Activation Codes and Methods, Hardware Details, Sniffing
Post Reply
mirkok
Posts: 4
Joined: Thu Nov 01, 2018 8:41 am

Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by mirkok » Thu Nov 01, 2018 9:24 am

Good day!

Few weeks ago I brought the following webstick that shows a strange problem on Linux Mint 19 64bit with usb_modeswitch 2.5.2.

Huawei 3131h-2
IMEI: 862570025665489
IMSI/ESN: 262011100370924
12d1:15ca Huawei Technologies Co., Ltd. E3131 3G/UMTS/HSPA+ Modem (Mass Storage Mode)
12d1:1506 Huawei Technologies Co., Ltd. Modem/Networkcard


On Win7 the network connection gets a local IP from the 10.*.*.* range, but on Linux, the PPP connection gets the public IP from the german Telekom net:

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 37.85.xxx.xxx netmask 255.255.255.255 destination 0.0.0.0
ppp txqueuelen 3 (Punkt-zu-Punkt-Verbindung)
RX packets 1691 bytes 1545382 (1.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1335 bytes 124910 (124.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

It seems, that the builtin NAT-Router is not enabled or that the device is set to some pure modem mode.

Googling suggests that the E3131 has a web-server on 192.168.1.1 builtin for the configuration, but this one doesn't seem to have it. I tried on several Linux systems and on Win7. Further, on Windows, there is no “Remote NDIS based Internet Sharing Device” in the Network section of the device manager and no uninitalized or unconfigured relevant devices.


Does somebody know what's going on and how I can enable NAT?

Thanks for your time!

mirkok
Posts: 4
Joined: Thu Nov 01, 2018 8:41 am

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by mirkok » Thu Nov 01, 2018 3:59 pm

Here's more info:

I'd be *very* gracefully for any idea. This really makes me nervous (iptables reports quite a number of blocked connection attempts from the outside).

# can connect, but gives public IP
sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011062000000100000000000000000000

# can't connect, forum says it's RNDIS (windows) mode
sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011060000000000000000000000000000

# can connect, but gives public IP, forum says it's Serial/PPP mode
# switches the devices to "Bus 002 Device 105: ID 12d1:1001 Huawei Technologies Co., Ltd. E169/E620/E800 HSDPA Modem"
sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011063000000100010000000000000000

# can't connect
sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011061000000100000000000000000000

# can connect, but gives public IP
usb-devices after sudo usb_modeswitch -v 12d1 -p 15ca -M '55534243123456780000000000000a11062000000000000100000000000000'


# sudo lsusb -v -d 12d1:

Code: Select all

Bus 002 Device 120: ID 12d1:15ca Huawei Technologies Co., Ltd. E3131 3G/UMTS/HSPA+ Modem (Mass Storage Mode)
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol       255 
  bMaxPacketSize0        64
  idVendor           0x12d1 Huawei Technologies Co., Ltd.
  idProduct          0x15ca E3131 3G/UMTS/HSPA+ Modem (Mass Storage Mode)
  bcdDevice            1.02
  iManufacturer           1 HUAWEI
  iProduct                2 HUAWEI Mobile
  iSerial                 3 FFFFFFFFFFFFFFFF
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           32
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0xa0
      (Bus Powered)
      Remote Wakeup
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         8 Mass Storage
      bInterfaceSubClass      6 SCSI
      bInterfaceProtocol     80 Bulk-Only
      iInterface              4 Mass Storage
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               1
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol       255 
  bMaxPacketSize0        64
  bNumConfigurations      1
Device Status:     0x0001
  Self Powered


usb-devices after plugin

T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=116 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=ff MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=15ca Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
S: SerialNumber=FFFFFFFFFFFFFFFF
C: #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage



usb-devices after sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011062000000100000000000000000000

T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=115 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=1506 Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=01 Driver=option
I: If#= 1 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=02 Prot=16 Driver=option
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=03 Driver=option
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=02 Driver=option
I: If#= 4 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
I: If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage




usb-devices after sudo usb_modeswitch -v 12d1 -p 15ca -M '55534243123456780000000000000a11062000000000000100000000000000'

T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=117 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=1506 Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=01 Driver=option
I: If#= 1 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=02 Prot=16 Driver=option
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=03 Driver=option
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=02 Driver=option
I: If#= 4 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
I: If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage

LOM
Posts: 1286
Joined: Wed Jul 11, 2012 3:14 pm
Location: Koh Samui, TH

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by LOM » Thu Nov 01, 2018 7:51 pm

mirkok wrote:
usb-devices after sudo usb_modeswitch -v 12d1 -p 15ca -V 12d1 -P 1506 -M 55534243123456780000000000000011062000000100000000000000000000

T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=115 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=1506 Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=01 Driver=option
I: If#= 1 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=02 Prot=16 Driver=option
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=03 Driver=option
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=02 Driver=option
I: If#= 4 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
I: If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage




usb-devices after sudo usb_modeswitch -v 12d1 -p 15ca -M '55534243123456780000000000000a11062000000000000100000000000000'

T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=117 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=1506 Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=01 Driver=option
I: If#= 1 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=02 Prot=16 Driver=option
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=03 Driver=option
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=02 Driver=option
I: If#= 4 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
I: If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage

Interface #1 in the listings above is not an option serial interface, it is the direct network interface which should have been claimed by the linux huawei_cdc_ncm driver.

Remove any manual loading of the option driver that you have made by using the new_id function, the option driver knows which interfaces it should bind to and does not need any manual intervention.

There is also no need for you to manually invoke usb_modeswitch, 12d1:15ca is a known usb id which usb_modeswitch has a device config file for and will use when the modem is detected on the usb bus.

mirkok
Posts: 4
Joined: Thu Nov 01, 2018 8:41 am

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by mirkok » Thu Nov 01, 2018 10:43 pm

Thanks, there was indeed some option set, but all of this happened *after* the problem arose. Actually, the stick presented this behaviour from the beginning on, and that I was setting options and doing manual usb_modeswitch calls, was only to solve the initial problem. The Mint installation is brand new, but just to be sure, I tried from a LiveCD (USB actually) with definitely no changes whatsoever.

Now, this is from the LiveMedia:

T: Bus=02 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=12d1 ProdID=1506 Rev=01.02
S: Manufacturer=HUAWEI
S: Product=HUAWEI Mobile
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=01 Driver=option
I: If#= 1 Alt= 1 #EPs= 3 Cls=ff(vend.) Sub=02 Prot=16 Driver=huawei_cdc_ncm
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=03 Driver=option
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=02 Prot=02 Driver=option
I: If#= 4 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
I: If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage

But still, the IP is the public one:

wwx001e101f0000: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 37.81.xx.xx netmask 255.255.255.248 broadcast 37.81.xx.xx
ether 00:1e:10:1f:00:00 txqueuelen 1000 (Ethernet)
RX packets 23 bytes 2597 (2.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3320 (3.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

LOM
Posts: 1286
Joined: Wed Jul 11, 2012 3:14 pm
Location: Koh Samui, TH

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by LOM » Fri Nov 02, 2018 2:06 am

I don't see any problem in you getting a public ip address, many users who only get a private ip address wants a public one instead and some providers charge extra for that or don't allow it at all.

There is no NAT router built into the E3131 and there is no web server in it, that is only used in Huawei devices which have a built in wifi access point. E3131 is instead managed over one of the serial interfaces.

(It may be that Windows is using the modem in ppp dialup mode with the built in ppp server giving a dummy (private) ip address.)

mirkok
Posts: 4
Joined: Thu Nov 01, 2018 8:41 am

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by mirkok » Fri Nov 02, 2018 7:12 am

Hmm, Ok. Thing is, I have a Huawei E160E from another carrier, and that one certainly contains an NAT router.

Not to get to much OT, but I have been behind NAT for some 15 years and am very nervous about the blocked incoming connection attempts. They come from all over the world with a frequency of two or three per minute, probably controlled by a botnet.

Nov 02 06:04:08 wizbox kernel: [UFW BLOCK] IN=wwx001e101f0000 OUT= MAC=00:1e:10:1f:00:00:4c:54:99:45:e5:d5:08:00 SRC=194.28.112.51 DST=37.80.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38137 PROTO=TCP SPT=53168 DPT=63866 WINDOW=1024 RES=0x00 SYN URGP=0

When I shortly allow them, I see that those are pretty simple SSH password list attacks.

Okt 28 19:41:12 wizbox sshd[18153]: Failed password for root from 103.89.90.170 port 49710 ssh2
Okt 28 19:41:12 wizbox sshd[18153]: Received disconnect from 103.89.90.170 port 49710:11: Closed due to user request. [preauth]
Okt 28 19:41:12 wizbox sshd[18153]: Disconnected from authenticating user root 103.89.90.170 port 49710 [preauth]


Although, only my normal user is allowed to connect per SSH, I wonder how serious that is?

LOM
Posts: 1286
Joined: Wed Jul 11, 2012 3:14 pm
Location: Koh Samui, TH

Re: Huawei 3131h-2 does not do NAT and ppp0 gets the public IP

Post by LOM » Sat Nov 03, 2018 3:53 pm

mirkok wrote:Hmm, Ok. Thing is, I have a Huawei E160E from another carrier, and that one certainly contains an NAT router.
E160E is an old and slow device, it does not have any direct ethernet interfaces and can only connect via ppp serial dialup.
Looks like the ppp server in the modem also here gives out a private ip address.

Your E3131 has 3 serial interfaces and by using them instead of the huawei_cdc_ncm interface you should be able to do an old-fashioned ppp serial dialup connection.

Post Reply