/ttyUSB0
Password = username
Username = password
Dial Command = ATDT
Baud = 466600
New PPPD = yes
Other variations on this setup could include running up your own DHCP and DNS for some MITM work...yeeharr...
exit 0
No comments:
Post a Comment