I use my mobile phone for internet access. My provider's Unlimited data plan discourages tethering (using the phone as a hotspot), though, by throttling traffic it sees coming from other devices.
A fairly simple and robust solution is to run a proxy server on the phone, and then set up your router to send all traffic through the proxy.
There are several apps in the Play store which can do this on a stock phone (root not required). I've used Socks Server Ultimate. It's best to get this running first, and manually configure the browser on your laptop to use it, to verify that it's working properly. Then procede to the router setup.
On my TP-Link Archer C7 1750 router, I can use the 5Ghz radio as a client to
talk to my phone, and the 2.4Ghz radio as the access point. OpenWRT makes it
easy to configure via the Scan
button in the UI.
If your phone has locked down Hotspot, you may be able to install adb
tools and
run adb forward tcp:12345 tcp:12346
on the router to forward traffic from the
router's port 12345 to the proxy running on the phone's port 12346.
I use redsocks and iptables
to send all the traffic on the router to the
SOCKS5 proxy running on the phone.
I use OpenWRT on my router, but any OS that lets you run redsocks
should do fine. For OpenWRT, opkg install redsocks
gets it done.
Edit /etc/redsocks.conf
to have this:
// send all traffic to a remote SOCKS5 proxy
base {
log_info = on;
log = "file:/var/log/proxy_vpn.log";
daemon = on;
redirector = iptables;
}
redsocks {
// Use iptables to redirect traffic here
local_ip = 0.0.0.0;
local_port = 12345;
// Remote proxy info
// Use 127.0.0.1 if using adb forward; otherwise use the
// Phone's hotspot IP
ip = 192.168.43.1;
port = 12346;
type = socks5;
}
The package should automatically install /etc/init.d/redsocks
and enable it
in /etc/rc.d
so it will run when the router boots up.
iptables: rules
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Create new chain
iptables -t nat -X REDSOCKS
iptables -t nat -N REDSOCKS
# Ignore LANs and some other reserved addresses.
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.1/4 -j RETURN
# Send everything else through the redsocks daemon
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
# XXX It seems that OUTPUT is too late?
#iptables -t nat -A OUTPUT -o wlan0 -p tcp -j REDSOCKS