I am creating my own AOSP that contains my own apps and services. One of those services creates ppp0 interface and tries to link specific apps to be forwarded through that interface. I have tried these commands but it was not working as expected.
iptables -t mangle -A OUTPUT -m owner --uid-owner 10088 -j MARK --set-mark 100
ip route add via 10.0.0.201 dev ppp0 table 100
ip rule add from all fwmark 100 table 100
iptables -t nat -A POSTROUTING -m owner --uid-owner 10088 -j SNAT --to-source 10.0.0.201
ip route add default dev wlan0
By the way, 10.0.0.201 is ppp0 interface Ip address.
This works fine with the user 10088, however when I use android chrome browser(which is NOT WITH UID 10088), I have a DNS problem, so any URL can not be resolved this means no internet except for my user with UID 10088.
I have analysed androids iptables after enabling vpn and I have found these lines:
-A st_mangle_OUTPUT -m mark --mark 0x3c -g st_mangle_ppp0_OUTPUT
-A st_mangle_OUTPUT -m owner --uid-owner 0-99999 -g st_mangle_ppp0_OUTPUT
-A st_mangle_ppp0_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
-A st_mangle_ppp0_OUTPUT -j MARK --set-xmark 0x3c/0xffffffff
It sounds that they mark some packets and chose a range of uids, exactly what I want to do EXCEPT I wanna have specific uids not a range of them.
ip route provides me this:
default via 192.168.0.1 dev wlan0
default via 192.168.0.1 dev wlan0 metric 310
10.10.0.200 dev ppp0 proto kernel scope link src 10.10.0.201
67.219.95.113 via 192.168.0.1 dev wlan0
70.83.139.168 via 192.168.0.1 dev wlan0
72.38.129.202 via 192.168.0.1 dev wlan0
104.167.113.112 via 192.168.0.1 dev wlan0
130.102.128.23 via 192.168.0.1 dev wlan0
139.112.153.37 via 192.168.0.1 dev wlan0
159.203.8.72 via 192.168.0.1 dev wlan0
190.181.129.115 via 192.168.0.1 dev wlan0
192.168.0.0/24 dev wlan0 scope link
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.110 metric 310
192.168.0.1 dev wlan0 scope link
209.81.9.7 via 192.168.0.1 dev wlan0
218.75.4.130 via 192.168.0.1 dev wlan0
218.189.210.4 via 192.168.0.1 dev wlan0
I am looking for any solution that makes my job done, either solving this or another new solution.
looking forward to hear from you.
Thanks at advance.
来源:https://stackoverflow.com/questions/33262115/iptables-forwarding-through-pptp