Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS (port 53) is blocked for Wifi tethering #377

Closed
ghost opened this issue Jun 13, 2015 · 16 comments
Closed

DNS (port 53) is blocked for Wifi tethering #377

ghost opened this issue Jun 13, 2015 · 16 comments

Comments

@ghost
Copy link

ghost commented Jun 13, 2015

Hi,

I've got the problem that when using wifi-tethering the clients DNS-requests are blocked.

I use Android 4.2.2 (Fairphone 1), afwall+ in whitelist mode, kernel (-11) and Tehering (-12) are allowed for every kind of connection.

When I try to connect to any webservice via domain name from my laptop, the DNS-request is blocked by afwall (Log entry: AppID: -11, [UDP]139.7.30.126:53 (which is my carriers DNS-Server), [UDP]8.8.8.8:53 (Google DNS server)). Connecting via IP works though.

Could anyone help me out with this issue? I tried to find a solution reading any kind of FAQ's, using Google and so on. If the solution is out there and I didn't find it, please forgive me ;-) All the bugs reported so far are different as they concern bluetooth tethering (as far as I know). Thanks a lot!

Edit: disabling afwall makes the connection work, so I think it really is an afwall related problem
@ghost
Copy link
Author

ghost commented Jun 16, 2015

Hi,

thank you for your help. I try to give you as many informations as I can then.

I already tried blacklist mode, but it didn't help. I'm not a pro in using iptables, but I will try to make up a custom script (could take me some time). Thanks for the information about the IP's used by vodafone[DE].

Find the debug information here:
https://gist.github.com/Wollfframm/fe7117fa507621038fb8

@eku
Copy link

eku commented Jun 16, 2015

Why don't you use Gist for providing debug information?

@ghost
Copy link
Author

ghost commented Jun 17, 2015

Because I didn't know about it ;-)

Edit: now I did.

@ghost ghost closed this as completed Jun 17, 2015
@ghost ghost reopened this Jun 17, 2015
@ghost
Copy link
Author

ghost commented Jun 20, 2015

Ok, simply opening port 53 in chain afwall for udp/tcp with a custon script did work. But how can I restrict the access to the kernel only (like the afwall option suggests)? is -11 a valid UID? "-m ower --uid-owner -11" did't work (error applying rules). Who can help? Thanks!

@atrent
Copy link

atrent commented Aug 1, 2015

Hi, how do I open port 53? I have the same problem on OPO. Thank you

@atrent
Copy link

atrent commented Aug 2, 2015

as a workaround I've set an added DNS server (8.8.8.8) in the connection definition

@atrent
Copy link

atrent commented Aug 4, 2015

I mean I have set a static DNS in the Linux (on my PC) connection definition, it won't be overwritten of course.

I'd like to avoid executing a script on the android (need to open a shell, etc.) every time I need a wifi hotspot...

What kind of log do you need?

@atrent
Copy link

atrent commented Aug 4, 2015

[why setting a static DNS should be a problem? apart from using Google's of course]

phone: ONEplus

AFWall+ Mode: whitelist

Android ROM + exactly versions number: cyanogen 12.0-YNG1TAS17L

What steps will reproduce the problem?

  • activate any tethering mode (wifi, bluetooth, usb), the DNS resolving is REFUSED (as per dig @ipOfAndroid symbolic.domain.name), while using another DNS server (e.g. 8.8.8.8) works, data connection works normally, only domain name resolution is blocked.
  • DHCP&Tethering is ALLOWED in AFWall
  • applications running as root is ALLOWED
  • if I DISABLE AFWall the tethering works fine

Additional security software installed (like XPrivacy/Avast)? Is it really deactivated?!
none

What is the expected output? What do you see instead?
faulty dns resolution

Attach your rules.log (IPv4 + IPv6)
where is it?

iptables -v -n -L

Chain INPUT (policy ACCEPT 3548 packets, 876K bytes)
pkts bytes target prot opt in out source destination
59792 46M bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
59792 46M fw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 327K packets, 274M bytes)
pkts bytes target prot opt in out source destination
327K 274M oem_fwd all -- * * 0.0.0.0/0 0.0.0.0/0
327K 274M fw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
327K 274M bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
327K 274M natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3597 packets, 441K bytes)
pkts bytes target prot opt in out source destination
55499 6641K afwall all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * rmnet7 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet6 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet5 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet4 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet3 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet2 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet1 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN /
0 0 DROP udp -- * rmnet0 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 / Drop SSDP on WWAN */
55272 6628K oem_out all -- * * 0.0.0.0/0 0.0.0.0/0
55272 6628K fw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
55272 6628K bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall (1 references)
pkts bytes target prot opt in out source destination
50997 6309K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 afwall-wifi all -- * eth+ 0.0.0.0/0 0.0.0.0/0
3 1021 afwall-wifi all -- * wlan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- * tiwlan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- * ra+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- * bnep+ 0.0.0.0/0 0.0.0.0/0
3303 250K afwall-3g all -- * rmnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * pdp+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * uwbr+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * wimax+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * vsnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * rmnet_sdio+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * ccmni+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * qmi+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * svnet0+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * wwan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * cdma_rmnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * usb+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * rmnet_usb+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * clat4+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * cc2mni+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * bond1+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- * rmnet_smux+ 0.0.0.0/0 0.0.0.0/0

Chain afwall-3g (17 references)
pkts bytes target prot opt in out source destination
3303 250K afwall-3g-postcustom all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-3g-fork (1 references)
pkts bytes target prot opt in out source destination
169 17485 afwall-3g-home all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-3g-home (1 references)
pkts bytes target prot opt in out source destination
2 136 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1011
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1016
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 2000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10002
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10006
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10011
161 12084 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10013
3 172 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10018
5 300 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10026
2 112 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10036
506 48648 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10040
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10044
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10045
455 27300 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10046
2 112 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10050
1 60 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10053
216 12960 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10055
1 60 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10063
21 17076 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10073
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10076
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10078
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10081
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10087
5 284 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10089
7 412 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10094
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10097
29 1740 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10098
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10100
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10105
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10111
36 2160 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10114
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10116
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10117
1 60 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10126
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10129
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10131
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10132
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10133
1 60 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10134
63 3780 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10136
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10137
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10139
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10140
1 60 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10143
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10156
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10157
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10167
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10171
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10173
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10176
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10177
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10178
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10179
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10183
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10185
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10186
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10190
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10192
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10209
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10228
886 57561 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
295 17796 afwall-reject all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0-999999999

Chain afwall-3g-postcustom (1 references)
pkts bytes target prot opt in out source destination
621 46296 afwall-3g-tether all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-3g-roam (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
0 0 afwall-reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-3g-tether (1 references)
pkts bytes target prot opt in out source destination
31 2023 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 udp dpt:53
421 26788 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 udp dpt:53
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 tcp dpt:53
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 tcp dpt:53
169 17485 afwall-3g-fork all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-reject (5 references)
pkts bytes target prot opt in out source destination
292 17616 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1000/min burst 5 LOG flags 8 level 4 prefix "{AFL}"
295 17796 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain afwall-vpn (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
0 0 afwall-reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi (5 references)
pkts bytes target prot opt in out source destination
3 1021 afwall-wifi-postcustom all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi-fork (1 references)
pkts bytes target prot opt in out source destination
0 0 afwall-wifi-wan all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
0 0 afwall-reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi-postcustom (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1014
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1010
3 1021 afwall-wifi-tether all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi-tether (1 references)
pkts bytes target prot opt in out source destination
3 1021 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 udp spt:67 dpt:68
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 udp spt:67 dpt:68
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 udp spt:53
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 udp spt:53
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 tcp spt:53
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 tcp spt:53
0 0 afwall-wifi-fork all -- * * 0.0.0.0/0 0.0.0.0/0

Chain afwall-wifi-wan (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1011
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1013
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1016
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 2000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10002
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10003
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10005
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10006
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10007
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10008
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10011
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10013
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10014
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10018
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10020
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10026
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10033
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10036
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10040
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10041
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10042
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10044
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10045
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10046
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10050
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10053
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10055
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10060
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10063
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10073
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10076
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10078
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10081
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10083
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10086
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10087
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10089
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10091
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10094
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10097
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10098
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10100
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10103
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10104
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10105
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10107
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10108
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10110
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10111
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10112
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10113
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10114
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10115
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10116
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10117
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10120
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10124
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10126
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10129
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10131
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10132
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10133
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10134
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10135
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10136
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10137
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10139
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10140
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10143
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10144
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10148
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10151
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10152
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10153
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10155
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10156
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10157
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10158
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10161
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10162
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10163
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10165
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10167
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10171
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10172
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10173
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10176
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10177
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10178
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10179
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10180
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10181
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10182
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10183
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10184
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10185
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10186
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10190
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10192
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10194
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10209
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10214
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10215
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10223
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10228
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 owner UID match 1000
0 0 afwall-reject all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0-999999999

Chain bw_FORWARD (1 references)
pkts bytes target prot opt in out source destination
46428 38M all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes

Chain bw_INPUT (1 references)
pkts bytes target prot opt in out source destination
1010 739K all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
49720 44M bw_costly_rmnet0 all -- rmnet0 * 0.0.0.0/0 0.0.0.0/0
55665 46M all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists

Chain bw_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
878 84420 all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
45670 5826K bw_costly_rmnet0 all -- * rmnet0 0.0.0.0/0 0.0.0.0/0
54430 6540K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists

Chain bw_costly_rmnet0 (2 references)
pkts bytes target prot opt in out source destination
95390 50M bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota rmnet0: 3837722197 bytes reject-with icmp-port-unreachable

Chain bw_costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_happy_box (0 references)
pkts bytes target prot opt in out source destination

Chain bw_penalty_box (2 references)
pkts bytes target prot opt in out source destination

Chain fw_FORWARD (1 references)
pkts bytes target prot opt in out source destination

Chain fw_INPUT (1 references)
pkts bytes target prot opt in out source destination

Chain fw_OUTPUT (1 references)
pkts bytes target prot opt in out source destination

Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source destination
182K 199M natctrl_tether_counters all -- rmnet0 wlan0 0.0.0.0/0 0.0.0.0/0 [goto] state RELATED,ESTABLISHED
195 10080 DROP all -- wlan0 rmnet0 0.0.0.0/0 0.0.0.0/0 state INVALID
145K 75M natctrl_tether_counters all -- wlan0 rmnet0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain natctrl_tether_counters (2 references)
pkts bytes target prot opt in out source destination
145K 75M RETURN all -- wlan0 rmnet0 0.0.0.0/0 0.0.0.0/0
182K 199M RETURN all -- rmnet0 wlan0 0.0.0.0/0 0.0.0.0/0

Chain oem_fwd (1 references)
pkts bytes target prot opt in out source destination

Chain oem_out (1 references)
pkts bytes target prot opt in out source destination

ip rule list

0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
13000: from all fwmark 0x10063/0x1ffff lookup local_network
13000: from all fwmark 0x10064/0x1ffff lookup rmnet0
14000: from all oif rmnet0 lookup rmnet0
14000: from all oif wlan0 lookup local_network
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
18000: from all iif wlan0 lookup rmnet0
19000: from all fwmark 0x64/0x1ffff lookup rmnet0
22000: from all fwmark 0x0/0xffff lookup rmnet0
23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main
32000: from all unreachable

ip route show

10.71.10.72/30 dev rmnet0 proto kernel scope link src 10.71.10.73
192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.1

Which binaries are used for BusyBox/IPTables?
system

Which DNS-proxy option is in usage?
tried auto, enable and disable, no effect

dumpsys connectivity | grep DnsAddresses

NetworkAgentInfo{ ni{[type: MOBILE[HSPA+], state: CONNECTED/CONNECTED, reason: connected, extra: ibox.tim.it, roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false]} network{100} lp{{InterfaceName: rmnet0 LinkAddresses: [10.71.10.73/30,] Routes: [0.0.0.0/0 -> 10.71.10.74 rmnet0,] DnsAddresses: [10.207.43.46,10.206.56.132,] Domains: null MTU: 1500 TcpBufferSizes: 122334,734003,2202010,32040,192239,576717}} nc{[ Transports: CELLULAR Capabilities: SUPL&INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN LinkUpBandwidth>=11264Kbps LinkDnBandwidth>=43008Kbps Specifier: <1>]} Score{50} validated{true} created{true} explicitlySelected{false} }

nslookup google.com

Server: 8.8.4.4
Address 1: 8.8.4.4 google-public-dns-b.google.com

Name: google.com
Address 1: 2a00:1450:4002:805::1004 mil01s19-in-x04.1e100.net
Address 2: 74.125.232.135 mil02s05-in-f7.1e100.net
Address 3: 74.125.232.132 mil02s05-in-f4.1e100.net
Address 4: 74.125.232.131 mil02s05-in-f3.1e100.net
Address 5: 74.125.232.134 mil02s05-in-f6.1e100.net
Address 6: 74.125.232.128 mil02s05-in-f0.1e100.net
Address 7: 74.125.232.136 mil02s05-in-f8.1e100.net
Address 8: 74.125.232.129 mil02s05-in-f1.1e100.net
Address 9: 74.125.232.133 mil02s05-in-f5.1e100.net
Address 10: 74.125.232.137 mil02s05-in-f9.1e100.net
Address 11: 74.125.232.130 mil02s05-in-f2.1e100.net
Address 12: 74.125.232.142 mil02s05-in-f14.1e100.net

getprop | grep dns

@atrent
Copy link

atrent commented Aug 4, 2015

done editing, but I think it's uglier...

added #4 ("apps running as root" I forgot)

@atrent
Copy link

atrent commented Aug 4, 2015

and... apart from a phone reboot I did not change anything... now it works!
I was checking from the pc to copy&paste some dig/nslookup here, tried:

$ dig @192.168.43.1 di.unimi.it

; <<>> DiG 9.9.5-9ubuntu0.2-Ubuntu <<>> @192.168.43.1 di.unimi.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10242
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;di.unimi.it. IN A

;; ANSWER SECTION:
di.unimi.it. 86224 IN A 159.149.53.164

;; Query time: 2 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Tue Aug 04 17:34:47 CEST 2015
;; MSG SIZE rcvd: 45

even restarting dnsmasq (on my pc) and disabling the static DNS (8.8.8.8) just to be sure, same result

very puzzled...

I'm sorry I created some noise here, if it happens again I'll try to understand why

@ukanth ukanth closed this as completed Aug 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ukanth @atrent @eku and others