Friday, October 10, 2014

Access website throught icmp protocol -- ping

Hans is utils that we can create ip tunnel over icmp protocol

1- general information
server ip: 192.168.203.10
client ip: 192.168.203.4

2- install Hans on both server and client

$wget https://github.com/friedrich/hans/archive/master.zip
$ unzip master.zip
$ cd master 
$ make

3- run hans on server -- virtual network to communication between client/server is 172.16.0.0/24 and password is passwd
root@server # ./hans -r -s 172.16.0.0 -p passwd

4- connect to server from client
root@client #./hans -c 192.168.203.10 -p passwd

5- verify connection -- both client/server will have a new tun interface
server:

root@server:~/hans-master# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:34:0a:e3 
          inet addr:192.168.203.10  Bcast:192.168.203.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe34:ae3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8460 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4070 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4141842 (3.9 MiB)  TX bytes:1228966 (1.1 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:300 (300.0 B)  TX bytes:300 (300.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:172.16.0.1  P-t-P:172.16.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1467  Metric:1
          RX packets:825 errors:0 dropped:0 overruns:0 frame:0
          TX packets:665 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:77246 (75.4 KiB)  TX bytes:136206 (133.0 KiB)

client:
root@client# ifconfig eth0      Link encap:Ethernet  HWaddr 00:0c:29:70:9e:1a 
          inet addr:192.168.203.4  Bcast:192.168.203.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe70:9e1a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3049 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:487281 (475.8 KiB)  TX bytes:262476 (256.3 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:618 errors:0 dropped:0 overruns:0 frame:0
          TX packets:618 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:53693 (52.4 KiB)  TX bytes:53693 (52.4 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:172.16.0.102  P-t-P:172.16.0.102  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1467  Metric:1
          RX packets:1046 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1204 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:426827 (416.8 KiB)  TX bytes:116757 (114.0 KiB)



6- routing the traffic on new interface and add nat rule on server
client:
root@client# ip route del default
root@client# ip route add default dev tun0

server:
-- disable icmp reply 
root@server# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
-- NAT and all forwarding
root@server# echo 1 > /proc/sys/net/ipv4/ip_forward
root@server# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE



7- testing on client --  when accessing google.com the traffic will be generated on the new interface : ip -- 172.16.0.102


No comments:

Post a Comment