Hello!
First of all: Thank you daveba for your great work! ( http://forum.xda-developers.com/showthread.php?t=766569 ).
I've got a Desire Z and installed Cyanogenmod 6.1.1.
With the usual settings of redsocks the packets were send again and again to it. So I had to insert the iptables rule
iptables -t nat -I OUTPUT 1 -d <my proxy ip> -p tcp --dport 80 -j ACCEPT
to send the packets to my proxy directly to it.
(My proxy listens to port 80/tcp only no matter which protocol (http,https) )
After that all ( browser, Google Market, youtube... ) apps but Google Maps worked.
With the compiled transproxy from http://transproxy.sourceforge.net all but the downloads in Google Market worked. (I considered the ports 80, 443 and 5228. )
Has someone the same problems with these tools and knows how to fix it?
Thx!
I am wondering if the version of putty published by Netham45:
http://forum.xda-developers.com/showthread.php?t=2092348&highlight=putty
Has the port forwarding capability enabled
I tried doing the following:
Jailbreaked my tablet
Ran Putty
configured port forwarding: added port 3128 to forward to webproxy.myemployer.org (it's just an example), following the instructions here
Used putty confugured as indicated to connect to the remote server
Configured proxy options in Internet Explorer to localhost and port 3128
Followed the instructions here (do not use the square brackets in the key names, or the batch will fail) to create a batch file that copies the proxy settings from internet explorer and activates it system-wide
Ran the batch as admin
Verified through regedit that the settings have been copied and ProxyEnable was = 1
Tried to connect to my intranet using the desktop and metro versions of Internet Explorer 10
However, the connection was unsuccessful
I use ConnectBot in Android to do the port forwarding and it works without any issue
So, I was thinking that:
Maybe Putty RT was compiled without port forwarding support (which would make it almost useless given that the SSH in the store can do most of what Putty can)
I have made a mistake along the way
Since I am a new user I cannot ask in the Putty thread. Of course, this is not a general putty question. It is very specific to Windows RT and the only place to ask is at xda-developers.com
Thanks
someniceguy said:
I am wondering if the version of putty published by Netham45:
http://forum.xda-developers.com/showthread.php?t=2092348&highlight=putty
Has the port forwarding capability enabled
Click to expand...
Click to collapse
The port forwarding seems to work for me. I tested it by setting up a tunnel to another SSH server, and then opening another instance of PuTTY connecting to the first tunnel, which came out on the host I expected it to. I did explicitly configure it by IP address since I've never bothered testing whether the hostname for the endpoint of a local tunnel is resolved by the local system or the remote system (which might have different results based on the nameservers on either end).
Putty Tunneling Works, Windows Proxy settings don't
I tested that the tunneling is working :
First, I configured Putty with port forwarding as described above (port 3128)
Then I opened an SSH connection with Putty to the remote service
Configured the Desktop version of IE 10 to use as proxy localhost, and as port 3128
Accessed the Intranet with Desktop IE 10
The issue is really that I do not know how to force the Metro Apps to use the proxy. I tried following the suggestions
at the URL below, but it didn't work.
ht tp://fo rums.wpcentral.com/surface-windows-rt/203989-proxy-use-surface-rt.html
To test, open cmd.exe as Administrator, then type the following:
Code:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d "1" /f
Then
Code:
netsh winhttp import proxy source=ie
Then tried to access the Intranet with the Metro IE 10, but I could not.
I even tried configuring the proxy directly, without IE:
Code:
netsh winhttp set proxy localhost:3128
But it does not work either (not even for IE 10 Desktop, with proxy turned off in Internet Options)
I also followed Method 2 in the page below, and use as Domain Proxy: localhost:3128. Still cannot access the Intranet in IE10 (both Metro and Desktop)
ht tp://ww w.c-sharpcorner.com/UploadFile/7e39ca/how-to-configure-proxy-for-metro-apps-in-windows-8
Any clue on how to force Metro Apps to use putty as proxy?
It might be a problem with the Metro environment not allowing connections back to localhost for whatever reason... that's the only thing I can think of.
I just tried again, with putty configured to run a SOCKS proxy on localhost:1234.
Added the proxy to the IE settings
netsh winhttp...: got the message that a global SOCKS proxy had been configured:
Current WinHTTP proxy settings:
Proxy Server(s) : socks=localhost:1234
Bypass List : none
Loaded stuff in desktop IE10 - worked without issues.
Went to Metro - opened a few things. Mail didn't seem out of the ordinary, but then again, I don't get mail all that frequently. Weather looked about right. IE in Metro refused to open Google or Facebook.
Closed IE completely. Tried again: no dice. Neither site opened, even though I just had Google open in Desktop IE10.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer is DWORD:1, as set by the IE "Internet Settings" panel...
It looks like it's ignoring connections to the local PuTTY instance - setting the proxy settings, going to Metro IE, and reloading is getting me SYN_SENT as the state in "netstat /n"... looks like the Windows Firewall configuration.
Sounds like the next place to look is the Windows Firewall configuration, which on RT looks to only be available through WF.msc.
Chris
someniceguy said:
I tested that the tunneling is working :
First, I configured Putty with port forwarding as described above (port 3128)
Then I opened an SSH connection with Putty to the remote service
Configured the Desktop version of IE 10 to use as proxy localhost, and as port 3128
Accessed the Intranet with Desktop IE 10
The issue is really that I do not know how to force the Metro Apps to use the proxy. I tried following the suggestions
at the URL below, but it didn't work.
ht tp://fo rums.wpcentral.com/surface-windows-rt/203989-proxy-use-surface-rt.html
To test, open cmd.exe as Administrator, then type the following:
Code:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d "1" /f
Then
Code:
netsh winhttp import proxy source=ie
Then tried to access the Intranet with the Metro IE 10, but I could not.
I even tried configuring the proxy directly, without IE:
Code:
netsh winhttp set proxy localhost:3128
But it does not work either (not even for IE 10 Desktop, with proxy turned off in Internet Options)
I also followed Method 2 in the page below, and use as Domain Proxy: localhost:3128. Still cannot access the Intranet in IE10 (both Metro and Desktop)
ht tp://ww w.c-sharpcorner.com/UploadFile/7e39ca/how-to-configure-proxy-for-metro-apps-in-windows-8
Any clue on how to force Metro Apps to use putty as proxy?
Click to expand...
Click to collapse
I was able to make Metro Internet Explorer (IE) 10 to work as follows:
Jailbroke my tablet
Ran Putty
Configured port forwarding: added port 3128 to forward to webproxy.myemployer.org (it's just an example), following the instructions here
Used putty configured as indicated in the previous step to connect to the remote server
Configured proxy options in Desktop IE 10:
Address: localhost
Port: 3128
Checked "Use a proxy server for your LAN ..."
Added Metro IE10 an an app exempted of IP loopback restrictions and allowed access to loopback addresses (so that it can connect to localhost):
Code:
CheckNetIsolation.exe loopbackexempt -a -p=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394
Before exempting Metro IE 10, I also changed the Network Isolation options as follows:
Run “gpedit.msc”
Under Computer Configuration browse the Administrative Templates -> Network -> Network Isolation.
Enable the Proxy definitions are authoritative and Internet proxy servers for apps. I put as proxyort "localhost:3128" (without the quotes)
However, I doubt that made any difference. Unless IE10 Desktop is configured to use the proxy (putty in this case) and Metro IE10 is exempted from loopback restrictions, the latter will not connect to our intranet.
I have this script running on boot and cycling on a timer to make my wifi hotspot send data through a PIA VPN. PIA will assign a single port allowed to be used for forwarding and I now want to forward that assigned port to a PC connected to the wifi hotspot. The PC's local IP address is 192.168.1.252 (hotspot assigned but I can set it static) and the port number is 40212. Is there a way to add that routing to this script?
while sleep 30; do
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8
ip rule add from 192.168.1.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.1.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Hi
Please sign up on forums and post in general Q/A
http://forum.xda-developers.com/general/help
Though personally I think you can find better information on Linux Admin sites.
Probably try using man pages for iptables ?
Good day !
When clients connect to Android Tethering they get IPs of the private Tethering network. There is plenty of info available on how to NAT/Masquerade the WiFi tethering clients (for example into a VPN), but I haven't managed to find how should I change or re-write IPTABLES and ROUTES in order to avoid natting/masquerading and just make ordinary routing from the tethered devices IP to the other networks (or a VPN).
Example: Local Tether client 1 gets : 192.168.43.1/24 Local Tether client 2 gets : 192.168.43.2/24 ... and at the VPN interface we have the 10.1.0.0/24 Network. Disabling NAT and adding the routes in an ordinary router is easy, but I need help to do it on my Android device. Thank you. Peter
HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
ndrancs said:
HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
Thank you very much NDrancs. Are you sure its just routing the packets with their original IP ? Its just because on the fourth line I see a Masquerade. I will check. Thank you so much for your time.
Peter
Hi everyone I've been looking for a week and haven't found anything.
Is it possible, on a rooted Android 10, to perform port forwarding so that the incoming port 443 on my public ip is mapped to port 8080 on my Android.
Let me explain: I have a domain name pointing to my Android which hosts an https (ssl) server (listening on port 8080 ). So to display my site I need to type monsite.com:8080. What I'd like is to be able to use monsite.com (without a specific port) and for everything that comes in via port 443 (https) to be routed to port 8080 on my rooted Android.
Can IPTABLE do this?
In the absence of a turnkey answer, do you have an avenue of research? I did find some articles talking about apps like "port forwarder" but they no longer exist. I've also tried apache listening directly to 443 via termux but I get a socket not available error and it refuses to start.
I'm running out of ideas
Good day
l2ol3
l2ol3
One week + few hours to find a solution.
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
seems to work.
sorry for the inconvénient.