1. 技术文章
  2. iptables forwarding through pptp

iptables forwarding through pptp

泪湿孤枕 提交于 2020-01-01 19:55:52

问题


I am creating my own AOSP that contains my own apps and services. One of those services creates ppp0 interface and tries to link specific apps to be forwarded through that interface. I have tried these commands but it was not working as expected.

iptables -t mangle -A OUTPUT -m owner --uid-owner 10088 -j MARK --set-mark 100

ip route add via 10.0.0.201 dev ppp0 table 100

ip rule add from all fwmark 100 table 100

iptables -t nat -A POSTROUTING -m owner --uid-owner 10088 -j SNAT --to-source 10.0.0.201

ip route add default dev wlan0

By the way, 10.0.0.201 is ppp0 interface Ip address.

This works fine with the user 10088, however when I use android chrome browser(which is NOT WITH UID 10088), I have a DNS problem, so any URL can not be resolved this means no internet except for my user with UID 10088.

I have analysed androids iptables after enabling vpn and I have found these lines:

-A st_mangle_OUTPUT -m mark --mark 0x3c -g st_mangle_ppp0_OUTPUT
-A st_mangle_OUTPUT -m owner --uid-owner 0-99999 -g st_mangle_ppp0_OUTPUT
-A st_mangle_ppp0_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
-A st_mangle_ppp0_OUTPUT -j MARK --set-xmark 0x3c/0xffffffff

It sounds that they mark some packets and chose a range of uids, exactly what I want to do EXCEPT I wanna have specific uids not a range of them.

ip route provides me this:

default via 192.168.0.1 dev wlan0 
default via 192.168.0.1 dev wlan0  metric 310 
10.10.0.200 dev ppp0  proto kernel  scope link  src 10.10.0.201 
67.219.95.113 via 192.168.0.1 dev wlan0 
70.83.139.168 via 192.168.0.1 dev wlan0 
72.38.129.202 via 192.168.0.1 dev wlan0 
104.167.113.112 via 192.168.0.1 dev wlan0 
130.102.128.23 via 192.168.0.1 dev wlan0 
139.112.153.37 via 192.168.0.1 dev wlan0 
159.203.8.72 via 192.168.0.1 dev wlan0 
190.181.129.115 via 192.168.0.1 dev wlan0 
192.168.0.0/24 dev wlan0  scope link 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.110  metric 310 
192.168.0.1 dev wlan0  scope link 
209.81.9.7 via 192.168.0.1 dev wlan0 
218.75.4.130 via 192.168.0.1 dev wlan0 
218.189.210.4 via 192.168.0.1 dev wlan0

I am looking for any solution that makes my job done, either solving this or another new solution.

looking forward to hear from you.

Thanks at advance.

来源:https://stackoverflow.com/questions/33262115/iptables-forwarding-through-pptp

标签
unix
android-source
iptables
forwarding
pptp
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!