Hi, I am not sure if this is covered somewhere but I have figured out how to fix the native tethering in THS ICS at least for wifi anyway. Open up a terminal, either on the phone or through adb and type the following commands:
su
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o ppp0 -j ACCEPT
####
I have this working on my fascinate. Possible method for USB/BT open a terminal:
su
netcfg
#Make a note of all downed interfaces(eg. ifb0,ifb1...)
#Now turn on the tethering of your choice and run:
netcfg
#see which inteface is now up that was down before
#now run the following commands but replace wlan0 with the inteface you have found to be up:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o ppp0 -j ACCEPT
######
Also just found figured this out now not sure may need to rerun the commands after restarting the phone let me know your results.
Hope this helps, couldn't put it in the dev section cause im an xda noob Please give me thanks if this helped so I can post in dev section as necessary
The native tether already works without this, but only on 3g. Also I posted this on rootz a while ago and I included a Tasker profile, here.
sendan said:
The native tether already works without this, but only on 3g. Also I posted this on rootz a while ago and I included a Tasker profile, here.
Click to expand...
Click to collapse
I was looking for info on this for awhile and couldnt find anything. Weird though my device does not have those interfaces you used. I wonder why that is? Wifi tether was not working for me at all, my laptop would connect to the phone but no outside access whether it had 3g or cdma always the same results.
Funny thing is I basically copied the iptables info from my friends phone and adapted the interfaces to suit my phone. Well hopefully the next person will find this easier now.
miked63017 said:
I was looking for info on this for awhile and couldnt find anything. Weird though my device does not have those interfaces you used. I wonder why that is?
Click to expand...
Click to collapse
I've been using those same exact interfaces since GB MIUI...I couldn't tell ya. (They still work in ICS)
sendan said:
I've been using those same exact interfaces since GB MIUI...I couldn't tell ya. (They still work in ICS)
Click to expand...
Click to collapse
Maybe different radio and/or kernel.
miked63017 said:
Maybe different radio and/or kernel.
Click to expand...
Click to collapse
when I run netcfg I get the wlan0 as well...I haven't tried your method but I assume both work. (I know mine does because I'm using it)
Something must be different...I'm going to bed though.
sendan said:
when I run netcfg I get the wlan0 as well...I haven't tried your method but I assume both work. (I know mine does because I'm using it)
Something must be different...I'm going to bed though.
Click to expand...
Click to collapse
Cool, taskers is a good idea I was gonna modify my init scripts but...anyway have a good night
Related
Ok, let me start by saying this Photon has a LOT of potential... Anyways, a little tinkering and hacking and I noticed a few interesting little tidbits.
First, the easy to use Phone Portal feature look rather interesting. Pretty interesting how we can just automagically surf a web page put out by the phone... Oh wait, that would require DHCP and a USBnet Modem wouldn't it?
Kinda. It does use a Motorola Network driver to mimick something similar to the linux usbnet drivers. So as long as you have your Motorola drivers installed on the PC, it'll still launch this portal.
Now I already knew that iptables was installed. So the question now is can this interface be NAT'ed to allow internet access through the phone without installing any software?
The answer, yes.
First root the phone and then when you're logged in you'll want to do the following:
Code:
mount -o remount,rw /dev/block/mmcblk0p12 /system
echo 1 > /proc/sys/net/ipv4/ip_forward [I]#Temporarily allow packet forwarding[/I]
[I]# Permanently allow packet forwarding[/I]
vi /etc/sysctl.conf
[I]# uncomment the line #net.ipv4.ip_forward=1[/I]
vi /etc/rc.local
[I]# Add the following lines after the line that reads iptables -A OUTPUT -p tcp --dport 8085 -d localhost -m owner ! --uid-owner adas -j REJECT[/I]
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o ppp0 -j ACCEPT
mount -o remount,ro /dev/block/mmcblk0p12 /system
Note: You may need to set the default route of 192.168.16.2 on your computer. You'll also want to set your DNS servers to 4.4.4.4 and 8.8.8.8 (Google) so that you can do DNS queries.
DHCP config coming soon once I figure it out.
Once this modification is done, all you need to do is have your phone in the Motorola Phone Portal Mode and plug it into your computer. Your computer will automatically recognize the network connection, utilize DHCP, and establish an internet connection.
Hoozah, USB tethering with no apps, no fuss, and ... no $30 a month.
Good post, now I wonder if we can get this working with Ubuntu. I don't have the ability to try yet. But I may later tonight.
Thanks for the heads up.
These are shell commands, its not as simple as you'd think to build an aol to do this. And I would guess it only has to be done once unless the phone resets this stuff on reboot...
Sent from my MB855 using xda premium
Yep, only needs to be done once. That's why I put the "temporarily changes" and the "permanently changes" in there.
A note though, local.rc does get updated during patches, so if you take an OTA upgrade, you'll need to redo these steps to get it working again. No more or less so than you would if you needed to recover root.
One of the reasons I posted this here... that way it's documented and if I forget in the future, I can search this site to learn how it's done again.
khawk said:
Ok, let me start by saying this Photon has a LOT of potential... Anyways, a little tinkering and hacking and I noticed a few interesting little tidbits.
First, the easy to use Phone Portal feature look rather interesting. Pretty interesting how we can just automagically surf a web page put out by the phone... Oh wait, that would require DHCP and a USBnet Modem wouldn't it?
Kinda. It does use a Motorola Network driver to mimick something similar to the linux usbnet drivers. So as long as you have your Motorola drivers installed on the PC, it'll still launch this portal.
Now I already knew that iptables was installed. So the question now is can this interface be NAT'ed to allow internet access through the phone without installing any software?
The answer, yes.
First root the phone and then when you're logged in you'll want to do the following:
Code:
mount -o remount,rw /dev/block/mmcblk0p12 /system
echo 1 > /proc/sys/net/ipv4/ip_forward [I]#Temporarily allow packet forwarding[/I]
[I]# Permanently allow packet forwarding[/I]
vi /etc/sysctl.conf
[I]# uncomment the line #net.ipv4.ip_forward=1[/I]
vi /etc/rc.local
[I]# Add the following lines after the line that reads iptables -A OUTPUT -p tcp --dport 8085 -d localhost -m owner ! --uid-owner adas -j REJECT[/I]
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o ppp0 -j ACCEPT
mount -o remount,ro /dev/block/mmcblk0p12 /system
Note: You may need to set the default route of 192.168.16.2 on your computer.
Once this modification is done, all you need to do is have your phone in the Motorola Phone Portal Mode and plug it into your computer. Your computer will automatically recognize the network connection, utilize DHCP, and establish an internet connection.
Hoozah, USB tethering with no apps, no fuss, and ... no $30 a month.
Click to expand...
Click to collapse
Hi,
I tried everything you've said and can't seem to get an internet connection via tether. First of all, what exactly do you mean, "Note: You may need to set the default route of 192.168.16.2 on your computer"? Do you mean in the IPv4 settings for the Motorola USB Modem on the laptop, to set the Default Gateway and DNS to 192.168.16.2? If so, I've tried this, and still can't see to get an internet connection.
What happens is it tries to load a page, then comes back with an error that it cannot resolve a DNS. Has anyone else had success with this? I'm pretty sure I've edited the files exactly as he's suggested here...
BallCity said:
Hi,
I tried everything you've said and can't seem to get an internet connection via tether. First of all, what exactly do you mean, "Note: You may need to set the default route of 192.168.16.2 on your computer"? Do you mean in the IPv4 settings for the Motorola USB Modem on the laptop, to set the Default Gateway and DNS to 192.168.16.2? If so, I've tried this, and still can't see to get an internet connection.
What happens is it tries to load a page, then comes back with an error that it cannot resolve a DNS. Has anyone else had success with this? I'm pretty sure I've edited the files exactly as he's suggested here...
Click to expand...
Click to collapse
I revised the original post to include DNS config. Opps, overlooked that one.
Can you please specifically show which settings to change in Windows 7 to change the default route and DNS servers? I THINK I've changed the settings in the correct place but my computer does not get an internet connection.
gollyzila said:
Can you please specifically show which settings to change in Windows 7 to change the default route and DNS servers? I THINK I've changed the settings in the correct place but my computer does not get an internet connection.
Click to expand...
Click to collapse
Something as follows:
* Put the phone into Motorola Phone Portal mode [After making the edits outlined above]
* Goto: Control Panel\Network and Internet\Network Connections
* Right-Click and Click Properties on Motorola USB Networking Driver (With a name something like Local Area Connection ##)
* Click on "Internet Protocol Version 4 (TCP/IPv4) and then click the 'Properties' Button
* Set it up to look like this:
h_ttp://i.imgur.com/8w1S0.png
[Won't let me post outside links, so you can figure out how to make that work.]
All done!
I've gotten it working now. I think the issue I had before was with the edits I made. Initially I tried editing the files using Root Explorer's built-in text editor. Since then I've just used ADB to pull them to my computer to edit, then push the edited files over to the SD card via ADB, then moved them to the /etc/ folder with Root Explorer.
Hope that helps someone... But to confirm, I've gotten it working using those edits that the OP had posted, and used the IPv4 settings posted above.
No comment yet on speed or anything. It does appear as though 4G stays connected, though.
Can anyone confirm this still works with the 2.3.4-4.5.1A-1_SUN-198_6-CM SBF? Windows 7 sees the connection but there is no internet access. Are the mount commands required or can I just make the edits to the files (root explorer) and reboot the phone?
Mahna Mahna said:
Can anyone confirm this still works with the 2.3.4-4.5.1A-1_SUN-198_6-CM SBF? Windows 7 sees the connection but there is no internet access. Are the mount commands required or can I just make the edits to the files (root explorer) and reboot the phone?
Click to expand...
Click to collapse
It doesn't seem to work for me on this update, either. Same issue, W7 sees the connection but I also don't get internet access. Using Google's DNS as well. I'm not sure what changed... Anyone else try this and/or know of a fix?
BallCity said:
It doesn't seem to work for me on this update, either. Same issue, W7 sees the connection but I also don't get internet access. Using Google's DNS as well. I'm not sure what changed... Anyone else try this and/or know of a fix?
Click to expand...
Click to collapse
Seems that they did something in the firmware to disable the packet forwarding. I haven't had a lot of time to check this more closely. Would be interesting to see what the differences in the kernel config are between this build and the previous one.
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
0)
Code:
adb shell
1) Get root access.
Code:
$ su
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Updates: 2012--07-13
For ICS 4.0.4 Motorola had changed the FORWAD chain to DROP, and we need change it back to ACCPET to make successful tethering.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
Update 2 2012-07-13
Finally ... the CORRECT way to set up tethering... goto post #21
http://forum.xda-developers.com/showpost.php?p=28698646&postcount=21
Thank you.
Thanks for this! Works well.
Hello to both of you,
this tip is very interesting!
Is there a way to make the same thing under Windows?
Thanks for your help!
Windows? You even can run the commands without connecting to PC/Laptop.
If you want to use Windows, get adb and related driver for windows.
1) Connect your RAZR and let windows 'see' and install driver
2) Start-> Run -> cmd
3) cd \to\path\where\you\put\the\adb.exe
4) adb.exe shell
Now you should get command prompt $ and ready to run commands.
5) $ su
The prompt will change to #, which mean you are going to run commands using 'root' or supervisor power/authority.
6) Type or copy the commands in my previous post.
You also can use Andriod terminal emulator, such as Connectbot in local mode, and continue from step 5)
Good luck.
Thank you.
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
the problem turns back by restarting
Hi,
Thanks for your tip, it works very well but after I restart the phone same problem and I need to reenter the codes!
any comments?
Cheers,
Ardal
Yes, I forgot to mention that, this method is temporary. You need to run the commands after reboot. But, it's still better than nothing.
Sent from my XT910 using XDA App
unbelievable bug it this motorola (( hey, I have an idea but dont know how to make it (working on it):
to put these two line commands somewhere like autoexec.bat (I don't know what is equivalent in android)
So you guys know better than me about android, what do you think?
Cheers,
Ardal
Yes ,and it's called init.d or rc.d.
Sent from my XT910 using XDA App
Already done, by help of script manager. Set your commands as a script in etc/init.d/ with SU permission, boot.
I have also sent an email to Motorola Australia and asked them to release an update to solve this problem.
Thank you for the follow up with Motorola. Please update and share us their responses.
Actually, the commands should be invoke when we start tethering ,and should be removed when we stop tethering for enhanced security.
Sent from my XT910 using XDA App
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Anyway, I managed to permanently apply these modifications without need permanent root. BUT I'M NOT RESPONSIBLE FOR ANY DAMAGE YOUR DEVICE SHOULD HAVE! YOU MUST HAVE A MINIMUM LINUX KNOWLEDGE TO SAFELY EXECUTE THESE STEPS!
1) You will need adb working and the zip file with the scripts necessary to root Droid Razr on Linux / MAC (you can easily find it...)
2) From that zip, take zergRush and extract to a folder.
3) Plug the phone with USB debugging enable and execute:
adb shell 'cd /data/local/tmp/; rm *'
adb push zergRush /data/local/tmp/
adb shell './data/local/tmp/zergRush'
At this point, zergRush will try to obtain root.
After the execution, enter in shell (adb shell), you will see that you will be logged as root! The good point is that it is temporary, if you reboot your device and delete everything on /data/local/tmp/ your device will be exactly the same as it was before root.
4) So, with root access, get rc.local:
adb pull /etc/rc.local
REMEMBER TO BACKUP THIS FILE!
5) Be careful now: edit rc.local and add the following lines:
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
at the end of file, just before:
exit 0
OBS.: look that I have modified the original rule and added '-s 192.168.42.0/24'. Here, all devices connected to my RAZR in tethering mode has an ip from LAN 192.168.42.0/24. So, the masquerading will only work when package is coming from this LAN. I think it should increase security and avoid some problems. But remember, if you set up wifi router to assign an IP from another LAN you will have to add another rule!
6) Save and push it back:
adb push rc.local /etc/
7) Enter in shell and gives rc.local permission to be executed:
adb shell
cd /etc
chmod 755 rc.local
exit
8) After it, reboot and the change should be persistent.
I have tested it and, even after a factory reset, the changes are persistent!
Now I can successfully use Wifi and USB tethering.
Thanks one more time for these great information!
Also, I want to thanks tophyr from freenode #android-dev, myn from EFnet #android, and rob0 from freenode #Netfilter.
Ronan
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Ronis_BR said:
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Click to expand...
Click to collapse
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
tekahuna said:
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
Click to expand...
Click to collapse
Yes, you need root to edit rc.local, but, after pushing it back, you don't need it anymore.
Ronis_BR said:
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Click to expand...
Click to collapse
FYI, my RAZR XT910 is contract free and not from VZW. It also has Hotspot and tethering features. That why I said, the it is the bad implementation at the first place.
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
Click to expand...
Click to collapse
Yes, but, to be sure the FORWARDING is enabled, add this line
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable IP Forwarding in kernel
The ip_forward is 1, when you enabled the Hotspot/tethering, but just in case, if Motorola also disable the IP Forwarding in kernel. Yes, the netfilter's rules NEEDs the ip_froward value to be 1, to make the NATting to works.
BTW, I did not add the '-s 192.168.2.0/24' because, the NATting will not work if user change the hotspot default IP to other than 192.168.2.xxx.
Thank you and great job. I think this is not only for RAZR, but also for most Android smartphones which has 'iptables' command.
Good luck.
Great
bahathir said:
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
1) Get root access.
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Thank you.
Click to expand...
Click to collapse
Working great on 2.3.6 Stock, thank you!!!!!
ichi go said:
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
Click to expand...
Click to collapse
you can save to a shell script, let say mytether and execute ./mytether.sh later on...
but the init file is much convenient.
Any idea why doesn't work on Asia.03 ICS was what fixed issue in Asia.03 GB.
Sent from my XT910 using xda premium
Yes.
It is because Motorla had changed the default FORWARD chain policy to DROP, and all packets which going out from other IPs going through it will be dropped and ignored. So no connections for client's.
Here is the default rules.
Code:
$ adb shell 'su -c "iptables -nvL"'
Chain INPUT (policy ACCEPT 460 packets, 282K bytes)
pkts bytes target prot opt in out source destination
0 0 all -- !lo+ * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
343 270K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 325 packets, 34323 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- * !lo+ 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
319 34011 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain penalty_box (1 references)
pkts bytes target prot opt in out source destination
Look at the FORWARD chain and other bizarre rules. We can change it to a more cleaner rules.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
1) iptables -F : Flush/remove all rules
2) iptables -P FORWARD ACCEPT : Change the default FORWARD chain policy to ACCEPT, which allow all traffic goes through
3) iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE : Enable the NAT rule.
Enjoy the tethering and good luck.
Thank you.
Hi All,
I have a stupid Juniper VPN device at work which does not support 64 bit linux clients using netconnect. I have found ways around this previously, but now we are setting up 2 factor auth which throws a lot of javascript into the mix, making the scripts I used pretty much obsolete. The Junos pulse client works well for android, so I am thinking I want to use an android device as a router. Connecting to the VPN and using wifi tethering does not work, same with USB tethering does not work, and those are not exactly what I want anyway.
So basically I want to be able to connect my android device to my wifi here at home, connect to the VPN on it, run a script to do my setup on the Android device, lastly add a route on my client pc to tunnel through the android device. here is what I tried so far on the device:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -P FORWARD ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -d 10.0.0.0/8 -j MASQUERADE
ip rule add from all to 10.0.0.0/8 fwmark 0x3c lookup 60
and on the client PC:
Code:
route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.29
where 192.168.1.29 is the IP of my android device, and 10.0.0.0/8(I know its lazy) is the IP range I want to go through tun0 on the device. This is however not working.
The only thing I need to do on a standard linux box to do this would be:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -d 10.0.0.0/8 -j MASQUERADE
And setup the same route command on the client but point it at the linux box instead. This currently works, but when we decide to flip the switch and use the 2 factor auth only I will not be able to make it work on a standard linux box, but 2 factor does work on android via the Junos app.
I fear I am missing something simple in Android land, please help...
Now before I get flamed for a duplicate post, I have already searched this topic. I found 2 threads here, one of which has a few different methods, and a few others elsewhere on the net. I've tried all of them, literally. Every guide I could find relating to passing USB Tethered traffic through my phone's OpenVPN connection. I figure I must be doing something wrong somewhere in my iptables.
Some info about my setup:
Phone: Samsung Galaxy S5 - Rooted via Towelroot, SuperUser updated, RootCheck confirmed rooted
Interfaces from 'netcfg': wifi = wlan0, usb tether = rndis0, Cellular data = rmnet0, OpenVPN tunnel = tun0
VPN network = 10.0.1.0/24
USB Tethered network = 192.168.42.0/24
Wifi Tethered network = 192.168.43.0/24
LAN network (on other side of VPN) = 10.0.0.0/8
Firewall/OpenVPN server = pfSense
OS of Client attempting to connect through VPN = Windows 7
I am trying to use my phone as an OpenVPN gateway because I require a connection to my home network, and I have insufficient permission to install the OpenVPN client on the machine I am trying to connect back home with. Even though I cannot install the OpenVPN client/Tun/tap network interface, it does allow my phone's rndis interface to be installed.
And this is what I have tried so far:
iptables -- flush
iptables -A POSTROUTING -o tun0 -j MASQUERADE -t nat
iptables -A FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i rndis0 -o tun0 -j RETURN
And This:
iptables --flush
iptables -A POSTROUTING -s 192.168.42.0/24 -j MASQUERADE -t nat
iptables -A FORWARD -j ACCEPT -i rndis0 -o tun0
iptables -A FORWARD -j ACCEPT -i tun0 -o rndis0
Neither one seems to work. I tried the former earlier and couldnt tell if it worked or just screwed everything up, as I couldnt connect to anything on my home LAN or the internet.
Any help is greatly appreciated. I don't know if I need to add a rule on the pfSense firewall to handle traffic from 192.168.42.0/24 or not, I havn't seen that mentioned anywhere.
Hey, I know this is a little old, but did you get anywhere?
I'm too trying to get traffic from the tethered device to be routed via the phone's VPN connection.
Thanks
Hi, I recently wrote a program in C/C++ which allows me to tunnel over ICMP (my carrier stupidly allows ICMP traffic over 3g with the right APN )
All works fine if im using it from the phone, using the NDK compiled binary.
Also works fine if im not running the tunnel from my phone and just tethering via usb/wifi/bt and running the tunnelling program on the device tethered to my s3
What I'm trying to achieve is: run the tunnelling prog on the phone, and set up some iptables rules to forward rndis0/wlan0/bt-pan to tun0 so that I can use the tunnelled connection simultaneously on the phone and on whatever other devices are tethered to the phone.
Problem is, whilst running the program on the phone, I can access all sites/ips fine, but the connection provided to the tethered devices with the iptables rules is flaky at best, and simply will not connect to some sites at all
Possibly netmask issue?
Assuming my default gateway on the phone is set to the tunnel endpoint, here are the iptables rules I am using to NAT the tetherable interfaces:
iptables -F natctrl_FORWARD
iptables -A FORWARD -o tun0 -i bt-pan -s 192.168.44.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -i wlan0 -s 192.168.43.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -i rndis0 -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
strangely I can ping ok, and access sites like google and facebook but most other sites will not load.
Have done tracepath so I know the packets are going through the tunnel.
Anyone able to shed any light on this?
Alternatively, could it be possible to edit the default tethering scripts on the s3 to use the tun0 device instead of rmnet0 ? Will search them and try
Going to roll my NDK executable into a shared library and make it into a paid app.
Used 10gb in 2 days on a SIM which has never and will never have credit. Also works whilst roaming!
Jamie
Issue was that the MTU of wlan0/bt-pan/rndis0 was larger than that of the tunnel, causing packets to fragment. Lowered mtu and problem solved, working beautifully now