Port 80 doesn't get forwarded to PirateBox's webserver
Posted by Lexa
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
|
Port 80 doesn't get forwarded to PirateBox's webserver December 16, 2016 08:38PM |
Hey!
Once more thank you for developing and publishing the Android version of PirateBox!
So, I'd like to convert some old phones into PirateBoxes, and ran into a few problems. This post is about a problem I see on two phones, and I didn't find a solution yet. Once I find one, I'll post it here. But maybe someone else can give me a hint for what to look in the meantime.
I'm testing with PirateBox_0.5.8_beta.apk on Android 2.3.6. Problem is, port 80 doesn't get forwarded to PirateBox's webserver. Just like with the other problem I posted about here, it worked at least once, but not anymore (that was probably with PirateBox_0.3.1_beta.apk and the phone was not rooted yet, but I had no success replicating it). But as it happens on two different phones, and one of them has 11MB+ free in /system, I'd /assume/ for now this is probably not a "truncated file" problem.
Everything else works, DHCP, DNS wildcard root zone, webserver on port 45454, just the iptables forwarding of port 80 is broken. Unfortunately I don't know much about iptables, so I try to find out more about iptables and its setup on Android now, and about how and especially /when/ PirateBox adds its rules. And how to trigger PirateBox doing it, or if it tries without success, what's breaking it.
Feel free to give me any hints.
Lexa.
Once more thank you for developing and publishing the Android version of PirateBox!
So, I'd like to convert some old phones into PirateBoxes, and ran into a few problems. This post is about a problem I see on two phones, and I didn't find a solution yet. Once I find one, I'll post it here. But maybe someone else can give me a hint for what to look in the meantime.
I'm testing with PirateBox_0.5.8_beta.apk on Android 2.3.6. Problem is, port 80 doesn't get forwarded to PirateBox's webserver. Just like with the other problem I posted about here, it worked at least once, but not anymore (that was probably with PirateBox_0.3.1_beta.apk and the phone was not rooted yet, but I had no success replicating it). But as it happens on two different phones, and one of them has 11MB+ free in /system, I'd /assume/ for now this is probably not a "truncated file" problem.
Everything else works, DHCP, DNS wildcard root zone, webserver on port 45454, just the iptables forwarding of port 80 is broken. Unfortunately I don't know much about iptables, so I try to find out more about iptables and its setup on Android now, and about how and especially /when/ PirateBox adds its rules. And how to trigger PirateBox doing it, or if it tries without success, what's breaking it.
Feel free to give me any hints.
Lexa.
|
Re: Port 80 doesn't get forwarded to PirateBox's webserver December 17, 2016 07:46AM |
Some good news and some bad news.
TL;DR: It all depends very much on the phone and its kernel. The two phones mentioned above on which I'm testing are Samsung Galaxy Pocket GT-S5300 which works really well for PirateBox now, and Samsung Galaxy Xcover GT-S5690 which works partially. More details about the latter below.
Obviously, the Samsung Galaxy Pocket was the one on which PirateBox fully worked at first, then broke, and fully works again now. What happened there is described here: [forum.piratebox.cc] and I planned to use that phone for PirateBox anyway as it's tiny, but has otherwise fine resources.
The Samsung Galaxy Xcover is more of a problematic case in general, as it has very little build-in memory. Regarding PirateBox's port forwarding, I'm relatively sure the problem is that there's no NAT support in its kernel. I tried to upgrade iptables, which worked, but doesn't make NAT/forwarding work. PirateBox tries to load the iptables rules just fine, but the kernel doesn't accept them.
More details: Both phones come with iptables v1.3.7, which works just fine on the Samsung Galaxy Pocket. On the Samsung Galaxy Xcover however I get this:
# iptables -V
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
iptables v1.3.7
So I searched for that error, found some info and got a later version which doesn't show this error:
# iptables -V
iptables v1.4.7
The NAT table (is it called like that? I'm not used to anything iptables) gets listed without error, too:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
But when I try to load a rule, I get "iptables: No chain/target/match by that name." and the rule doesn't get loaded:
# iptables -t nat -A OUTPUT -d 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 45454
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name.
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
The "FIX ME!" line seems not to be important, that message shows up with v1.3.7, too, and has no negative effect. The important part seems to be "No chain/target/match by that name." By the way that error message shows up with original iptables v1.3.7, too, together with the other error messages. For comparison with v1.3.7:
# iptables -t nat -A OUTPUT -d 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 45454
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name
So I guess it's a kernel problem. Maybe NAT support made the kernel too big for the phone's little main memory, so that the 3rd party bloatware wouldn't fit anymore onto the /system partition or something like that.
Seems the kernel has support to load kernel modules, but for me it's not worth to search further for the right version of the right module. I'm very happy with a fully working PirateBox on the tiny (as good as invisible) Samsung Galaxy Pocket. So for now and for me, I consider this solved.
Hopefully, in one way or another, this post can help someone else in the future.
Lexa.
TL;DR: It all depends very much on the phone and its kernel. The two phones mentioned above on which I'm testing are Samsung Galaxy Pocket GT-S5300 which works really well for PirateBox now, and Samsung Galaxy Xcover GT-S5690 which works partially. More details about the latter below.
Obviously, the Samsung Galaxy Pocket was the one on which PirateBox fully worked at first, then broke, and fully works again now. What happened there is described here: [forum.piratebox.cc] and I planned to use that phone for PirateBox anyway as it's tiny, but has otherwise fine resources.
The Samsung Galaxy Xcover is more of a problematic case in general, as it has very little build-in memory. Regarding PirateBox's port forwarding, I'm relatively sure the problem is that there's no NAT support in its kernel. I tried to upgrade iptables, which worked, but doesn't make NAT/forwarding work. PirateBox tries to load the iptables rules just fine, but the kernel doesn't accept them.
More details: Both phones come with iptables v1.3.7, which works just fine on the Samsung Galaxy Pocket. On the Samsung Galaxy Xcover however I get this:
# iptables -V
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
iptables v1.3.7
So I searched for that error, found some info and got a later version which doesn't show this error:
# iptables -V
iptables v1.4.7
The NAT table (is it called like that? I'm not used to anything iptables) gets listed without error, too:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
But when I try to load a rule, I get "iptables: No chain/target/match by that name." and the rule doesn't get loaded:
# iptables -t nat -A OUTPUT -d 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 45454
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name.
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
The "FIX ME!" line seems not to be important, that message shows up with v1.3.7, too, and has no negative effect. The important part seems to be "No chain/target/match by that name." By the way that error message shows up with original iptables v1.3.7, too, together with the other error messages. For comparison with v1.3.7:
# iptables -t nat -A OUTPUT -d 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 45454
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name
So I guess it's a kernel problem. Maybe NAT support made the kernel too big for the phone's little main memory, so that the 3rd party bloatware wouldn't fit anymore onto the /system partition or something like that.
Seems the kernel has support to load kernel modules, but for me it's not worth to search further for the right version of the right module. I'm very happy with a fully working PirateBox on the tiny (as good as invisible) Samsung Galaxy Pocket. So for now and for me, I consider this solved.
Hopefully, in one way or another, this post can help someone else in the future.
Lexa.