search

ukanth / afwall

AFWall+ (Android Firewall +) - iptables based firewall for Android
GNU General Public License v3.0
2.8k stars 453 forks source link

Android 8.1 Port Forwarding #831

Open chutchinson opened 6 years ago

chutchinson commented 6 years ago

I have afwall configured to use the built-in iptables binary and I am trying to perform port forwarding using the custom script function. Here is the entire script:

$IPTABLES -I INPUT 1 -p udp --dport 67 -j ACCEPT
$IPTABLES -I INPUT 1 -p udp --dport 6700 -j ACCEPT
$IPTABLES -A PREROUTING -t nat -i ncm0 -p udp --dport 67 -j REDIRECT --to-port 6700

The idea is that any DHCP traffic coming from interface ncm0 should be port forwarded to 6700 so that an Android application listening on that port can intercept DHCP DISCOVERY requests (UDP broadcast). These rules appear at startup so it appears that afwall is executing the script.

I have the script installed at /data/local/afwall/afwall.sh, the group/owner is shell, with 755 permissions.

Any ideas on why the Android application can't receive traffic? The application receives the traffic if it comes in on port 6700, but the redirection from 67 to 6700 does not appear to work.

Should I look into using the "afwall-x" chain(s)? If that's part of the solution, do I need to do something about ncm0? Most AOSP devices do not have this interface by default, I am enabling it via superuser shell execution via the Android USB gadget driver:

https://osmocom.org/projects/quectel-modems/wiki/Android_USB_Gadget

ukanth commented 6 years ago

you need to mention --sport to --dport for routing.