From fa48b15fc7ad5a55572952388576374a71a852e7 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger Date: Tue, 26 Mar 2024 03:38:48 +0100 Subject: [PATCH] SYNC commit. --- code/enable-forwarding.sh | 6 ++++ .../TODO1.md => journal/26-03-2024-Tue.md} | 0 notes/journal/26-03-24-tue.md | 0 notes/todos/todo.md | 2 +- notes/wiki/EnvironmentSetup.md | 1 + notes/wiki/aircrack-ng.md | 1 + notes/wiki/dnsmasq.md | 33 +++++++++++++++++++ notes/wiki/hostapd.md | 2 ++ notes/wiki/ip-forwarding.md | 32 ++++++++++++++++++ notes/wiki/iw.md | 2 +- notes/wiki/monitoring.md | 2 +- notes/wiki/nmcli.md | 15 ++++++--- 12 files changed, 88 insertions(+), 8 deletions(-) create mode 100755 code/enable-forwarding.sh rename notes/{todos/TODO1.md => journal/26-03-2024-Tue.md} (100%) create mode 100644 notes/journal/26-03-24-tue.md create mode 100644 notes/wiki/dnsmasq.md create mode 100644 notes/wiki/ip-forwarding.md diff --git a/code/enable-forwarding.sh b/code/enable-forwarding.sh new file mode 100755 index 0000000..a8e6b73 --- /dev/null +++ b/code/enable-forwarding.sh @@ -0,0 +1,6 @@ +#! +# Run as root +# + +sysctl -w net.ipv4.conf.all.forwarding=1 +sysctl -w net.ipv6.conf.all.forwading=1 diff --git a/notes/todos/TODO1.md b/notes/journal/26-03-2024-Tue.md similarity index 100% rename from notes/todos/TODO1.md rename to notes/journal/26-03-2024-Tue.md diff --git a/notes/journal/26-03-24-tue.md b/notes/journal/26-03-24-tue.md new file mode 100644 index 0000000..e69de29 diff --git a/notes/todos/todo.md b/notes/todos/todo.md index 3ba0dfc..c0c86f4 100644 --- a/notes/todos/todo.md +++ b/notes/todos/todo.md @@ -1,4 +1,4 @@ -- [ ] [[TODO1]] Need microsd card for Mi 360 home camera +- [ ] !Need microsd card for Mi 360 home camera - [ ] Cannot get Ledvance LED strip into discovery mode s.t. connection could be established - [ ] Have not managed to setup AP/Hotspot: Amazon echodot needs iOS app but iPhone will not connect to AP on fedora Laptop - [x] ~~Ask Valentyna/Nima for other approach to capture traffic~~ Preliminary Fix: USB Plugable Wifi Adapters. diff --git a/notes/wiki/EnvironmentSetup.md b/notes/wiki/EnvironmentSetup.md index 396fa31..66635ea 100644 --- a/notes/wiki/EnvironmentSetup.md +++ b/notes/wiki/EnvironmentSetup.md @@ -18,6 +18,7 @@ So what must a toolkit which sets up the experiment environment be able to do: 1. __AP Service__ Through config or detection setup a properly configure AP, possibly on a external adapter 2. __IP networking dependencies__ Since the experiment machine is replacing some functionality usually offered by the router to connecting host, some router functionality must be offerd. In particular [[dhcp]] (IoT device needs an IP) and [[dns]] (IoT device needs some way to get IPs of hosts it wants to connect to). 3. __Internet Gateway__ Enable any IoT device to connect to the Internet. That is, test machine must at least be a [[gateway]] and the IoT device should ideally be able to understand that without any configuration. +4. Any firewall must allow for [[dhcp]] and [[dns]] services to be accepted by experiment host. # AP Configuration ## Using NetworkManager See [here](https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point_with_NetworkManager). Can use the command line tool [[nmcli]]. diff --git a/notes/wiki/aircrack-ng.md b/notes/wiki/aircrack-ng.md index e69de29..a7f216a 100644 --- a/notes/wiki/aircrack-ng.md +++ b/notes/wiki/aircrack-ng.md @@ -0,0 +1 @@ +#tldr : #TODO \ No newline at end of file diff --git a/notes/wiki/dnsmasq.md b/notes/wiki/dnsmasq.md new file mode 100644 index 0000000..db3a6db --- /dev/null +++ b/notes/wiki/dnsmasq.md @@ -0,0 +1,33 @@ +#tldr : #TODO +**Resources**: +- https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point +- https://wiki.archlinux.org/title/Dnsmasq +- https://thekelleys.org.uk/dnsmasq/doc.html +- https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html +- https://thekelleys.org.uk/dnsmasq/docs/FAQ + + +## Configuring WiFi Access Point with NetworkManager + +NetworkManager can also be used to turn WiFi interface into Access Point. +The benefit of using NetworkManager in this scenario is the complete automation of WiFi, DHCP server and NAT configuration. + +### Disabling standalone dnsmasq service + +Dnsmasq is a lightweight DNS forwarder and DHCP server. +By default dnsmasq runs as a standalone service and will conflict with dnsmasq instance launched by NetworkManager. +To prevent the conflict, disable dnsmasq service by running the following commands: + +``` +systemctl disable dnsmasq +``` +``` +systemctl stop dnsmasq +``` + +For NetworkManager to run dnsmasq as a local caching DNS server, edit/create /etc/NetworkManager/NetworkManager.conf and add the following +```system +[main] +dns=dnsmasq +``` +#note: Maybe must disable #NetworkManager #dnsmasq and enable system service dnsmasq. diff --git a/notes/wiki/hostapd.md b/notes/wiki/hostapd.md index 4726b1a..b2713b8 100644 --- a/notes/wiki/hostapd.md +++ b/notes/wiki/hostapd.md @@ -1,3 +1,5 @@ +#tldr : #TODO + ```bash # For nl80211, this parameter can be used to request the AP interface to be # added to the bridge automatically (brctl may refuse to do this before hostapd diff --git a/notes/wiki/ip-forwarding.md b/notes/wiki/ip-forwarding.md new file mode 100644 index 0000000..8fa3cc6 --- /dev/null +++ b/notes/wiki/ip-forwarding.md @@ -0,0 +1,32 @@ +Resources: +[archwiki-internet-sharing](https://wiki.archlinux.org/title/Internet_sharing#Configuration) +[archwiki-sysctl](https://wiki.archlinux.org/title/Sysctl#Configuration) +[kernel-sysctl](https://www.kernel.org/doc/html/latest//networking/ip-sysctl.html) + +Remark: Many resources mention that all #firewall config should be executed in one go from a script. +They also mention to make sure to flush all previous rules/tables/chains before beginning the setup. +Order of rules matter. + +*Check current settings* +```bash +sudo sysctl -a | grep forward +``` + +# Config +``` +net.ipv4.conf.all.bc_forwarding = 0 # broadcast? +net.ipv4.conf.all.forwarding = 1 # Enable IP forwarding on this interface. +``` +Latter above controls whether packets received _on_ this (in this case on _all_) interface can be forwarded. + +``` +net.ipv4.conf.all.mc_forwarding = 0 # Multicast routing +``` +## Locations +### Preloaded + +# Tags +#firewall #nat +#sysctl +#ip-forwarding +#masquerading diff --git a/notes/wiki/iw.md b/notes/wiki/iw.md index b4e9544..357e4bb 100644 --- a/notes/wiki/iw.md +++ b/notes/wiki/iw.md @@ -1,4 +1,4 @@ -**TLDR**: show / manipulate wirless devices and their configs. +#tldr: show / manipulate wirless devices and their configs. # Commands used: - `iw list` shows extensive info about all wirless devices. diff --git a/notes/wiki/monitoring.md b/notes/wiki/monitoring.md index fc99af5..6875734 100644 --- a/notes/wiki/monitoring.md +++ b/notes/wiki/monitoring.md @@ -1,4 +1,4 @@ -***TLDR:*** How to monitor/sniff wifi network traffic of IoT Devices. Two strategies: +#tldr How to monitor/sniff wifi network traffic of IoT Devices. Two strategies: Use a wifi adapter to setup an #AP and have the devices connect to via that or use wifi card in monitor mode. # Funnel traffic via AP diff --git a/notes/wiki/nmcli.md b/notes/wiki/nmcli.md index f69e4fb..c2d07fc 100644 --- a/notes/wiki/nmcli.md +++ b/notes/wiki/nmcli.md @@ -1,5 +1,7 @@ -**TLDR:** Command line utility of [NetworkManager](https://networkmanager.dev) - +#tldr : Command line utility of [NetworkManager](https://networkmanager.dev) +Resources: +- https://wiki.archlinux.org/title/Software_access_point#NetworkManager_is_interfering +- https://wiki.archlinux.org/title/NetworkManager#Ignore_specific_devices Benefit: Automates setting up WiFi, DHCP server and NAT config, according to [here](https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point_with_NetworkManager). @@ -40,9 +42,12 @@ After modifying run sudo nmcli general reload ``` -Resources: https://wiki.archlinux.org/title/Software_access_point#NetworkManager_is_interfering and https://wiki.archlinux.org/title/NetworkManager#Ignore_specific_devices - - +Must avoid having conflicting [[dnsmasq]] instances between #systemd managed and #NetworkManager built in. + + +# Troubleshooting +## Wifi adapter not found anymor +See [[Tools]].