Skip to content

Instantly share code, notes, and snippets.

@iamoverit

iamoverit/README.md

Forked from softmoth/README.md
Last active June 15, 2021 08:12
Show Gist options
  • Save iamoverit/fe18774411a4205345cffec15b49af76 to your computer and use it in GitHub Desktop.
Save iamoverit/fe18774411a4205345cffec15b49af76 to your computer and use it in GitHub Desktop.
Download ZIP
Using a proxy to avoid tether throttling
Raw
README.md

Using a proxy to avoid tether throttling

I use my mobile phone for internet access. My provider's Unlimited data plan discourages tethering (using the phone as a hotspot), though, by throttling traffic it sees coming from other devices.

A fairly simple and robust solution is to run a proxy server on the phone, and then set up your router to send all traffic through the proxy.

Run a proxy on the phone

There are several apps in the Play store which can do this on a stock phone (root not required). I've used Socks Server Ultimate. It's best to get this running first, and manually configure the browser on your laptop to use it, to verify that it's working properly. Then procede to the router setup.

Tethering the router to the phone

On my TP-Link Archer C7 1750 router, I can use the 5Ghz radio as a client to talk to my phone, and the 2.4Ghz radio as the access point. OpenWRT makes it easy to configure via the Scan button in the UI.

If your phone has locked down Hotspot, you may be able to install adb tools and run adb forward tcp:12345 tcp:12346 on the router to forward traffic from the router's port 12345 to the proxy running on the phone's port 12346.

Redirect all traffic to the proxy

I use redsocks and iptables to send all the traffic on the router to the SOCKS5 proxy running on the phone.

I use OpenWRT on my router, but any OS that lets you run redsocks should do fine. For OpenWRT, opkg install redsocks gets it done.

Edit /etc/redsocks.conf to have this:

// send all traffic to a remote SOCKS5 proxy

base {
    log_info = on;
    log = "file:/var/log/proxy_vpn.log";
    daemon = on;
    redirector = iptables;
}

redsocks {
    // Use iptables to redirect traffic here
    local_ip = 0.0.0.0;
    local_port = 12345;

    // Remote proxy info
    // Use 127.0.0.1 if using adb forward; otherwise use the
    // Phone's hotspot IP
    ip = 192.168.43.1;
    port = 12346;
    type = socks5;
}

The package should automatically install /etc/init.d/redsocks and enable it in /etc/rc.d so it will run when the router boots up.

iptables: rules

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Create new chain

iptables -t nat -X REDSOCKS
iptables -t nat -N REDSOCKS
 
# Ignore LANs and some other reserved addresses.
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.1/4 -j RETURN

# Send everything else through the redsocks daemon
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
# XXX It seems that OUTPUT is too late?
#iptables -t nat -A OUTPUT -o wlan0 -p tcp -j REDSOCKS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment