Hi everyone I've been looking for a week and haven't found anything.
Is it possible, on a rooted Android 10, to perform port forwarding so that the incoming port 443 on my public ip is mapped to port 8080 on my Android.
Let me explain: I have a domain name pointing to my Android which hosts an https (ssl) server (listening on port 8080 ). So to display my site I need to type monsite.com:8080. What I'd like is to be able to use monsite.com (without a specific port) and for everything that comes in via port 443 (https) to be routed to port 8080 on my rooted Android.
Can IPTABLE do this?
In the absence of a turnkey answer, do you have an avenue of research? I did find some articles talking about apps like "port forwarder" but they no longer exist. I've also tried apache listening directly to 443 via termux but I get a socket not available error and it refuses to start.
I'm running out of ideas
Good day
l2ol3
l2ol3
One week + few hours to find a solution.
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
seems to work.
sorry for the inconvénient.
Related
Hello!
First of all: Thank you daveba for your great work! ( http://forum.xda-developers.com/showthread.php?t=766569 ).
I've got a Desire Z and installed Cyanogenmod 6.1.1.
With the usual settings of redsocks the packets were send again and again to it. So I had to insert the iptables rule
iptables -t nat -I OUTPUT 1 -d <my proxy ip> -p tcp --dport 80 -j ACCEPT
to send the packets to my proxy directly to it.
(My proxy listens to port 80/tcp only no matter which protocol (http,https) )
After that all ( browser, Google Market, youtube... ) apps but Google Maps worked.
With the compiled transproxy from http://transproxy.sourceforge.net all but the downloads in Google Market worked. (I considered the ports 80, 443 and 5228. )
Has someone the same problems with these tools and knows how to fix it?
Thx!
hi
I have a Nexus S. Great phone. Would be better if I could get around the Chinese Firewall. Just moved to China from US.
I have rooted the phone, I have connectbot and asproxy. I have a server in the US. I can open an ssh connection via connectbot and can forward ports, but I'm not sure what I should forward to - the IP address of my server and port I'm opening on the server? - localhost?.
I tried a few things:
Tried connectbot ssh tunneling to my server, and forward port 80 to localhost:8080, then type "localhost:8080" in my browser. No luck.
Tried with connectbot ssh tunneling to my server, to forward port 80 to server IP address port 22 (this is what I open the connection on via connectbot also). No luck.
Tried with connectbot ssh tunneling to my server, to forward port 80 to localhost:9999, then with ASproxy set up a proxy - which is also to my server.com using my login name, and proxy port 22 (which is what connectbot is connected to) - then tried to have ASproxy forward port 9999 to proxy (port 22). No luck.
I figure it has to be possible.
What I want: to forward all app info (gmail, gtalk, browser, gvoice, SIP, facebook) through the SSH tunnel.
Any thoughts very much appreciated. I feel like I have a faucet,and two hoses, and can't get the water to go through them.
Some interest in my post I guess but no replies.
If I hired a freelancer to program this would it be very complex?
How long would out take a competent developer to build?
Wt
Hello all,
I lost a day of my life, used FF with over 80 open tabs, aroung 2,5gb ram...to find a solution to creat a ssh tunnel....nothing worked
In windows on my work laptop i had only to run(i also configured my .ssh/config file with my work proxy ip):
ssh - D 1080 -p 1822 [email protected]
Then point my firefox network connection to my localhost socks 5 proxy on port 1080
And i would surf the net protected or not bloked by company firewall.
I saw on the market sshtunnel i tried it...it connects but when i check the outgoing ip its still the carriers ip and not my ssh server.
I as it doesnt gives any errors i dont know where it fails... the iptable rules for global connections?
Can someone help me out please?
(Dropbear doesnt has -D and i couldnt find how to do dynamic port fw with this ssh client)
Im on Android 4.2.2
Sent from my SGS2 on SB4.2.2
when i do:
iptables -vL -t nat
i see some errors, or warning:
getprotobynumber(int)(3) is not implemented on Android
i tried setting the iptable rules manually, but with no luck
maybe someone can tell me what should the rules be like:
i tried:
iptables -t nat -A OUTPUT -d 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,127.0.0.1 -j ACCEPT
iptables -t nat -A OUTPUT -p 6 --dport 80 -j DNAT --to 127.0.0.1:1080
i tried: connectbot+proxydroid
connected on ssh to: [email protected]
added Dynamic port filtering to: 8123
configured proxydroid as socks, localhost on port 8123
no connection could be made from any browser (default one, or opera)
so, ill try to installing firefox mobile with proxy mobile addon, to see that the socks proxy created by the ssh tunnel is working, and then it means that the iptables rules from proxydroid aren't ok ... or something
im thinking that on PC at work as i use a proxy to get out on internet, i had to configure SSH to use that proxy to be able create the tunnel
after that i configured firefox to use that tunnel/socks proxy
on my mobile phone i have the same thing with my mobile 3G carrier, as it uses a proxy in the APN settings... dont i have to configure somehow the ssh also? or set some iptable rule to exclude the ssh connection from redirecting to localhost:8123 ?
PS: my iptables version is 1.4.11.1
i tried configuring proxydroid to my 3G IP and the 8123 port, still no luck
May want to change localhost port
System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private
Ports (49152-65535)
I would change from a User Port (8123) to a Dynamic port like 56001. That may fix your problem.
I have this script running on boot and cycling on a timer to make my wifi hotspot send data through a PIA VPN. PIA will assign a single port allowed to be used for forwarding and I now want to forward that assigned port to a PC connected to the wifi hotspot. The PC's local IP address is 192.168.1.252 (hotspot assigned but I can set it static) and the port number is 40212. Is there a way to add that routing to this script?
while sleep 30; do
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8
ip rule add from 192.168.1.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.1.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Hi
Please sign up on forums and post in general Q/A
http://forum.xda-developers.com/general/help
Though personally I think you can find better information on Linux Admin sites.
Probably try using man pages for iptables ?
Good day !
When clients connect to Android Tethering they get IPs of the private Tethering network. There is plenty of info available on how to NAT/Masquerade the WiFi tethering clients (for example into a VPN), but I haven't managed to find how should I change or re-write IPTABLES and ROUTES in order to avoid natting/masquerading and just make ordinary routing from the tethered devices IP to the other networks (or a VPN).
Example: Local Tether client 1 gets : 192.168.43.1/24 Local Tether client 2 gets : 192.168.43.2/24 ... and at the VPN interface we have the 10.1.0.0/24 Network. Disabling NAT and adding the routes in an ordinary router is easy, but I need help to do it on my Android device. Thank you. Peter
HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
ndrancs said:
HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
Thank you very much NDrancs. Are you sure its just routing the packets with their original IP ? Its just because on the fourth line I see a Masquerade. I will check. Thank you so much for your time.
Peter