### Target:
Perform IP forwarding for devices within the same local network. (The real target is transparent proxy but the IP forwarding is a prerequisite)
### Network setup:
All devices are in the same local network
192.168.0.0/16
.
- main router 192.168.1.1
- Android phone 192.168.2.1
(network interface wlan0
)
- computer 192.168.2.10
gateway set as 192.168.2.1
- others like Raspberry Pi at 192.168.1.11
### Android setup:
- Data disabled, only WiFi connects.
- rooted Android 10 (Pixel 2 XL)
- enabled ip forwarding by sysctl -w net.ipv4.ip_forward=1
- netfilter: on all tables of nat, mangle, filter and raw, run iptables -F -t
and iptables -X -t
- rp_filter: Disable by sysctl -w net.ipv4.conf.all.rp_filter=0
and sysctl -w net.ipv4.conf.wlan0.rp_filter=0
### Result:
- the computer cannot access to the Internet, ping
, dig
, browser, nothing works.
- the computer connects to local devices without any problem (like ping router 192.168.1.1
, SSH to the Raspberry Pi, or use FireFox through the SOCK5 proxy hosted on the Pi).
- Android phone connects to the Internet perfectly.
### Debug:
- using iptables -t -L -v
to show packet count, all chains have some packets, *except the FORWARD
chain of both raw
, mangle
tables shows Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
. After some googling, rp_filter is the suspect but I'm sure it's turned off.
Asked by Myles
(111 rep)
Nov 2, 2020, 03:10 PM
Last activity: Nov 3, 2020, 02:31 AM
Last activity: Nov 3, 2020, 02:31 AM