[How to] Change DNS server on Android phones - Galaxy S I9000 General

Domain Name System / Server is the one which takes care of translating the human readable domain names into machine understandable IP addresses. If you are not able to access a particular set of websites either from your laptop /phone, DNS server could be a reason for it. To fix the problem, one has to change the network configurations to use some of the popular DNS servers like Open DNS or Google’s public DNS. On Android phones, changing the DNS server is easy if you are using the static IP. You can do it from Settings > Wireless & network settings > Wi-Fi settings > Advanced (from menu) > check the ‘Use static IP’ option. After that, you will be able to change the DNS servers. However, when you are using dynamic IP (which will be the case most likely), the process is not straight forward. DNS server details will be taken from the DHCP server which assigns the IP.
Here are the steps to be followed to change the (WIFI Connection) DNS servers:
- Android system chooses the DNS servers using the script located at “/system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf”
- By default, /system partition is mounted as read-only. Need to re-mount the same in re-write mode.
- Take a backup of the script. Download the modified version of the script from here (http://varun-scratchpad.googlecode.com/svn/trunk/static/20-dns.conf). The modified script has two additional lines which will override the DNS server changes. The modified script uses the Google’s public DNS.
- Changes will be applied after restarting the connection /device.
3G Connection:
- Download the wrapper script from here (http://varun-scratchpad.googlecode.com/svn/trunk/static/change-dns.sh) This wraps all the commands needed for changing the DNS server in a shell script.
- Download and install an interpreter for executing your shell script from your phone (e.s. scripter from Rom Toolbox)
- Launch the script. Grant the Super permission when asked.
- You just have to run this script whenever you are connecting to your mobile network.
Done. You settings are proper by visiting http://welcome.opendns.com. Remember, the settings will be applicable only for the current session.
By: http://blog.varunkumar.me/2010/09/how-to-change-dns-server-on-android.html?m=1

Or use Set DNS from Market

lol.. I cover my head with ashes!!!
I didn't know about these apps... I apologize!!!

uffapple said:
lol.. I cover my head with ashes!!!
I didn't know about these apps... I apologize!!!
Click to expand...
Click to collapse
your work isn't useless.. it tell me how it work.. thanks

Help
Help, after i did this i can't connect to Wi-Fi anymore. I copied the old 20-dns file and nothing u_u. Pls help

Override DNS for KitKat
uffapple said:
Domain Name System / Server is the one which takes care of translating the human readable domain names into machine understandable IP addresses. If you are not able to access a particular set of websites either from your laptop /phone, DNS server could be a reason for it. To fix the problem, one has to change the network configurations to use some of the popular DNS servers like Open DNS or Google’s public DNS. On Android phones, changing the DNS server is easy if you are using the static IP. You can do it from Settings > Wireless & network settings > Wi-Fi settings > Advanced (from menu) > check the ‘Use static IP’ option. After that, you will be able to change the DNS servers. However, when you are using dynamic IP (which will be the case most likely), the process is not straight forward. DNS server details will be taken from the DHCP server which assigns the IP.
Here are the steps to be followed to change the (WIFI Connection) DNS servers:
- Android system chooses the DNS servers using the script located at “/system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf”
- By default, /system partition is mounted as read-only. Need to re-mount the same in re-write mode.
- Take a backup of the script. Download the modified version of the script from here (http://varun-scratchpad.googlecode.com/svn/trunk/static/20-dns.conf). The modified script has two additional lines which will override the DNS server changes. The modified script uses the Google’s public DNS.
- Changes will be applied after restarting the connection /device.
3G Connection:
- Download the wrapper script from here (http://varun-scratchpad.googlecode.com/svn/trunk/static/change-dns.sh) This wraps all the commands needed for changing the DNS server in a shell script.
- Download and install an interpreter for executing your shell script from your phone (e.s. scripter from Rom Toolbox)
- Launch the script. Grant the Super permission when asked.
- You just have to run this script whenever you are connecting to your mobile network.
Done. You settings are proper by visiting http://welcome.opendns.com. Remember, the settings will be applicable only for the current session.
By: http://blog.varunkumar.me/2010/09/how-to-change-dns-server-on-android.html?m=1
Click to expand...
Click to collapse
Thank you for sharing, but I have to say that the "setprop" method does not work on KitKat (I'm talking about mobile connections).
I wrote an app called "Override DNS for KitKat" to solve this issue. It's on the Play Store.

There's a much more reliable and easier method. Just use this as AFWall custom script or use manually in init.d (replace '$IPTABLES' with 'iptables' and just use the last 2 lines).
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 208.67.222.222:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 208.67.222.222:53

DualJoe said:
There's a much more reliable and easier method. Just use this as AFWall custom script or use manually in init.d (replace '$IPTABLES' with 'iptables' and just use the last 2 lines).
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 208.67.222.222:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 208.67.222.222:53
Click to expand...
Click to collapse
The "iptables" commands also works good on my Nexus 4 and Slimkat, thank you!

Related

Share reverse tethered via wifi?

Hey, wondering if it would be possible to share the internet connection via wifi from reverse tether?
PC > Android > Wifi Hotspot > Other Device
Basically my 3G internet plan doesn't include tethering so I'm looking for a way to get internet on other devices in the room via wifi...
Though the computer does not have a wifi card so wondering if it would be possible to use the android device as a wifi switch?
I can connect my device to the internet through the PC connection via ADB Reverse USB Tunnel.. But then can I then enable wifi tethering to use that connection to share across the wifi for other devices to connect to and then share the same PC connection?
If its not possible I'm sure I'd be able to install drivers for one of my USB wifi cards, not ideal but if its the only way then I guess I'd have to.
Cheers, Dave
I also scoured everywhere and only thing i found was an app that allowed phone to use computer internet but don't think it broadcasted like Wi-Fi to other devices. I'll look in my Google play and try to locate it.
*Shaolin Shadowboxing*
I have my phone using the PC connection okay, but was looking to then share that through the phone wifi.. but I guess that wouldn't work.
I have a USB wifi adapter that I can setup to share the connection.
DavidTiger said:
I have my phone using the PC connection okay, but was looking to then share that through the phone wifi.. but I guess that wouldn't work.
I have a USB wifi adapter that I can setup to share the connection.
Click to expand...
Click to collapse
How is the pc connected to the internet?
Still Charged Up
Yes. Search reverse tether in play store.
*Shaolin Shadowboxing*
Connected via cable, there's no other connections available hence I was using USB Tethering on my Android phone..
Since there's no wifi available I'm just looking for a way to share it to others and my iPod etc..
JediNinjafication said:
Yes. Search reverse tether in play store.
Click to expand...
Click to collapse
I have reverse tethering working fine, Looking to see if it would be possible to then share that via wifi from the device.
Though I guess that would just slow things down and strain the phone a bit. I'll just setup the USB WiFi Adapter to share the connection
FOund Anything
HEy am trying to share my reverse tethering connection with another android phone. i successfully connected the android phone pop with my pc internet connection using usb tunnel (Reverse tethering). now i need to use the hotspot function on this phone to share the reverse tethered connection with other phones. IS THAT POSSIBLE ???
Reverse USB Tethered Connection Sharing via wifi?
CypherDroid said:
HEy am trying to share my reverse tethering connection with another android phone. i successfully connected the android phone pop with my pc internet connection using usb tunnel (Reverse tethering). now i need to use the hotspot function on this phone to share the reverse tethered connection with other phones. IS THAT POSSIBLE ???
Click to expand...
Click to collapse
Hey anyone found something for this issue ???
Managed to share reverse-tethered viw wifi-HotSpot!
I have managed to do it (provide access to PC's internet through android's wifi-hotspot) with linux-PC & Cyanogen-11 (hence "rooted") on a GS4 (i9505) with the following script. I had to manually set DNS at the bottom.
Code:
## 0.a. Connect android-phone to PC through USB.
## 0.b Enable Settings|...|Tethering
## (so that the device gets detected by the PC's kernel, you should see the following with 'dmsg':
## [ 3.976599] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-0000:00:0b.0-1, RNDIS device, 4e:d5:8c:7b:4f:5a
## Enable Settings|...|Wifi-Hotspot
## Setup usb reverse-tethering.
# from: [url]http://forum.xda-developers.com/showthread.php?t=2287494[/url]
#
# Yours device might be 'rndis0' or something else. Check by just typing 'netcfg'.
#
netcfg usb0 dhcp
busybox route add default gw 10.42.0.1 dev usb0
## Disable mobile-data.
#
busybox ifconfig rmnet_usb0 0.0.0.0
## Masquerade through USB.
#
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -P FORWARD ACCEPT
## Set DNS (if neccessary).
#
setprop net.dns1 XX.YY.ZZ.WW
ankostis said:
I have managed to do it (provide access to PC's internet through android's wifi-hotspot) with linux-PC & Cyanogen-11 (hence "rooted") on a GS4 (i9505) with the following script. I had to manually set DNS at the bottom.
Code:
## 0.a. Connect android-phone to PC through USB.
## 0.b Enable Settings|...|Tethering
## (so that the device gets detected by the PC's kernel, you should see the following with 'dmsg':
## [ 3.976599] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-0000:00:0b.0-1, RNDIS device, 4e:d5:8c:7b:4f:5a
## Enable Settings|...|Wifi-Hotspot
## Setup usb reverse-tethering.
# from: [url]http://forum.xda-developers.com/showthread.php?t=2287494[/url]
#
# Yours device might be 'rndis0' or something else. Check by just typing 'netcfg'.
#
netcfg usb0 dhcp
busybox route add default gw 10.42.0.1 dev usb0
## Disable mobile-data.
#
busybox ifconfig rmnet_usb0 0.0.0.0
## Masquerade through USB.
#
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -P FORWARD ACCEPT
## Set DNS (if neccessary).
#
setprop net.dns1 XX.YY.ZZ.WW
Click to expand...
Click to collapse
I have been looking for something like for .. forever, I am truely amazed to have finally find something that hints that it was done
did you really get it to work properly?
I have rooted 2.3 and xp,
if I have busy box installed and I run these via ssh server on my droid, should it work for my setup as well with no changes?
I am really surprised nobody ever made an app that does that automatically, this stuff is so basic and actually super useful and needed!
A random question but have you tried the "Fox-fi" app? i haven't tried to do this myself, but it's a little more flexible than the build in options, it may give you what you are looking for. I've used fox-fi in the past for abnormal tethering, short of going out and buying a cheap USB WiFi adapter of course..
tytiger said:
A random question but have you tried the "Fox-fi" app? i haven't tried to do this myself, but it's a little more flexible than the build in options, it may give you what you are looking for. I've used fox-fi in the past for abnormal tethering, short of going out and buying a cheap USB WiFi adapter of course..
Click to expand...
Click to collapse
in case you asked that me,
my rom has a built in hotspot feature, so I don't need an app for that
I am AMAZED that there are countries in which you are charged extra if you waste your already-paid 3g traffic via another medium that is not particularly your android.
really, next thing you you, you will be charged for having a private phonebook that helps you remember numbers instead of clicking on digits every time you want to call someone, because the cell-supplier wants you to pay extra to use it's phonebook app...
as far as I know from testing FoxFi, its not capable of turning the android into a router, thus bridging the two networks together
and by two networks, I mean the network created by connecting the android via usb to the pc,
and connecting the android via hotspot wifi to another pc/laptop/w'e
ankostis said:
I have managed to do it (provide access to PC's internet through android's wifi-hotspot) with linux-PC & Cyanogen-11 (hence "rooted") on a GS4 (i9505) with the following script. I had to manually set DNS at the bottom.
Code:
## 0.a. Connect android-phone to PC through USB.
## 0.b Enable Settings|...|Tethering
## (so that the device gets detected by the PC's kernel, you should see the following with 'dmsg':
## [ 3.976599] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-0000:00:0b.0-1, RNDIS device, 4e:d5:8c:7b:4f:5a
## Enable Settings|...|Wifi-Hotspot
## Setup usb reverse-tethering.
# from: [url]http://forum.xda-developers.com/showthread.php?t=2287494[/url]
#
# Yours device might be 'rndis0' or something else. Check by just typing 'netcfg'.
#
netcfg usb0 dhcp
busybox route add default gw 10.42.0.1 dev usb0
## Disable mobile-data.
#
busybox ifconfig rmnet_usb0 0.0.0.0
## Masquerade through USB.
#
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -P FORWARD ACCEPT
## Set DNS (if neccessary).
#
setprop net.dns1 XX.YY.ZZ.WW
Click to expand...
Click to collapse
did you really got the solution??
i tried it but it didnt work!!
plz post d whole procedure!!
plz plz plz....!!!!
thanks in advance
Siddhesh09 said:
did you really got the solution??
i tried it but it didnt work!!
plz post d whole procedure!!
plz plz plz....!!!!
thanks in advance
Click to expand...
Click to collapse
There's already a thread that goes into detail on this... See http://forum.xda-developers.com/showthread.php?t=2287494
Sent from my HTCONE using xda app-developers app
Doesn't work here with Galaxy S2 and samsung stock rooted rom. Will try later with Cyanogenmod.
ankostis said:
I have managed to do it (provide access to PC's internet through android's wifi-hotspot) with linux-PC & Cyanogen-11 (hence "rooted") on a GS4 (i9505) with the following script. I had to manually set DNS at the bottom.
Click to expand...
Click to collapse
Which device was it?
Didn't get it working here on cyanogemod 11 anyway, got reverse tethering as much. The op doesn't explain which commands are for the linux and which ones for the phone, and he's the only one that claims it works. A further explanation is necessary. Attachment is for clarification.
The ppp adapter in my case was rmnet0.
So, I modified it as:
## Disable mobile-data.
#
busybox ifconfig rmnet0 0.0.0.0
After following all the steps, I get internet connection on mozilla firefox on Android for a few seconds but then immediately firefox goes to offline mode. I am able to ping servers like facebook from terminal emulator and I am even able to get internet on default browser.
But I can neither get internet on Google Play apps nor get internet on my laptop to which I tethered my Android device using portable wifi hotspot.
What could be the possible issue here ?
---------- Post added at 06:14 PM ---------- Previous post was at 05:32 PM ----------
can you please explain the purpose of using -o flag in setting the NAT rule for masquerade ?
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
I am assuming that usb0 here is the adapter through which the Android device recieves data from the system (Ubuntu Desktop in my case).
So how does usb0 become the output interface ?
Our intention is to share the reverse tethered network via portable wifi hotspot. So we need to masquerade all traffic recieved by the device to the wifi adapter say wlan0.
So shouldn't it be :
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Or is there any need to specify an output adapter, because
Initially we did set up reverse tethering from the Linux Desktop (the Linux Desktop without GUI case) and there,
we masqueraded packets recieved from ethernet adapter (ethernet connection from wired router) to the usb adapter (usb used for reverse tethering).
For that we did not specify any output adapter anywhere.
So would this be fine :
iptables -t nat -A POSTROUTING -j MASQUERADE
Having said these, I was not able to successfully reverse tether as I was getting reverse tethered data only on terminal emulator and default browser and not on Google Play apps. I have added details in another comment for that.
got it working for me!
reversed tethering worked for me by following the instructions and calling "netcfg usb0 dhcp".
However the WiFi tethering didnt work at first: Other Devices could connect to my phone but no data was forwarded...
The problem was that iptables was not setup properly...
Now I just connect my phone to the pc, enable usb tethering and wifi tethering and run the following:
Code:
adb devices
pause
adb shell netcfg usb0 dhcp
adb shell busybox ifconfig rmnet0 0.0.0.0
adb shell echo 1 > /proc/sys/net/ipv4/ip_forward
adb shell iptables --flush
adb shell iptables --delete-chain
adb shell iptables --table nat --delete-chain
adb shell iptables --table nat -F
adb shell iptables --table nat -X
adb shell iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
adb shell iptables -P FORWARD ACCEPT
adb shell iptables -A FORWARD -i usb0 -o wlan0 -j ACCEPT -m state --state RELATED,ESTABLISHED
adb shell setprop net.dns1 8.8.8.8
Hope this helps
where did you posted the above codes ??
puit said:
got it working for me!
reversed tethering worked for me by following the instructions and calling "netcfg usb0 dhcp".
However the WiFi tethering didnt work at first: Other Devices could connect to my phone but no data was forwarded...
The problem was that iptables was not setup properly...
Now I just connect my phone to the pc, enable usb tethering and wifi tethering and run the following:
Code:
adb devices
pause
adb shell netcfg usb0 dhcp
adb shell busybox ifconfig rmnet0 0.0.0.0
adb shell echo 1 > /proc/sys/net/ipv4/ip_forward
adb shell iptables --flush
adb shell iptables --delete-chain
adb shell iptables --table nat --delete-chain
adb shell iptables --table nat -F
adb shell iptables --table nat -X
adb shell iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
adb shell iptables -P FORWARD ACCEPT
adb shell iptables -A FORWARD -i usb0 -o wlan0 -j ACCEPT -m state --state RELATED,ESTABLISHED
adb shell setprop net.dns1 8.8.8.8
Hope this helps
Click to expand...
Click to collapse
where to paste the above codes ?

Wifi Tether + OpenVPN on T-mo

Apologies if this question/topic has been addressed, but search is down at the moment. Has anyone had any luck with wifi tethering and OpenVPN? OpenVPN works fine on the phone, but tethered clients are unable to browse the internet. Some google searching brought up some tips involving iptables commands but they did not help.
zullinux said:
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
Click to expand...
Click to collapse
deed02392 said:
Download a terminal client, e.g. ConnectBot and connect to your local shell.
Enter `su` to become root. (Double check with whoami afterwards).
Enable wifi tethering and ensure your data connection is working (connect to VPN)
Run `netcfg` and note your interface names (typically tun0 and wlan0 (ignore m.wlan0 or similar, only take the one with a real mac address), as is on my SGSII)
Double check the subnet for your wlan0 device and enter the following commands:
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
(setup a postrouting entry for the tethered devices subnet, implementing NAT)
iptables -A FORWARD -j ACCEPT -i wlan0 -o tun0
forward packets from tethered devices across the tunnel
iptables -A FORWARD -j ACCEPT -i tun0 -o wlan0
forward packets from the tunnel to the tethered devices
Note, because you are using NAT, you will need to configure port forwards on your Android device to be able to run servers etc on tethered devices. Unlikely you'll need to worry about that though. Feedback if it worked or not. Posting this now from my home IP thanks to OpenVPN for Android and these iptable rules!
Click to expand...
Click to collapse
possible soloution
So after trying most combinations of these commands, it worked for me with the following:
My setup:
Nexus 7 (2013)
CleanROM 1.5 (ICS 4.3)
OpenVPN Connect for Android
WiFi-Connection to the source Internet (data-packets will come from there)
USB-Tethering (USB-Cable connected to my Win7 x86 PC)
Prerequisites:
- a root-ed phone
- a terminal
Click to expand...
Click to collapse
Step 1.
Connect you phone/tablet to the source of your internet connection (in my example its WiFi, it may be MobileData for you)
Step 2.
Connect your USB-Cable to the PC <-> phone/tablet
Step 3.
Activate USB-Tethering over the settings menu
(Settings -> "Wireless & Networks" -> More... -> "Tethering and portable hotspot" -> check "USB Tethering" )
Now wait until you can use this connection on your PC.
Step 4.
Start OpenVPN and connect to your VPN-Service
(At this point using the internet with your PC becomes impossible, at least for me)
Step 5.
You need to issue the following commands in a rooted terminal on you phone/tablet.
Code:
iptables --flush
iptables -A POSTROUTING -o tun0 -j MASQUERADE -t nat
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan0 -o tun0 -j RETURN
The most important command for me was
Code:
iptables --flush
. Maybe because I played to much with iptables beforehand but this command did the trick for me.
(You should now be able to browse webpages with its IP-Addr. Ping www.google.com in Step 3 to get the IP)
Step 6.
This is the last step is to configure you PC to use a DNS server. I don't know why but after entering the commands on Step 5 DNS-Queries are no longer routed through your phone/tablet.
Google’s Public DNS
8.8.8.8
8.8.4.4
Click to expand...
Click to collapse
Right-click the connection on your PC and choose Properties / Settings. After that right-click the "IPv4 Protocol" and select Properties / Settings again. Enter at least a primary DNS and click OK after a few seconds everything should work properly.
Protocol:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
DNS:
Taylantz said:
So after trying most combinations of these commands, it worked for me with the following:
Step 1.
Connect you phone/tablet to the source of your internet connection (in my example its WiFi, it may be MobileData for you)
Step 2.
Connect your USB-Cable to the PC <-> phone/tablet
Step 3.
Activate USB-Tethering over the settings menu
(Settings -> "Wireless & Networks" -> More... -> "Tethering and portable hotspot" -> check "USB Tethering" )
Now wait until you can use this connection on your PC.
Step 4.
Start OpenVPN and connect to your VPN-Service
(At this point using the internet with your PC becomes impossible, at least for me)
Step 5.
You need to issue the following commands in a rooted terminal on you phone/tablet.
Code:
iptables --flush
iptables -A POSTROUTING -o tun0 -j MASQUERADE -t nat
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan0 -o tun0 -j RETURN
The most important command for me was
Code:
iptables --flush
. Maybe because I played to much with iptables beforehand but this command did the trick for me.
(You should now be able to browse webpages with its IP-Addr. Ping www.google.com in Step 3 to get the IP)
Step 6.
This is the last step is to configure you PC to use a DNS server. I don't know why but after entering the commands on Step 5 DNS-Queries are no longer routed through your phone/tablet.
Right-click the connection on your PC and choose Properties / Settings. After that right-click the "IPv4 Protocol" and select Properties / Settings again. Enter at least a primary DNS and click OK after a few seconds everything should work properly.
Protocol:
http://i.imgur.com/g2sTL9F.jpg
DNS:
http://i.imgur.com/luEPpK1.png
Click to expand...
Click to collapse
You absolute legend!! Worked perfectly for me! I used this on my Galaxy Note 2 with Wifi Hotspot to bypass the Three UK tether block.
Thanks so much!
costcutter said:
You absolute legend!! Worked perfectly for me! I used this on my Galaxy Note 3 with Wifi Hotspot to bypass the Three UK tether block.
Thanks so much!
Click to expand...
Click to collapse
Glad I could help.
If someone has a solution for routing DNS queries with iptables it would be possible to skip the operating system part.
Would make the process faster and easier.

[SOLVED]How to OUTPUT only cellular data with iptables not working.

Goal: Only allow outgoing cellular data to specific DNS servers and a specific webserver using cellular mode on rooted android device.
Android phone #1: VkWorld F1 (Chipset. MT6580) running Android 5.1
Android phone #2: HUAWEI Y560-L01 running Android 5.1
Active interfaces on Android #1 when cellular mode is on.
Code:
lo UP 127.0.0.1/8
ccmni0 UP x.x.x.x/x
Active interfaces on Android #2 when cellular mode is on.
Code:
lo UP 127.0.0.1/8
rmnet_data0 UP x.x.x.x/x
This is my current simple iptables for testing on Android #1 and #2
Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 8.8.8.8 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT //DNS
-A OUTPUT -d x.x.x.x -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT //webserver
-A OUTPUT -j DROP
These iptables rules works on Android device #2 or any Android phone that has 'rmnet' interface (from my own testing).
These iptables rules DO NOT work on Android device #1 or any Android phone that has 'ccmni' interface (from my own testing)
And if I add or change in my android #1 to
Code:
-A OUTPUT -o ccmni0 -d x.x.x.x -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
it can NOT still contact the destination ip.
However if I add this line before the last -j DROP rule it works
Code:
iptables -A OUTPUT -o ccmni0 -j ACCEPT
but this allows ccmni interface to talk freely to any website and makes my dns and webserver rule pointless.
Once again:
Devices rmnet interfaces = rules works.
Devices with ccmni interfaces = rules do not work.
[EDIT/SOLVED]
I used tcpdump and wireshark to see what might have gone wrong traffic, apparently my traffic had to go through a proxy from my provider that I blocked off in iptables. Why it still works fine with rmnet interfaces I have no clue.
volleb said:
I used tcpdump and wireshark to see what might have gone wrong traffic, apparently my traffic had to go through a proxy from my provider that I blocked off in iptables. Why it still works fine with rmnet interfaces I have no clue.
Click to expand...
Click to collapse
This is because in short it uses a different way to connect and this is only on MSM chipsets see this link while rmnet is and standard android fare

Dnscrypt-proxy/iptables help please

Hello I'm trying to redirect my web traffic mobile data with afwall using iptabes startup script like so
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
And this dose not work? I'm rooted and dnscrypt- proxy using magisk module, please help
And yes dnscrypt-proxy is running before I try this??
I also have the DNS privacy in Android 9 turned off and in afwall prefences I have DNS lookups via netd turned off ???
Look at the download section from magiskmanager
There is a full documentation
Second screen shot
OK I see the commands to place in afwall but there's no way to copy and past them, I have to type that all out manually??
OK so I added the script to afwall and
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
Now I get unable to resolve in any app untill I remove the script
I'm using the note 7 with syberiaOS ROM could this be my issue, or is there a terminal command to see ruining DNS ports??
And yes I do have live severs in dnscrypt still
notreal456789 said:
OK so I added the script to afwall and
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
Now I get unable to resolve in any app untill I remove the script
I'm using the note 7 with syberiaOS ROM could this be my issue, or is there a terminal command to see ruining DNS ports??
And yes I do have live severs in dnscrypt still
Click to expand...
Click to collapse
Is a German page, but maybe with Google it will be helpful.
https://www.kuketz-blog.de/afwall-wie-ich-persoenlich-die-android-firewall-nutze/
Sorry I don't use afwall
Found this
# Set a specific DNS-Server (dismail.de AdBlocking DNS-Server) for all networks except home WiFi (192.168.150.0/24)
$IPTABLES -t nat -I OUTPUT ! -s 192.168.150.0/24 -p tcp --dport 53 -j DNAT --to-destination 80.241.218.68:53
$IPTABLES -t nat -I OUTPUT ! -s 192.168.150.0/24 -p udp --dport 53 -j DNAT --to-destination 80.241.218.68:53
But i need this to work for wifi as well?? Any help would be nice
What are other methods that people use to run dnscrypt-proxy? I have the server ruining just can't connect
Ok so here's the scoop using dnscrypt-proxy Android 9
Gone
still honestly wish I could just use Afwall or a edit like resolve.config, guess I'll have to wait for updates

How to forward traffic from eth0 to ppp0 (AOSP embedded project)

I am using Android 10 on a custom device (Variscite imx8). The Android image has been generated by AOSP.
I need to forward the traffico from the eth0 to the ppp0 (Quectel LTE module) interface.
I've managed to enable the ppp0 interface by using the pppd script (i.e.: pppd call my-connection-info) and I can see that I receive the two DNS server addresses and my public IPv4 successfully.
Now the first weird thing: If I ping to 8.8.8.8 I receive "connect: Network is unreachable" meanwhile if I specify the ppp0 interface with ping -I ppp0 8.8.8.8 I can successfully ping the target. I've added the following routing table with priority 25000 so that I'm able to ping 8.8.8.8 without specifying the interface:
Code:
ip rule add prio 250000 from all lookup 25000
ip rule add table 25000 default via <my-public-ip> dev ppp0
Now I want to forward the eth0 traffic to the ppp0, to do so I've tried the following commands:
Code:
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
But the PC on the other end of the eth0 interfce still prompts "From 192.168.10.1 icmp_seq=xxx Destination Net Unreachable" where 192.168.10.1 address is the Android device (which acts like a gateway).
This is the content of netstat -rn command:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
This is the output of netstat -rn:
Code:
default via 10.64.64.64 dev ppp0
10.64.64.64 dev ppp0 proto kernel scope link src <my-public-ip>
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.1
This is the output of iptables -L (which I've flushed with iptables -F, iptables -X and iptables -t nat -F):
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Which is the issue here? Thank you.

Categories

Resources