Questions[openwrt](server)

I'm looking to do a vulnerability research on products running on a variety of devices by intercepting their HTTPS traffic, but I don't want to modify the devices aside from installing a custom cert.

It seems SSLsplit does what I want, as it allows for "connections [to be] transparently intercepted through a network address translation engine and redirected to SSLsplit". From what I understand, these NAT rules don't have to be defined on the device that is running the application being MITM-ed, and I can customize iptables to redirect router traffic through SSLsplit on a device running Fruity Wifi or OpenWRT.

Is SSLsplit with modified iptables rules sufficient and a reasonable way to go about this, or would I have to modify other parts of the Linux networking system, as well?

NOTE : The system I am trying to build requires devices to have a cert installed to the trusted root store to "opt in" to this interception. I am not trying to build a system to intercept arbitrary traffic from unwilling devices.

I've got a WBMR-HP-G300H Buffalo Airstation router on which I've installed the lates OpenWRT software.

All is working well (ADSL, WIFI etc) except for one niggle. I can't communicate between lan ports. i.e. if I have one computer connected on lan port 1 and I try to ping another computer on lan port 2 then I get "destination unreachable".

I can ping both computers from the router itself and can also ping each computer from a seperate laptop connected wirelessly. All computers are in the same subnet range (10.0.0.?/24).

I suspect that I may need to configure a vlan on the switch but everytime I try and do this with various google'ed configuration I keep freezing out all lan-ports and I have to revert back using a wirelessly connected laptop.

Here's my /etc/config/network:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '10.0.0.1'
        option _orig_ifname 'eth0 wlan0'
        option _orig_bridge 'true'
        option ifname 'eth0'

config adsl-device 'adsl'
        option fwannex 'a'
        option annex 'a2p'

config interface 'wan'
        option _orig_ifname 'nas0'
        option _orig_bridge 'false'
        option proto 'pppoa'
        option encaps 'vc'
        option atmdev '0'
        option vci '38'
        option vpi '0'
        option username '?????????????'
        option password '??????????????'

Any help would be warmly received.

Here's some more config stuff.

root@OpenWrt:~# ifconfig -a
br-lan    Link encap:Ethernet  HWaddr 00:24:A5:BD:66:08  
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:226576 errors:0 dropped:346 overruns:0 frame:0
          TX packets:269292 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:26771676 (25.5 MiB)  TX bytes:183986450 (175.4 MiB)

eth0      Link encap:Ethernet  HWaddr 00:24:A5:BD:66:08  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ifb0      Link encap:Ethernet  HWaddr 36:60:EC:DF:13:A1  
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ifb1      Link encap:Ethernet  HWaddr 4A:7B:75:67:54:E0  
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:58369 (57.0 KiB)  TX bytes:58369 (57.0 KiB)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-24-A5-BD-66-08-00-48-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2424 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:320188 (312.6 KiB)  TX bytes:0 (0.0 B)

pppoa-wan Link encap:Point-to-Point Protocol  
          inet addr:81.136.179.204  P-t-P:81.134.80.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:258894 errors:0 dropped:0 overruns:0 frame:0
          TX packets:212976 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:177341656 (169.1 MiB)  TX bytes:25192459 (24.0 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:24:A5:BD:66:08  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:204063 errors:0 dropped:0 overruns:0 frame:0
          TX packets:245516 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:26613140 (25.3 MiB)  TX bytes:162799765 (155.2 MiB)

root@OpenWrt:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          8000.0024a5bd6608       no              wlan0
                                                        eth0
root@OpenWrt:~# swconfig dev eth0 show
Global attributes:
        enable_vlan: 0
Port 0:
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        pvid: 0
        link: port:1 link:down
Port 2:
        pvid: 0
        link: port:2 link:down
Port 3:
        pvid: 0
        link: port:3 link:down
Port 4:
        pvid: 0
        link: port:4 link:up speed:100baseT full-duplex txflow rxflow auto
Port 5:
        pvid: 0
        link: port:5 link:up speed:100baseT full-duplex txflow rxflow auto

Regards Mark.

Is it possible to map 2 different MAC addresses to the same IP address?

For my backup, I need to connect back from the server to the portable, and I would like to have the same IP both for the wireless and the wired interface.

The openwrt web interface doesn't accept multiple dhcp entries with the same IP address, but perhaps there is a workaround?

Clarification added on 23 may:

I should have made it clear that only one of the network interfaces of the portable is connected to the network at any given time (hence switches shouldn't get confused). Initially I had 2 distinct IP addresses assigned to the interfaces, with the same DNS name, but this didn't work very well (timeouts when I got the wrong IP). Yet I want to use the same name for both, as it is hard-coded in my backup script.

Sorry for the confusion.

how to get a list of the connected wifi clients in OpenWrt 10.03?

I've noticed that some embedded devices (such as OpenWRT, which runs on Busybox) use rdate to set the system time, instead of NTP. Rdate is an older time protocol, and I'm having trouble finding any working rdate servers in the United States.

Is it possible to for rdate to sync the time with NTP time servers?