Database Develop

[How-To] Enable internet web access through proxy servers

I have found that you can enable www access through a proxy server by inserting new iptables rules in Android. I have used it successfully to browse internet throughput the wifi at my office, it should be the same for school networks with proxy servers as well.
Requirements:
Root access
Kernel with iptable and netfilter support
Known working kernels:
Doomkernel v10
Have been tested on .368 firmware and Doomkernel v10, all iptable and netfilter modules are included in his kernel.
1. Open a terminal emulator or use a scripting app, I have been using ScriptManager.
2. Add iptables entry, root access is needed to manipulate the iptables.
Replace ip address and port in the --to parameter to match your own proxy server address
$ su
# iptables -t nat -A OUTPUT -p tcp -o wlan0 -d internal.ericsson.com -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp -o wlan0 --dport 80 -j DNAT --to 153.140.40.150:3132
# iptables -t nat -L (to list newly added rule)
All apps will now connect to the proxy when accessing port 80
To remove iptables:
$ su
# iptables -t nat -F OUTPUT
You might see several error messages, they can be ignored
modprobe: module 'ip_tables' not found
getsocket for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
Please let me know if you know how to improve the ruleset and if other kernels are working as well.

Updated ruleset:
Have added additional rule to configure iptales to bypass proxy for intranet web addresses, it would otherwise try to open up intranet web pages trough the proxy server.

The easy way
http://forum.xda-developers.com/showthread.php?t=766569

w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Thanks for the url, have you tried it? Might give it a try but is sounds like it is just a frontend to manipulating the iptables, I prefer to change it myselft, that gives full flexibility to do whatever I wish with the iptables
Did give DroidProxy a try from the android marked but it did not seem to work which is why I started to setup the proxy manually in iptables.
---------- Post added at 10:08 AM ---------- Previous post was at 09:43 AM ----------
w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Found out that, the transporxy project has been discontinued and replaced with autoproxy which according to the forum members should work very well.
http://forum.xda-developers.com/showthread.php?t=1083284
It should work as long as multiports are not used as this is not included in Doomkernel v10. This only mean that you will have to add a seperate rule for each port you wish to forward ie. one for port 80 and one for port 443 instead of having both included in the same rule.

[INFO] Enable Wi-Fi hotspot with LTE

As I posted in the HTC One X forum in thread "Fido LTE wifi hotspot not working on CM10/AOKP" (http://forum.xda-developers.com/showthread.php?t=1979648), you can temporarily enable hotspot access for LTE.
-----
CM10 seems to have a bug, where LTE + hotspot doesn't add the required firewall rules.
You can execute the below (as root) with LTE + hotspot on to enable the correct forwarding.
Code:
iptables -A bw_FORWARD -i !lo+
iptables -A natctrl_FORWARD -j RETURN -i rmnet+ -o wlan0 -m state --state RELATED,ESTABLISHED
iptables -A natctrl_FORWARD -j DROP -i wlan0 -o rmnet+ -m state --state INVALID
iptables -A natctrl_FORWARD -j RETURN -i wlan0 -o rmnet+
iptables -A natctrl_FORWARD -j DROP
iptables -A natctrl_nat_POSTROUTING -t nat -o rmnet+ -j MASQUERADE
If you're worried about the security of packet forwards from wireless -> LTE, you can remove the rules by flushing the tables to default.
Code:
iptables -F bw_FORWARD
iptables -F natctrl_FORWARD
iptables -F natctrl_nat_POSTROUTING

HTC one 4.3 wifi tether

Does anyone has wifi tether working on the new ViperOne Rom android 4.3 sense 5.5
i have downloading all the previous version to get it to work and been all over the threats hopefully someone here has a solution
if there is already a solution please post link.
dont need to get ranted for supposedlly not using the search option whitch i had
help will be greatly appretiated thank you

I haven't installed it yet but I plan to. Have you tried the native tethering? It works on flex's stock with goodies. If not maybe flex can shed some light on how he got it working.
Sent from my HTCONE using Tapatalk

Dude, I found a zip to flash and it gets native hotspot working sorry can't remember where but it's around and it works!

jblaze10 said:
Dude, I found a zip to flash and it gets native hotspot working sorry can't remember where but it's around and it works!
Click to expand...
Click to collapse
i got the native working for now, using the post from (jkl555)
jkl555 said:
My tethering (USB, wifi hotspot, BT) stops working after I upgraded to Android 4.3 GPe. I am with Rogers LTE. All my devices (PC, Android devices) can connect to the HTC one but they can't connect to anywhere in the web. I am with Rogers LTE 2GB data plan. I am not sure what the problem is. New security measure in 4.3 or Rogers need to do something to support 4.3 ?
Anyway, I started to look into the firewall of my HTC one as suggested by other sources. In order to run the command 'iptables', I need to root the HTC one. Running the command 'iptables -vnL' and I can see why I can't connect anywhere.
Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
So I search many places to see how I rewrite the firewall rules (not really an expert on it). This web site (cant post it) has a script that I can copy and use. I will paste the commands here.
#!/system/bin/sh
iptables -F
iptables -A bw_FORWARD -i !lo+
iptables -A natctrl_FORWARD -j RETURN -i rmnet+ -o wlan0 -m state --state RELATED,ESTABLISHED
iptables -A natctrl_FORWARD -j DROP -i wlan0 -o rmnet+ -m state --state INVALID
iptables -A natctrl_FORWARD -j RETURN -i wlan0 -o rmnet+
iptables -A natctrl_FORWARD -j DROP
iptables -A natctrl_nat_POSTROUTING -t nat -o rmnet+ -j MASQUERADE
I added the line "iptables -F" myself to flush out the old rules.
Now I can tether.
One can put the script in those special ROMs that supports init.d to make it permanent.
Hope it helps.
Click to expand...
Click to collapse
it works fine for i guess ill be using this for the mean time, btw am using viper one rom .... i have to its a great rom i highly recommend it:good:

msimindlessmsi2 said:
I haven't installed it yet but I plan to. Have you tried the native tethering? It works on flex's stock with goodies. If not maybe flex can shed some light on how he got it working.
Sent from my HTCONE using Tapatalk
Click to expand...
Click to collapse
thanks buddy , yeah i have it working dont really like it too much but it'll have to do for now.... i need to use my internet for work
so its a most i have something working. didnt want to go back to old rom

glad u got something working:good:

[Q] userinit.sh run at start up help.

Hi there people. I recently found an article about using a VPN set up along with routing tables to get tethering going using the phone in Hotsopt mode. Every thing is working well, but the one thing that I can't get going is to have the userinit.sh run at boot automatically.
The original poster said to put this text in the userinit.sh, and nothing else.
========================================================
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
========================================================
As I say I can execute this manually via root explorer, but can't get it to run automatically on boot. Thanks for any help with this.

Get ROM toolbox or something that runs scripts at boot

Thank you for your help. I will have a look at this app later and give it a go.

Hi there I have had chance to install Rom toolbox. I did the following, but still no luck:
main menu - scripter - add script (plus icon) - hit my userinit.sh and pressed to "set at boot icon". I rebooted the phone but the script did not work. I saw "access to interactive shell" from Rom toolbox popup, so something must have happened. Thanks for any more help.

Can't tether through VPN anymore

I used to be able to tether over wi-fi by connecting to an OpenVPN server, then activating the phone as a wi-fi hotspot, then running a script to route data traffic over the VPN. For some reason, this is not working anymore.
This is the script that used to work:
Code:
su -
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
When this didn't work I tried this script:
Code:
su -
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
But this isn't working either. If I connect the VPN, turn on the hotspot, and then run the script, I can't get the 2nd device to connect to wi-fi. If I connect the VPN, run the script, then turn on the hotspot, I'm able to connect, but the 2nd device does not get routed over the VPN (which defeats the purpose).
Is anybody doing this successfully and, if so, how are you doing it?

OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61

Thank you for this! I have been trying to find a solution for a long time. I have an s6 now, but I'll try this weekend to see if it will work for me.

woody1 said:
OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
Thanks, I still couldn't get it to work. It is most likely user error, as I'm a bit of a newbie creating (copying/pasting/saving) scripts.

dave812 said:
Thanks, I still couldn't get it to work. It is most likely user error, as I'm a bit of a newbie creating (copying/pasting/saving) scripts.
Click to expand...
Click to collapse
You might try typing the commands into a terminal window one by one instead of putting them in a script. If you can get that to work, you can experiment with getting them to work in a script.

I found that in order for the script to work you need to convert the text file to unix format without the carriage return after each line. If you are creating the script in certain text editors in Windows there will be a carriage return.
Use this dos2unix utility to remove the carriage returns in the script and then it will work.
http://sourceforge.net/projects/dos2unix

uniphase said:
I found that in order for the script to work you need to convert the text file to unix format without the carriage return after each line. If you are creating the script in certain text editors in Windows there will be a carriage return.
Use this dos2unix utility to remove the carriage returns in the script and then it will work.
http://sourceforge.net/projects/dos2unix
Click to expand...
Click to collapse
You are correct about this script and this applies to any plain text file that's created in a Windows environment, then used on a Linux/Unix based system. I use Notepad++ on Windows which has an option to display and change the end-of-line style in use for a given file.

woody1 said:
OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
in this line>>>>> ip rule add from 192.168.43.0/24 lookup 61 <<<<<the ip is universal???
---------- Post added at 09:18 PM ---------- Previous post was at 08:48 PM ----------
I tried it with psiphon 113. I use ipleak.net btw and from my phone which is the device that share the connection it works as it should. But from the tablet which I connect through the phone I have DNS leak. The phone takes ip,dns from the vpn and the tablet gets only the ip but dns from Greece. It is also weird thst it doesn't take dns from Vodafone but generally dns from Greece... any ideas??