I'm trying to use ettercap bridge mode on a gateway computer with two Ethernet card but when I start it the inter net on my local network stop working. Thr forwarding is disabled by ettercap.
I followed all the instructions on internet on setting up the Ettercap.

kali-gateway.jpg

These are my steps:
1- Install Kali
2- Update

Code:
apt-get update
apt-get install
3- Setup static ip for both interfaces eth0 (this is plugged to internet) and eth1 (this is local network)
Modify this file for ip addresses
/etc/network/interfaces

Code:
allow-hotplug eth0
	iface eth0 inet static
        address 192.168.1.86
        netmask 255.255.255.0
        gateway 192.168.1.1

allow-hotplug eth1
iface eth1 inet static
        address 192.168.2.10
        netmask 255.255.255.0
        gateway 192.168.1.1
4- forward local network eth1 (192.168.2.0/24) to public internet eth0
Edit the file:
/etc/sysctl.conf

Code:
net.ipv4.ip_forward = 1
also manually activate the forwarding
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward

5- firewall table redirect:

Code:
iptables -P INPUT ACCEPT
iptables -F INPUT 
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT 
iptables -P FORWARD DROP
iptables -F FORWARD 
iptables -t nat -F

iptables -A FORWARD -o eth0 -i eth1 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Afther these setups all my computers on local network (eth1) is connected to public (eth0), from any of my local computer I'm be able to open a web page and use internet.
With wireshark I can find and track the packets and everything looks correct.

I use the ettercap 0.7.6 which came with kali linux.

Test A:
I read somewhere that in bridge mode we don't need to activate redir_command_on in etter.conf, so my first test was just changing the:
/etc/ettercap/etter.conf

Change
Code:
ec_uid = 65534
ec_gid = 65534
To

Code:
ec_uid = 0
ec_gid = 0
Start ettercap test:

Code:
ettercap -Tq -i eth0 -B eth1 // //
As soon as ettercap starts the local network disconnected from the internet.
I tried to change eth0 and eth1 in the command but no difference.

Code:
ettercap -Tq -i eth1 -B eth0 // //
The only way of keeping the internet in our local network is to re activate ip forward in a separate terminal

Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
It's handing the forwarding responsibility back to the kernel. It's ok if you just want to sniff on the network. But in order to use filters and change the data while it's passing, it shouldn’t go trough kernel.

Test B:
I did same "Test A" but this time I activate redir_command_on in etter.conf
/etc/ettercap/etter.conf
Change

Code:
# if you use iptables:
   #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
To

Code:
# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
And I repeat same Test A

Code:
ettercap -Tq -i eth0 -B eth1 // //
Or

Code:
ettercap -Tq -i eth1 -B eth0 // //
Same result, as soon as ettercap starts the local internet disconnected.

Test C
Creating simple filter and use in ettercap bridge mode

/etc/ettercap/myfilter.txt
Code:
if (ip.proto == TCP && search(DATA.data, "ethercap") ) {   
   replace("ethercap", "ettercap");
   msg("Correctly replaced.\n");
}
Convert filter to ettercap format:

Code:
cd /etc/ettercap
etterfilter myfilter.txt -o myfilter.ef
Another test

Code:
ettercap -Tq -F myfilter.ef -i eth1 -B eth0 // //
Same thing happens, the internet stop working on local network. If I reactivate forwarding in a separate terminal window, it will start the internet on my local network and when I open a sample website with the misspelling on it I will see the "Correctly replaced." message, but since kernel is handling the forwarding the content on the website where not corrected and actual unchanged packets were transfer to my browser.
I'm looking to a way to make ettercap handling forwarding without activating it on separate terminal.
Any solution to make this works.


My system specs:
Code:
sudo cat /etc/issue
Kali GNU/Linux 1.0 \n \l
Code:
sudo uname -a
Linux kali 3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux
Code:
cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Pentium(R) 4 CPU 2.00GHz
stepping : 4
microcode : 0x1e
cpu MHz : 2020.043
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pebs bts
bogomips : 4040.08
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 32 bits virtual
power management:


Any solution to make this works.

Thanks in advance