iptables troubles: preparing for access point

**u-995** · 2014-01-18

Hi guys,

I know there are other threads concerning this issue, but all setups & configurations differ. I think & i've been at it too long :s

This is the setup:

I have a public IP. Behind that IP there is NAT ( ISP router on 192.168.0.1/24) with my windows host machine (192.168.0.2/24), my Kali VM in bridged mode (eth0 192.168.0.100/24)
In this Kali machine i have a second interface, connected to a virtual box internal network (eth1 192.168.2.1/24).
On eth1 I have isc-dhcp-server handing out ip's (this works perfect).
On the virtual box internal network i also have a virtual XP-machine (192.168.2.54/24) ... which gets an ip from isc ...

From withing the XP machine i can ping & tracert 8.8.8.8, but i can't browse the internet in a browser. When i type in the IP of a website it changes the ip to the domain name,but cannot display it.

How can I get the XP to have normal internet access? (if this works, i can move from eth1 to at0 to have a wiress access point ...)

Code:

root@kali:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:88:b2:cf  
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe88:b2cf/64 Scope:Link
          inet6 addr: 2a02:1812:1005:5500:a00:27ff:fe88:b2cf/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1564 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:187843 (183.4 KiB)  TX bytes:11464 (11.1 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:e4:7e:30  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee4:7e30/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1205 errors:0 dropped:0 overruns:0 frame:0
          TX packets:485 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:108379 (105.8 KiB)  TX bytes:66723 (65.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:86274 errors:0 dropped:0 overruns:0 frame:0
          TX packets:86274 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14511953 (13.8 MiB)  TX bytes:14511953 (13.8 MiB)

Code:

root@kali:~# cat /etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 6000;
max-lease-time 7200;
authoritative;
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8;
range 192.168.2.51 192.168.2.100;
}

I think, i am pretty sure the problem is within the iptables setup ... i have tried a lot of things, but none works, and now a certain saturation point of utterly frustration has reached a maximum.

Code:

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.2.1
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

THANKS GUYS !!!

PS: Why do i need nat? I'm already on a nat network (NAT happens from public ip to 192.168.0.0 ? )

Thread: iptables troubles: preparing for access point

Thread Tools

Search Thread

Display

Threaded View

iptables troubles: preparing for access point

Similar Threads

fake access point clients can not access internet

Posting Permissions