Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USB/Bluetooth Tethering fails on CM11 mako #257

Closed
nomorebugs opened this issue Feb 17, 2014 · 5 comments
Closed

USB/Bluetooth Tethering fails on CM11 mako #257

nomorebugs opened this issue Feb 17, 2014 · 5 comments
Labels
Bug DNS

Comments

@nomorebugs
Copy link

nomorebugs commented Feb 17, 2014
edited by ukanth
Loading

With AFWall (latest 1.2.9) turned on, the DHCP Service of the Android Device is blocked. Tethering is possible with static address. Incoming DHCP requests reach dnsmasq on Android, but the answer is blocked (Information collected with logcat and dhcpdump). Tethering, kernel, root apps and adb is turned on.

Interface tethering (Android): usb0
Interface inet (Android): wlan0

In AFWall Log it says during trying dhcp, that it blocked Packages to AppID:0 (Root), but this category is allowed for both wifi and 3g (Does it maybe need to be allowed for usb0 , which is not in the gui?).

Output of "iptables -L" for no firewall (working (iptnfw)) and with afwall turned on (not working (iptfw)) is presented.

iptnfw:

root@mako:/ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
bw_INPUT   all  --  anywhere             anywhere
fw_INPUT   all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
oem_fwd    all  --  anywhere             anywhere
fw_FORWARD  all  --  anywhere             anywhere
bw_FORWARD  all  --  anywhere             anywhere
natctrl_FORWARD  all  --  anywhere             anywhere         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
oem_out    all  --  anywhere             anywhere
fw_OUTPUT  all  --  anywhere             anywhere
bw_OUTPUT  all  --  anywhere             anywhere
st_filter_OUTPUT  all  --  anywhere             anywhere        

Chain bw_FORWARD (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes

Chain bw_INPUT (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes
           all  --  anywhere             anywhere             owner socket exists

Chain bw_OUTPUT (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes
           all  --  anywhere             anywhere             owner socket exists

Chain bw_costly_shared (0 references)
target     prot opt source               destination
bw_penalty_box  all  --  anywhere             anywhere          

Chain bw_happy_box (0 references)
target     prot opt source               destination

Chain bw_penalty_box (1 references)
target     prot opt source               destination

Chain fw_FORWARD (1 references)
target     prot opt source               destination

Chain fw_INPUT (1 references)
target     prot opt source               destination

Chain fw_OUTPUT (1 references)
target     prot opt source               destination

Chain natctrl_FORWARD (1 references)
target     prot opt source               destination
natctrl_tether_counters  all  --  anywhere             anywhere            [goto]  state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             state INVALID
natctrl_tether_counters  all  --  anywhere             anywhere            [goto]
DROP       all  --  anywhere             anywhere

Chain natctrl_tether_counters (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             counter usb0_wlan0: 0 bytes
RETURN     all  --  anywhere             anywhere             counter wlan0_usb0: 0 bytes

Chain oem_fwd (1 references)
target     prot opt source               destination

Chain oem_out (1 references)
target     prot opt source               destination

Chain st_filter_OUTPUT (1 references)
target     prot opt source               destination

**iptfw:**
root@mako:/ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
bw_INPUT   all  --  anywhere             anywhere
fw_INPUT   all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
oem_fwd    all  --  anywhere             anywhere
fw_FORWARD  all  --  anywhere             anywhere
bw_FORWARD  all  --  anywhere             anywhere
natctrl_FORWARD  all  --  anywhere             anywhere         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
afwall     all  --  anywhere             anywhere
oem_out    all  --  anywhere             anywhere
fw_OUTPUT  all  --  anywhere             anywhere
bw_OUTPUT  all  --  anywhere             anywhere
st_filter_OUTPUT  all  --  anywhere             anywhere        

Chain afwall (1 references)
target     prot opt source               destination
afwall-wifi  all  --  anywhere             anywhere
afwall-wifi  all  --  anywhere             anywhere
afwall-wifi  all  --  anywhere             anywhere
afwall-wifi  all  --  anywhere             anywhere
afwall-wifi  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere
afwall-3g  all  --  anywhere             anywhere

Chain afwall-3g (13 references)
target     prot opt source               destination
afwall-3g-postcustom  all  --  anywhere             anywhere    

Chain afwall-3g-fork (2 references)
target     prot opt source               destination
afwall-3g-home  all  --  anywhere             anywhere          

Chain afwall-3g-home (1 references)
target     prot opt source               destination
afwall-reject  all  --  anywhere             anywhere           

Chain afwall-3g-postcustom (1 references)
target     prot opt source               destination
afwall-3g-fork  all  --  anywhere             anywhere          

Chain afwall-3g-roam (0 references)
target     prot opt source               destination
afwall-reject  all  --  anywhere             anywhere           

Chain afwall-3g-tether (0 references)
target     prot opt source               destination
RETURN     udp  --  anywhere             anywhere             owner UID match root udp dpt:domain
RETURN     udp  --  anywhere             anywhere             owner UID match nobody udp dpt:domain
RETURN     tcp  --  anywhere             anywhere             owner UID match root tcp dpt:domain
RETURN     tcp  --  anywhere             anywhere             owner UID match nobody tcp dpt:domain
afwall-3g-fork  all  --  anywhere             anywhere          

Chain afwall-reject (5 references)
target     prot opt source               destination
NFLOG      all  --  anywhere             anywhere             nflog-prefix  "{AFL}" nflog-group 40
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain afwall-vpn (0 references)
target     prot opt source               destination
afwall-reject  all  --  anywhere             anywhere           

Chain afwall-wifi (5 references)
target     prot opt source               destination
afwall-wifi-postcustom  all  --  anywhere             anywhere  

Chain afwall-wifi-fork (2 references)
target     prot opt source               destination
afwall-wifi-lan  all  --  anywhere             192.168.5.0/24   
afwall-wifi-wan  all  --  anywhere            !192.168.5.0/24   

Chain afwall-wifi-lan (1 references)
target     prot opt source               destination
RETURN     udp  --  anywhere             anywhere             udp dpt:domain
RETURN     all  --  anywhere             anywhere             owner UID match root
RETURN     all  --  anywhere             anywhere             owner UID match system
RETURN     all  --  anywhere             anywhere             owner UID match bluetooth
RETURN     all  --  anywhere             anywhere             owner UID match adb
RETURN     all  --  anywhere             anywhere             owner UID match media
RETURN     all  --  anywhere             anywhere             owner UID match gps
RETURN     all  --  anywhere             anywhere             owner UID match shell
RETURN     all  --  anywhere             anywhere             owner UID match u0_a0
RETURN     all  --  anywhere             anywhere             owner UID match u0_a4
RETURN     all  --  anywhere             anywhere             owner UID match u0_a7
RETURN     all  --  anywhere             anywhere             owner UID match u0_a19
RETURN     all  --  anywhere             anywhere             owner UID match u0_a20
RETURN     all  --  anywhere             anywhere             owner UID match u0_a21
RETURN     all  --  anywhere             anywhere             owner UID match u0_a29
RETURN     all  --  anywhere             anywhere             owner UID match u0_a44
RETURN     all  --  anywhere             anywhere             owner UID match u0_a54
RETURN     all  --  anywhere             anywhere             owner UID match u0_a57
RETURN     all  --  anywhere             anywhere             owner UID match u0_a63
RETURN     all  --  anywhere             anywhere             owner UID match u0_a64
RETURN     all  --  anywhere             anywhere             owner UID match u0_a65
RETURN     all  --  anywhere             anywhere             owner UID match u0_a66
RETURN     all  --  anywhere             anywhere             owner UID match u0_a67
RETURN     all  --  anywhere             anywhere             owner UID match u0_a68
RETURN     all  --  anywhere             anywhere             owner UID match u0_a72
RETURN     all  --  anywhere             anywhere             owner UID match u0_a75
RETURN     all  --  anywhere             anywhere             owner UID match u0_a77
RETURN     all  --  anywhere             anywhere             owner UID match u0_a78
RETURN     all  --  anywhere             anywhere             owner UID match u0_a79
RETURN     all  --  anywhere             anywhere             owner UID match u0_a81
RETURN     all  --  anywhere             anywhere             owner UID match u0_a83
RETURN     all  --  anywhere             anywhere             owner UID match u0_a84
RETURN     all  --  anywhere             anywhere             owner UID match u0_a86
RETURN     udp  --  anywhere             anywhere             udp dpt:domain owner UID match root
RETURN     udp  --  anywhere             anywhere             udp dpt:ntp owner UID match system
afwall-reject  all  --  anywhere             anywhere             owner UID match 0-999999999

Chain afwall-wifi-postcustom (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             owner UID match dhcp
RETURN     all  --  anywhere             anywhere             owner UID match wifi
afwall-wifi-fork  all  --  anywhere             anywhere        

Chain afwall-wifi-tether (0 references)
target     prot opt source               destination
RETURN     udp  --  anywhere             anywhere             owner UID match root udp spt:bootps dpt:bootpc
RETURN     udp  --  anywhere             anywhere             owner UID match nobody udp spt:bootps dpt:bootpc
RETURN     udp  --  anywhere             anywhere             owner UID match root udp spt:domain
RETURN     udp  --  anywhere             anywhere             owner UID match nobody udp spt:domain
RETURN     tcp  --  anywhere             anywhere             owner UID match root tcp spt:domain
RETURN     tcp  --  anywhere             anywhere             owner UID match nobody tcp spt:domain
afwall-wifi-fork  all  --  anywhere             anywhere        

Chain afwall-wifi-wan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             owner UID match root
RETURN     all  --  anywhere             anywhere             owner UID match system
RETURN     all  --  anywhere             anywhere             owner UID match bluetooth
RETURN     all  --  anywhere             anywhere             owner UID match adb
RETURN     all  --  anywhere             anywhere             owner UID match media
RETURN     all  --  anywhere             anywhere             owner UID match gps
RETURN     all  --  anywhere             anywhere             owner UID match shell
RETURN     all  --  anywhere             anywhere             owner UID match u0_a4
RETURN     all  --  anywhere             anywhere             owner UID match u0_a19
RETURN     all  --  anywhere             anywhere             owner UID match u0_a20
RETURN     all  --  anywhere             anywhere             owner UID match u0_a21
RETURN     all  --  anywhere             anywhere             owner UID match u0_a29
RETURN     all  --  anywhere             anywhere             owner UID match u0_a44
RETURN     all  --  anywhere             anywhere             owner UID match u0_a54
RETURN     all  --  anywhere             anywhere             owner UID match u0_a57
RETURN     all  --  anywhere             anywhere             owner UID match u0_a63
RETURN     all  --  anywhere             anywhere             owner UID match u0_a64
RETURN     all  --  anywhere             anywhere             owner UID match u0_a65
RETURN     all  --  anywhere             anywhere             owner UID match u0_a66
RETURN     all  --  anywhere             anywhere             owner UID match u0_a67
RETURN     all  --  anywhere             anywhere             owner UID match u0_a68
RETURN     all  --  anywhere             anywhere             owner UID match u0_a72
RETURN     all  --  anywhere             anywhere             owner UID match u0_a75
RETURN     all  --  anywhere             anywhere             owner UID match u0_a77
RETURN     all  --  anywhere             anywhere             owner UID match u0_a78
RETURN     all  --  anywhere             anywhere             owner UID match u0_a81
RETURN     all  --  anywhere             anywhere             owner UID match u0_a83
RETURN     all  --  anywhere             anywhere             owner UID match u0_a84
RETURN     all  --  anywhere             anywhere             owner UID match u0_a86
RETURN     udp  --  anywhere             anywhere             udp dpt:domain owner UID match root
RETURN     udp  --  anywhere             anywhere             udp dpt:ntp owner UID match system
afwall-reject  all  --  anywhere             anywhere             owner UID match 0-999999999

Chain bw_FORWARD (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes

Chain bw_INPUT (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes
           all  --  anywhere             anywhere             owner socket exists

Chain bw_OUTPUT (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             ! quota globalAlert: 2097152 bytes
           all  --  anywhere             anywhere             owner socket exists

Chain bw_costly_shared (0 references)
target     prot opt source               destination
bw_penalty_box  all  --  anywhere             anywhere          

Chain bw_happy_box (0 references)
target     prot opt source               destination

Chain bw_penalty_box (1 references)
target     prot opt source               destination

Chain fw_FORWARD (1 references)
target     prot opt source               destination

Chain fw_INPUT (1 references)
target     prot opt source               destination

Chain fw_OUTPUT (1 references)
target     prot opt source               destination

Chain natctrl_FORWARD (1 references)
target     prot opt source               destination
natctrl_tether_counters  all  --  anywhere             anywhere            [goto]  state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             state INVALID
natctrl_tether_counters  all  --  anywhere             anywhere            [goto]
DROP       all  --  anywhere             anywhere

Chain natctrl_tether_counters (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             counter usb0_wlan0: 0 bytes
RETURN     all  --  anywhere             anywhere             counter wlan0_usb0: 0 bytes

Chain oem_fwd (1 references)
target     prot opt source               destination

Chain oem_out (1 references)
target     prot opt source               destination

Chain st_filter_OUTPUT (1 references)
target     prot opt source               destination
@ukanth ukanth added the Bug label Feb 27, 2014
@orencio
Copy link

orencio commented Mar 19, 2014

Hi. Same issue on Samsung Galaxy S3 with AOSB KitKat 1.3.2 ROM.
I have enabled:

  • (Tethering) - servicios de DNS + DHCP.
  • (Proxy DNS) - búsquedas de DNS via netd.

Regards.

@Wuk-jvi
Copy link

Wuk-jvi commented Aug 5, 2014

Hi,

USB tethering is not working for me also.

Samsung S4 mini, CM11 M9, AFWall+ (v1.3.3) from F-Droid.

For me WLAN tethering works without problem when Tethering (DHCP+DNS services) is allowed. Using same firewall rules USB tethering is not working. To be able to get DHCP address on a PC which is connected to my mobile I have to turn on Applications running as root (uid 0), DNS is not working unless I disable firewall. I even tried to enable Linux kernel (uid -11), but it just does not work.

I can send logs, configuration or anything that is needed to resolve this issue.

Kind regards,
Wuk

Edit: Just installed version 1.3.4 from F-Droid. It seems that problem remiains the same, did not tested thoroughly, if needed i can do it later.

@varac varac mentioned this issue Aug 14, 2014
Closed
@ljani
Copy link
Contributor

ljani commented Aug 20, 2014

Same problem here on cm11. I'm getting a popup that says either of these two:

Blocked null(9999) 192.89.123.230:53
Blocked null(9999) 192.89.123.231:53

When I view the log, it says although I've allowed -11: (Kernel) - Linux Kernel in addition to -12: (Tethering) - DHCP+DNS services:

AppID : - 11
Application's Name:
TOtal Packets Blocked: 555
[UDP]192.89.123.230:53
[UDP]192.89.123.231:53

Sorry for incomplete comment, ctrl+enter seems to submit the issue :(

Wifi tethering works fine..

@ukanth ukanth added the DNS label Aug 4, 2016
@ukanth ukanth closed this as completed Mar 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug DNS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ukanth @ljani @orencio @nomorebugs @Wuk-jvi and others