Sunday, October 05, 2008

Using wired connections from you tablet.

This hack was originally needed mainly because I am usually under a proxied network at work, and for some security issues this connection can not be broadcast'ed by access points or routers, but I do want my tablet connected to the same wired network of my desktop.

So that is my way of doing that:

1. On the desktop, setup an adhoc connection manually using the pc's wlan interface (eth1).
2. And enable ip_forward in order make it to bridge to the wired network interface (eth0).

For (1) and (2) I use to use the following bash script (to be ran as root):

modprobe iptable_nat
iwconfig eth1 essid tonikitoo mode ad-hoc key off
ifconfig eth1 10.0.0.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

3. Set an ad hoc connection in the tablet as following (sshots taken by using system's Connection Manager):

Note is to be replaced by whatever name here.

Note: the SSID (also 'tonikitoo' here) has to match to the essid value set in line #2 of the pc script above.
Also note the value 'ad hoc' in 'network mode'.
Note2: Set proper 'Security method' here.

If your wired connection is under a proxy, set the same proxy address for your adhoc (in Advanced Settings palette).
Note: if the wired network requires no proxy, just ignore this step.


Set your ip, router and dns.
note: 'IP address' has to be in the same network of 'Router'.
note2: The IP set in 'Router' has to match the IP set in line #3
of the pc script above.
note3: 'Primary DNS address' has to match your pc's one (run 'cat /etc/resolv.conf' on the pc to check that).

Maybe this can help someone else, maybe not ... Maybe someone wants the tablet to be adhoc'ed to his laptop and also sharing its connection (wired, ppp, usb), maybe not ...

--Antonio Gomes

8 comments:

timsamoff said...

Thanks! I'm going to try this out tomorrow. :)

Anonymous said...

"...and for some security issues this connection can not be broadcast'ed by access points or routers"

Maybe you should ask your administrator what he thinks about
circumventing his security measures ?

timsamoff said...

"Maybe you should ask your administrator what he thinks about circumventing his security measures ?"

You must not work for a large corporation. ;)

finite said...

Search victims who are actually interested in "Using wired connections from you tablet" will find the wiki page about USB networking more useful than this blog entry. It is also possible to use USB ethernet interfaces with the tablet...

Anonymous said...

> Maybe you should ask your administrator
> what he thinks about circumventing his security measures ?
IMHO there really should be *WIRED* connection (like usbnet) used or other solutions like VPN with authorisation + firewall rule to block everything but VPN traffic. This is to keep unwanted outsiders out of internal network!

Ad-Hoc+NAT definitely opens internal network for unwanted external guys like hackers, isn't it? At very most, Ad-Hoc usually can use WEP, which could be easily cracked. Hiding SSID or MAC restriction will not help too much, any advanced guy can deal with such dumb things using usual sniffer.

So, looks like internal network may get additional exposure for hacker attacks or get (ab)used by other people due to such actions. Since anyone with wi-fi capable devices around could really use internal network if they wish when such questionable setup in use (as for me, I have much more secure network even in my home).

On another hand administrators are guilty in putting too hard restrictions so people about to circumvent it. Good solution is SECURE access point using WPA security. As for me it looks like with this solution bad guy can break-n-enter through this link too and at least will gain access to internal network (and that's often worst admins horrors). Then, once in intranet, malicious person can do whatever he wants in intranet. For example, if there is some vulnerable server, it could get hacked. Or internet access could be (ab)used.

If I'm incorrect, all ok, just forget it.

Anonymous said...

> You must not work for a large corporation. ;)

As for me, such setup can't be recommended even in home network. Because if external people with malicious intentions can easily access internal network, bad things can happen. At least hacking attempts could happen (which could succeed sooner or later, especially if internal network not considered hostile and lots of devices like routers and others assume this). Also your internet access can be (ab)used so you can be held responsible for someone's else actions.

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.