Android Enthusiasts
Q&A for enthusiasts and power users of the Android operating system
Latest Questions
0
votes
0
answers
68
views
Allow only LAN access for WiFi and route rest via mobile data
I have a rooted device, and I want to use the internet via mobile data and let the LAN access via WiFi, but when the WiFi is connected, the gateway changes to WiFi. I have read similar answers like [this][1] which uses `iptables`, but I couldn’t get it working — likely due to my limited experience w...
I have a rooted device, and I want to use the internet via mobile data and let the LAN access via WiFi, but when the WiFi is connected, the gateway changes to WiFi.
I have read similar answers like this
which uses
iptables, but I couldn’t get it working — likely due to my limited experience with iptables. Some suggested using AFWall+ and NetGuard, but that too didn't work.
Now, I have managed to set up IPv4 access (i.e., I could access any IPv4 sites), and local access is also set, but only IPv6 is a problem now. I could ping IPv6 addresses, but for example, if I visit facebook.com, it wouldn't work. While modifying the hosts file to
2a03:2880:f184:186:face:b00c:0:25de www.facebook.com
works, I need it to be done automatically by the default DNS server
Would really appreciate it if someone could help me with it.
amgine
(1 rep)
Apr 30, 2025, 08:43 AM
• Last activity: May 2, 2025, 04:34 PM
0
votes
0
answers
234
views
Firewall on an Android hotspot
So my idea for a project is a firewall for Android hotspot. Like on routers you can block access to certain websites, I want to implement it in Android. In settings, system can only limit number of connected users. There aren't advanced options (I'm using Android 13). So if I for example block insta...
So my idea for a project is a firewall for Android hotspot. Like on routers you can block access to certain websites, I want to implement it in Android. In settings, system can only limit number of connected users. There aren't advanced options (I'm using Android 13).
So if I for example block instagram on my firewall, the devices connected to my mobile hotspot won't be able to access it. Like a parental control.
I know I probably must root my phone for this, but it's no problem. The answers I read were old and I didn't find any specific instructions. People recommended using hosts file or iptables but I'm not sure it would work if the request isn't directly from my phone. Downloaded a few blockers but they also fail, or doesn't even have options to do this.
So the main question is, is it possible ? I wanted to ask before I start digging in my phone.
Information I found: https://android.stackexchange.com/questions/214660/is-there-a-way-to-set-up-a-firewall-on-mobile-hotspot-to-block-incoming-connecti
https://www.reddit.com/r/AndroidQuestions/comments/ihjrbv/mobile_hotspot_allow_only_one_website/
How to use iptables in an Android application
https://android.stackexchange.com/questions/144422/create-wifi-hotspot-but-block-access-certain-domains
https://android.stackexchange.com/questions/195351/how-to-block-a-particular-website
https://android.stackexchange.com/questions/149381/how-to-block-filter-sites-on-mobile-data-connection-preferably-using-dns-server/219405#219405
https://android.stackexchange.com/questions/16485/how-to-block-access-to-a-website/218316#218316
szymek349
(1 rep)
Oct 7, 2024, 04:07 PM
4
votes
2
answers
20081
views
How to send all internet traffic to a SOCKS5 proxy server in local network?
I got the inspiration [here][1]. It looks like AFWall+ is able to create a NAT forwarding policy to keep all traffic going through a SOCKS5 proxy and fool Google apps into thinking they are not connected via a VPN (Google apps implement additional security measures when connecting via `VPNService` a...
I got the inspiration here . It looks like AFWall+ is able to create a NAT forwarding policy to keep all traffic going through a SOCKS5 proxy and fool Google apps into thinking they are not connected via a VPN (Google apps implement additional security measures when connecting via
VPNService and if you are in China you will not pass the security check - the security check requests don't go through VPN, so they will EOF because GFW will kill these requests, read more here ).
So my question is, if let's say I have a socks5 server running at 192.168.1.1:1088 which tunnels all connections via vmess protocol (aka V2Ray) to remote servers in the US, how do I create my custom script? I have tried:
IP6TABLES=/system/bin/ip6tables
IPTABLES=/system/bin/iptables
ULIMIT=/system/bin/ulimit
PORT=1088
SERVER=192.168.1.1
$ULIMIT -n 4096
$IP6TABLES -F
$IP6TABLES -A INPUT -j DROP
$IP6TABLES -A OUTPUT -j DROP
$IPTABLES -t nat -F OUTPUT
$IPTABLES -t nat -A OUTPUT -o lo -j RETURN
$IPTABLES -t nat -A OUTPUT -d 127.0.0.1 -j RETURN
$IPTABLES -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $SERVER:$PORT
$IPTABLES -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $SERVER:$PORT
$IPTABLES -t nat -A OUTPUT -p tcp -j DNAT --to-destination $SERVER:$PORT
$IPTABLES -t nat -A OUTPUT -p udp -j DNAT --to-destination $SERVER:$PORT
Aero Windwalker
(1124 rep)
Feb 20, 2020, 02:35 AM
• Last activity: Jun 19, 2024, 05:43 AM
0
votes
0
answers
105
views
veth peer with netns in android
How I can create veth with netns in android, with internet connection. What I try: ``` sudo ip netns add client sudo ip link add veth0 type veth peer name veth1 sudo ip link set veth1 netns client sudo ip addr add 10.1.1.1/24 dev veth0 sudo ip link set veth0 up sudo ip netns exec client ip addr add...
How I can create veth with netns in android, with internet connection.
What I try:
sudo ip netns add client
sudo ip link add veth0 type veth peer name veth1
sudo ip link set veth1 netns client
sudo ip addr add 10.1.1.1/24 dev veth0
sudo ip link set veth0 up
sudo ip netns exec client ip addr add 10.1.1.2/24 dev veth1
sudo ip netns exec client ip link set veth1 up
sudo ip netns exec client ip link set lo up
sudo ip netns exec client ip route add default via 10.1.1.1 dev veth1 # unsure but ok to add
iptables -t mangle -I OUTPUT -s 10.1.1.0/24 -j MARK --set-mark 1000 # work ping from client to main host
ip rule add from 10.1.1.0/24 iif veth0 table 1000
ip route add default via 10.1.1.1 dev veth0 table 1000 # delete ok no effect
ip route add 10.1.1.0/24 dev veth0 proto kernel scope link src 10.1.1.1 table 1000
ip route add 192.168.1.0/24 dev wlan0 proto kernel scope link src 10.1.1.1 table 1000
ip route del 10.1.1.0/24 dev veth0 proto kernel scope link src 10.1.1.1 # delete default route bcs moved to table
ip rule add fwmark 1000 table 1000
ip rule add fwmark 1000 lookup 1000
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o wlan0 -j MASQUERADE #important
iptables -A FORWARD -i veth0 -o wlan0 -j ACCEPT #unsure bcs no log reported
iptables -A FORWARD -o veth0 -i wlan0 -j ACCEPT #unsure bcs no log reported:/ # ip netns exec client ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.201 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.272 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.251 ms# ping -I veth0 10.1.1.2
PING 10.1.1.2 (10.1.1.2) from 10.1.1.1 veth0: 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.189 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.255 ms# ping -I veth0 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from 10.1.1.1 veth0: 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=59.3 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=43.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=40.2 ms
^C
--- 1.1.1.1 ping statistics ---curl --interface veth0 1.1.1.1 -v
* Trying 1.1.1.1:80...
* socket successfully bound to interface 'veth0'
* connect to 1.1.1.1 port 80 from 10.1.1.1 port 39076 failed: No route to host
* Failed to connect to 1.1.1.1 port 80 after 3073 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to 1.1.1.1 port 80 after 3073 ms: Couldn't connect to server
~ $
Anas
(111 rep)
May 31, 2024, 12:45 AM
2
votes
1
answers
8588
views
How to enable IP forwarding in Android?
In Linux, we can # echo 1 > /proc/sys/net/ipv4/ip_forward or # sysctl -w net.ipv4.ip_forward=1 There is no `sysctl` command nor `/proc/sys/net/ipv4/ip_forward` file in Android. Is there an equivalent operation in Android?
In Linux, we can
# echo 1 > /proc/sys/net/ipv4/ip_forward
or
# sysctl -w net.ipv4.ip_forward=1
There is no
sysctl command nor /proc/sys/net/ipv4/ip_forward file in Android.
Is there an equivalent operation in Android?
ibrahim
(21 rep)
Dec 9, 2015, 03:06 PM
• Last activity: May 25, 2024, 01:44 PM
0
votes
1
answers
416
views
Adding iptables extensions
After a huge hustle I managed to compile the xt_DSCP.ko kernel module and it can be loaded with no errors. ``` :/ $ su :/ # insmod /sdcard/xt_DSCP.ko :/ # ``` I also managed to pull `iptables` external from androidgooglesource and managed to build `iptables 1.8.4`(same version packaged with the devi...
After a huge hustle I managed to compile the xt_DSCP.ko kernel module and it can be loaded with no errors.
:/ $ su
:/ # insmod /sdcard/xt_DSCP.ko
:/ #iptables external from androidgooglesource and managed to build iptables 1.8.4(same version packaged with the device) with --enables-static --disable-shared which bundled all extensions inside the executable.
Now expecting everything to go smoothly I get this error when I try to use the DSCP target
:/ $ su
:/ # export T=/data/local/iptables/sbin/iptables
:/ # $T -t mangle -A OUTPUT -p udp -j DSCP --set-dscp 0
iptables v1.8.4 (legacy): unknown option "--set-dscp"
Try `iptables -h' or 'iptables --help' for more information.
2|:/ #chmod -R 777 /data/local/iptables and chown -R 0:2000 /data/local/iptables. I have also tried moving libxt_DSCP.so to /system/lib and system/lib64 but with no avail.
I have hit a wall I'm not sure I will be able to climb. External iptables was built with autotools using Android NDK r25c. Help will be greatly appreciated.
OS specifics:
Model-name: Galaxy M12(rooted with magisk)
Android-version: 11(stock)
Kernel-version: 4.19.111-22482896
Silent
(121 rep)
Jun 9, 2023, 01:43 PM
• Last activity: Jun 10, 2023, 06:05 PM
-1
votes
1
answers
990
views
Access iptables logs on Android
I'm attempting to diagnose a packet forwarding issue on my Android 9 phone. I've added a `-j LOG` rule to my `FORWARD` chain. How can I access the logged messages? According to [this guide](https://tecadmin.net/enable-logging-in-iptables-on-linux/), I first need to alter the syslog configuration fil...
I'm attempting to diagnose a packet forwarding issue on my Android 9 phone. I've added a
-j LOG rule to my FORWARD chain. How can I access the logged messages?
According to [this guide](https://tecadmin.net/enable-logging-in-iptables-on-linux/) , I first need to alter the syslog configuration file which is either at /etc/syslog.conf or /etc/rsyslog.conf. However, neither of those files exist on my phone.
August Vrubel
(161 rep)
Feb 13, 2023, 03:50 PM
• Last activity: Feb 13, 2023, 06:06 PM
2
votes
0
answers
276
views
Why is the 'iptables' target 'NFLOG" not sending log messages to the Kernel?
I recently started using an old cell phone, Samsung Galaxy J7 model SM-J700M. I rooted it, flashed LineageOS and installed a SIM card and it works just fine. I decided to work on a script with iptables rules, run it and noticed there are a few problems. The 'iptables' target 'LOG' gives an error mes...
I recently started using an old cell phone, Samsung Galaxy J7 model SM-J700M. I rooted it, flashed LineageOS and installed a SIM card and it works just fine. I decided to work on a script with iptables rules, run it and noticed there are a few problems. The 'iptables' target 'LOG' gives an error message when used, then I use 'NFLOG' but it doesn't send any log messages to the kernel when packets traverse it. I thought maybe some modules are not loaded.
I used the command 'lsmod':
j7elte:/ # lsmod
lsmod: No file /proc/modules: No such file or directory
1|j7elte:/ #
Then I played around with 'modprobe':
j7elte:/ # modprobe -a
modprobe: No file /proc/modules: No such file or directory
1|j7elte:/ #
What I can tell is, that the kernel is missing a whole lot of things. I was never good with the Android or the kernel.
How can I get the 'iptables' target 'NFLOG' to send messages to the kernel so that they appear after using 'dmesg' or 'adb logcat'?
Here is a snippit of 'logcat':
02-14 01:17:00.937 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:00.937 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:01.242 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:01.251 5245 5245 W sh : type=1400 audit(0.0:906): avc: denied { read } for name="mediaserver" dev="mmcblk0p20" ino=704 scontext=u:r:shell:s0 tcontext=u:object_r:mediaserver_exec:s0 tclass=file permissive=0
02-14 01:17:01.251 5245 5245 W sh : type=1300 audit(0.0:906): arch=40000028 syscall=334 per=8 success=no exit=-13 a0=ffffff9c a1=e7723060 a2=4 a3=0 items=0 ppid=2437 auid=4294967295 uid=2000 gid=2000 euid=2000 suid=2000 fsuid=2000 egid=2000 sgid=2000 fsgid=2000 ses=4294967295 tty=(none) exe="/system/bin/sh" subj=u:r:shell:s0 key=(null)
02-14 01:17:01.251 2298 2298 W auditd : type=1327 audit(0.0:906): proctitle=2F73797374656D2F62696E2F7368002D63006578706F727420414E44524F49445F4C4F475F544147533D222727223B2065786563206C6F67636174
02-14 01:17:01.251 2298 2298 W auditd : type=1320 audit(0.0:906):
02-14 01:17:01.291 5245 5245 W logcat : type=1400 audit(0.0:907): avc: denied { read } for name="mediaserver" dev="mmcblk0p20" ino=704 scontext=u:r:shell:s0 tcontext=u:object_r:mediaserver_exec:s0 tclass=file permissive=0
02-14 01:17:01.291 5245 5245 W logcat : type=1300 audit(0.0:907): arch=40000028 syscall=334 per=8 success=no exit=-13 a0=ffffff9c a1=f77230a0 a2=4 a3=0 items=0 ppid=2437 auid=4294967295 uid=2000 gid=2000 euid=2000 suid=2000 fsuid=2000 egid=2000 sgid=2000 fsgid=2000 ses=4294967295 tty=(none) exe="/system/bin/logcat" subj=u:r:shell:s0 key=(null)
02-14 01:17:01.938 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:01.938 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:02.244 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:02.939 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:02.940 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:03.247 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:03.941 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:03.941 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:04.249 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:04.291 2400 2400 W health@2.0-serv: type=1400 audit(0.0:908): avc: denied { read } for name="type" dev="sysfs" ino=12556 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
02-14 01:17:04.291 2400 2400 W health@2.0-serv: type=1300 audit(0.0:908): arch=40000028 syscall=322 per=8 success=no exit=-13 a0=ffffff9c a1=f6b11360 a2=a8000 a3=0 items=0 ppid=1 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) exe="/system/vendor/bin/hw/android.hardware.health@2.0-service" subj=u:r:hal_health_default:s0 key=(null)
02-14 01:17:04.291 2298 2298 W auditd : type=1327 audit(0.0:908): proctitle="/vendor/bin/hw/android.hardware.health@2.0-service"
02-14 01:17:04.291 2298 2298 W auditd : type=1320 audit(0.0:908):
02-14 01:17:04.324 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:04.325 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:04.650 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:04.941 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:04.942 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:05.252 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:05.944 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:05.944 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:06.254 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:06.944 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:06.945 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:07.256 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:07.945 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:07.945 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:08.259 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:08.947 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:08.947 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:09.261 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:09.948 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:09.948 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:10.264 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:10.966 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:10.966 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
02-14 01:17:11.266 2417 4576 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] HWC_2_GLES by low FPS(3)
02-14 01:17:11.967 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] first frame after HWC_2_GLES
02-14 01:17:11.967 2417 2417 I display : [PrimaryDisplay] [DYNAMIC_RECOMP] GLES_2_HWC by high FPS(5)
Joel Vázquez
(21 rep)
Nov 24, 2022, 09:12 PM
• Last activity: Nov 25, 2022, 04:18 AM
0
votes
1
answers
236
views
How to modify the IP packet destination IP address in Android?
Here, I can type this in **Termux** ```bash su iptables -I OUTPUT -d 1.2.3.4 -j REJECT iptables-save ``` to reject the packet so as to forbid the Application to visit a certain host. It works well. However, now I want to make the Application **thinks it is visiting 1.2.3.4 but it is visiting 5.6.7.8...
Here, I can type this in **Termux**
su
iptables -I OUTPUT -d 1.2.3.4 -j REJECT
iptables-save
kxdkxd
Nov 16, 2022, 02:35 PM
• Last activity: Nov 17, 2022, 09:00 AM
1
votes
0
answers
166
views
Opening iptables for initial Android setup blocks connectivity
I installed an AOSP Android 12 based ROM with root. I set up a simple custom stateful iptables firewall to block all connectivity except for a browser. I connect to WiFi and there is no internet. This setup does work after some initial network activity occurs on a freshly setup ROM with just the def...
I installed an AOSP Android 12 based ROM with root. I set up a simple custom stateful iptables firewall to block all connectivity except for a browser. I connect to WiFi and there is no internet. This setup does work after some initial network activity occurs on a freshly setup ROM with just the default firewall left in place for a little time (until browser able to access internet).
What sequence of events occurs behind the scenes on a freshly set up Android ROM for the internet connectivity to be enabled? What sort of things must occur for Android network connectivity to become available for apps after a fresh installation and after having established WiFi connection?
There's no internet if you just open up the firewall for one app on a new installation and having connected to a WiFi.
user145453
(131 rep)
Nov 7, 2022, 07:00 PM
• Last activity: Nov 8, 2022, 02:57 AM
1
votes
0
answers
44
views
Route mobile hotspot traffic through VPN on a rooted device
I'm running an unlocked and rooted Samsung Galaxy Note 20 Ultra 5G (SM-N986U1) with an Android 12 custom ROM on the most recent security patch. The goal is that any devices that connect to my mobile hotspot have access to machines on my home network. I mainly would like to do this in order to use th...
I'm running an unlocked and rooted Samsung Galaxy Note 20 Ultra 5G (SM-N986U1) with an Android 12 custom ROM on the most recent security patch. The goal is that any devices that connect to my mobile hotspot have access to machines on my home network. I mainly would like to do this in order to use the Air Link feature of Oculus remotely without forwarding a different port each time I connect - I tried side-loading WireGuard on my Quest Two, when I connect it just locks the whole OS up, so that's not an option.
The local IP range of devices connected via hotspot is 192.168.36.0/24. I guess the hotspot interface is called
swlan
I tried
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.36.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.36.0/24 dev swlan0 scope link table 61
ip route add broadcast 255.255.255.255/vpnroute.sh <
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: No such devicetun0 and swlan0 are active - so I'm not sure what it means "no such device".
I do have root access but I am not at all familiar with routing traffic on Linux/Android or iptables or anything of that nature so I am in need of help. If someone could hook me up with some commands I can just paste into an adb shell to accomplish this that would be much appreciated.
Alexander Turro
(11 rep)
Oct 13, 2022, 03:11 AM
• Last activity: Oct 13, 2022, 06:04 AM
0
votes
0
answers
285
views
How to route all my Android phone own's DNS request to 8.8.8.8 in iptables with root?
``` su iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53 ``` The above command is really working, but only for client phones who are using my phone's WiFi hotspot. The result I need is for my phone itself. I want to route all my DNS queries only through 8.8.8.8 without using a VPN...
su
iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53
WaiYan
(1 rep)
Jun 21, 2022, 12:56 PM
• Last activity: Jun 22, 2022, 04:40 AM
2
votes
0
answers
1222
views
How to IP forwarding/NAT from WIFI -> Mobile data without creating hotspot/access point
I would like to be able to use my android phone as a backup internet connection if my home broadband goes down. The idea is that if the network went down I would set up a static route on my home router to point all internet-bound traffic at the phone, and all the other devices on my LAN would be abl...
I would like to be able to use my android phone as a backup internet connection if my home broadband goes down.
The idea is that if the network went down I would set up a static route on my home router to point all internet-bound traffic at the phone, and all the other devices on my LAN would be able to carry on using the internet without reconfiguring each one.
How can I get my android phone to perform IP forwarding/NAT from the wlan0 over the mobile data network? I don't want to put the phone into access point mode, but rather leave it connected to my home wifi network.
The phone is rooted so it feels like this should be possible with iptables but I'm not having much luck.
Oenotria
(121 rep)
Jun 11, 2022, 11:51 AM
0
votes
0
answers
322
views
How to override (or a least view) the RDNSS ipv6 DNS? (root)
As far as ipv4 DNS is concerned, Android (at least version 9) can override default DNS settings fairly well. Firstly, it is possible to set net.dns* to the desired value. Secondly, ```iptables -t nat``` works, and lets the user redirect the packets to port 53 anywhere required. With ipv6 however, th...
As far as ipv4 DNS is concerned, Android (at least version 9) can override default DNS settings fairly well.
Firstly, it is possible to set net.dns* to the desired value.
Secondly,
-t nat-t nat-t mangle
user10732
(46 rep)
May 13, 2022, 05:26 AM
3
votes
2
answers
1639
views
How to run .sh script (iptables commands) on start up
I am using LineageOS 18.1 When I was on LOS 16, I used to edit the file `/system/etc/init.d/00banner` and put my iptables commands there, e.g.: ``` #!/system/bin/sh sh -c 'iptables -A OUTPUT -m owner --uid-owner 10195 -d 203.205.255.78/23 -j REJECT' ``` All iptables commands I put in there used to r...
I am using LineageOS 18.1
When I was on LOS 16, I used to edit the file
/system/etc/init.d/00banner and put my iptables commands there, e.g.:
#!/system/bin/sh
sh -c 'iptables -A OUTPUT -m owner --uid-owner 10195 -d 203.205.255.78/23 -j REJECT'/system/etc/init.d/ directory was deprecated.
**1.** I created and filled the custom script with the *iptables* commands above:
touch /system/etc/custominit.sh
chmod 0755 /system/etc/custominit.sh/system/etc/init/hw/init.rc and I added to the end:
chmod 0755 /system/etc/custominit
exec /system/etc/custominitservice custominit /system/bin/custominit.sh
disabled
oneshot
user363569
Nov 21, 2021, 10:49 AM
• Last activity: Nov 22, 2021, 05:16 AM
2
votes
0
answers
551
views
iptables-restore not working after iptables-save
I am trying the below with `iptables-save > test.rules` i am saving the saved rules file then with command `iptables-restore test.rules`, i am trying to restore the rules On `iptables-restore`, seeing below error. iptables-restore v1.8.4 (legacy): quota2: option "--name" cannot be inverted. Error oc...
I am trying the below
with
iptables-save > test.rules i am saving the saved rules file
then with command iptables-restore test.rules, i am trying to restore the rules
On iptables-restore, seeing below error.
iptables-restore v1.8.4 (legacy): quota2: option "--name" cannot be inverted.
Error occurred at line: 106
Below is Line 106 generated with iptables-save
-A bw_global_alert -m quota2 ! --name globalAlert --quota 2097152
What could be the reason, i expect this basic save and restore to work without issues.
Note : All commands are run as root on custom board.
DarkKnight
(121 rep)
Sep 23, 2021, 06:48 PM
1
votes
1
answers
2258
views
Android: how to find application locking xtables?
I have Pixel Experience (Android 10) installed on my Redmi K20. + Magisk 21.4. In terminal I enter command `iptables -t mangle -L -n | grep TTL` which throws `Another app is currently holding the xtables lock. Perhaps you want to use the -w option?`. How to find the this application? Or how to drop...
I have Pixel Experience (Android 10) installed on my Redmi K20. + Magisk 21.4.
In terminal I enter command
iptables -t mangle -L -n | grep TTL which throws Another app is currently holding the xtables lock. Perhaps you want to use the -w option?. How to find the this application? Or how to drop xtables lock?
Andrey Nelubin
(11 rep)
Feb 11, 2021, 01:08 PM
• Last activity: Feb 14, 2021, 02:08 PM
1
votes
1
answers
921
views
Android cannot forward packets
### Target: Perform IP forwarding for devices within the same local network. (The real target is transparent proxy but the IP forwarding is a prerequisite) ### Network setup: All devices are in the same local network `192.168.0.0/16`. - main router `192.168.1.1` - Android phone `192.168.2.1` (networ...
### Target:
Perform IP forwarding for devices within the same local network. (The real target is transparent proxy but the IP forwarding is a prerequisite)
### Network setup:
All devices are in the same local network
192.168.0.0/16.
- main router 192.168.1.1
- Android phone 192.168.2.1 (network interface wlan0)
- computer 192.168.2.10 gateway set as 192.168.2.1
- others like Raspberry Pi at 192.168.1.11
### Android setup:
- Data disabled, only WiFi connects.
- rooted Android 10 (Pixel 2 XL)
- enabled ip forwarding by sysctl -w net.ipv4.ip_forward=1
- netfilter: on all tables of nat, mangle, filter and raw, run iptables -F -t and iptables -X -t
- rp_filter: Disable by sysctl -w net.ipv4.conf.all.rp_filter=0 and sysctl -w net.ipv4.conf.wlan0.rp_filter=0
### Result:
- the computer cannot access to the Internet, ping, dig, browser, nothing works.
- the computer connects to local devices without any problem (like ping router 192.168.1.1, SSH to the Raspberry Pi, or use FireFox through the SOCK5 proxy hosted on the Pi).
- Android phone connects to the Internet perfectly.
### Debug:
- using iptables -t -L -v to show packet count, all chains have some packets, *except the FORWARD chain of both raw, mangle tables shows Chain FORWARD (policy ACCEPT 0 packets, 0 bytes). After some googling, rp_filter is the suspect but I'm sure it's turned off.
Myles
(111 rep)
Nov 2, 2020, 03:10 PM
• Last activity: Nov 3, 2020, 02:31 AM
0
votes
0
answers
52
views
Is it possible to change the userID of something like Fused Location Provider?
I have a bunch of apps bundled under userID on my stock rom, including **Fused Location Provider**. Since I'm using **AFWall+** to block said userID to block said apps - it also breaks my location detection for Osmand. Is there any way for me to change the userID it runs under? I have root available...
I have a bunch of apps bundled under userID on my stock rom, including **Fused Location Provider**. Since I'm using **AFWall+** to block said userID to block said apps - it also breaks my location detection for Osmand.
Is there any way for me to change the userID it runs under? I have root available to me.
Kirikan
(79 rep)
Jul 31, 2020, 08:35 PM
• Last activity: Jul 31, 2020, 08:52 PM
2
votes
0
answers
214
views
How can I bypass android 9 VPN with iptables?
I'm targeting specific app with UID rule `-m owner --uid-owner 1337` and I want this app always bypass VPN and use direct Wi-fi/Mobile Data connection. Ideally, I also want it to be universal, if possible, because I might switch the VPN app I use (currently have two) and I dont want to rewrite the r...
I'm targeting specific app with UID rule
-m owner --uid-owner 1337 and I want this app always bypass VPN and use direct Wi-fi/Mobile Data connection. Ideally, I also want it to be universal, if possible, because I might switch the VPN app I use (currently have two) and I dont want to rewrite the rule and re-target new interface for it.
What are my options? I can provide output of ifconfig, whatever, but it kinda defeats aforementioned point 2).
P.S. I know that majority of VPN apps have exclusion list but because I already use AFWall+ I dont want to use that list and mess with iptables even more, polluting it with weird routes combnations.
Kirikan
(79 rep)
Jun 10, 2020, 09:27 PM
Showing page 1 of 20 total questions