[Q] Allow certain IPs to an apk - Desire Q&A, Help & Troubleshooting

Say I download an apk from market.
There are times that I don't want it to access Web (so as not to download any ads and get over my monthly cap). Still i want it to have access to my 192.168.x.x home network.
Is there any way to do this (access only certain IPs per apk)? I'm using Linux and I don't even know how to do it there. So I dont know what to look as to get some ideas.

Probably an ad blocker will take care of downloading banners and such. There might be some apps on the lines of Droid Wall which might allow you to filter traffic. I've never used it.
If you are trying to access your LAN I'm assuming you are using your wireless connection and you might be able to filter traffic from you AP if it has the proper tools and APs usually do.

First of all thanks for the reply.
Ok, an ad-free script could be possible but how can one find out what IPs are being used from a specific apk?
As far as I know there is no log that logs the sockets that are open or even better have been opened...
P.S.: I know my apk pid. The issue is to find out which IPs it uses...

Use terminal emulator to issue "netstat -a" command. I really think that DroidWall could help.

DroidWall cuts all connections (say all wiFi connections)!!! And I don't want that. I want my apk to be able to connect to my home network but cut off all other connections. But only for the specified apk.
netstat -a doesn't say which application uses which port.
Thanks for the ideas. I have already tried those. Feel free to tell other ideas as well though.

Related

Tethering: How to point a browser to use the tp2 connection

I would like to tether my phone to my work comp so I can use my work keyboard/mouse/screen rather than my phone to do browsing. I am able to connect it but is there a way to direct only traffic from, say firefox, to the phone connection and let the rest of my net traffic be handled by the nic on the lan?
I don't have the networking expertise to figure this one out and I haven't been able to find it with searches. I probably don't know the right terminology to search for.
Thanks
This is going to be difficult to do unless you know the specific IP addresses or networks you wish to access via the LAN interface.
If you do then you can move the default gateway on to the interface to your phone and then add static routes for the addresses you want to go via the LAN interface.
This is done by using the route command in a cmd window.
R.
dicko99 said:
This is going to be difficult to do unless you know the specific IP addresses or networks you wish to access via the LAN interface.
If you do then you can move the default gateway on to the interface to your phone and then add static routes for the addresses you want to go via the LAN interface.
This is done by using the route command in a cmd window.
R.
Click to expand...
Click to collapse
thanks for the reply. I figured it had to be more difficult than it seemed on the surface.
so, based on what you have said, would i be able to do the opposite? where i could build a routing table for each specific site's ip that i want to have my browser be directed to my phone for? if possible that would be adequate. what do you think?
Any other ideas? I guess I'll try and read up on the route command and see how I might be able to use it.
haha trying to watch porn at work, eh?
Maybe I'm off, but wouldn't trying to adjust the settings required for this move not be possible if there's admin restrictions on your work PC anyway?
rorytmeadows said:
haha trying to watch porn at work, eh?
Maybe I'm off, but wouldn't trying to adjust the settings required for this move not be possible if there's admin restrictions on your work PC anyway?
Click to expand...
Click to collapse
I have admin rights. I don't have full access to the internet (unless I use my ssh tunnel). I just want to figure out how to get more out of my data plan and use my time better than typing with two fingers and navigating via a tiny screen when i have a proper keyboard and screen right infront of me.
It's really more of a case of trying to figure out if it can be done and how. Also some curiosity and the desire to learn more. Unfortunately, I'm not that knowledgeable regarding network intricacies and routing but thought some folks here might have the info and could help me figure it out.

VPN Routing Issues - Default Gateway Strikes Back!

On the original 2.1 you could connect a VPN and still surf the internet. Now with Froyo you can't. I've searched high and low for a setting in the GUI and on the file system and can't find anything that would allow me to turn off use of the VPN connection as the default gateway. Since many Market apps, in particular my Xtralogic RDP client, often check to make sure they are registered this new VPN "feature" renders all of these apps useless to those who use them through VPN tunnels.
Does anyone know where the settings for VPN connections are stored? Are they human readable? I did find one file in /system/etc/ppp that looks like a standard debian-like interface script, if-up-vpn, but it looks to be binary. However I am using an L2TP connection and can't find anything anywhere. Worst case, is there a way i modify the routing table on the fly? I'm used to UNIX-like manageability using the usual netstat/iptables/ifconfig kind of thing, but Android is far from what I'm used to and doesn't seem to be easily manhandled. Hopefully there is someone around here who knows how to Ginsu this back to normal. Thanks in advance!
Running the Virtuous 2.3 rom with 2.15 radio.
-M

[GUIDE/HOWTO] CIFS+UTF-8 Brings Music/Movie/File Access Anywhere with 3/4G or WiFi

CIFS + UTF-8 Kernel Module Support
User CONTRIBUTED HOWTO Guide and Tips!​
What is CIFS:
[Alfresco CIFS Wiki]
[Wikipedia CIFS]
XDA's own developer (f3d0r) has created the [CIFS Manager] to help setup CIFS+UTF-8 modules
I have added CIFS + UTF-8 support to both my Froyo Kernel and Gingerbread Kernel... ALL user of my Kernels have this cool capability available to them...
Please help contribute to this GUIDE / HOWTO. I will link all the cool tips and setups to the OP and give proper credit to those who contributed
Please help each other out... This is what makes XDA the best community among other Android communities...
Thanks
[Windows 7 LAN Setup] by user Dclaw_Fantum (make sure you hit Thanks button for him if he helped you)
[Windows 7 WAN/PPTP Setup] by user se1000 (make sure you hit Thanks button for him if he helped you)
[Windows 7 WAN Setup] by user Dclaw_Fantum (make sure you hit Thanks button for him if he helped you)
[CIFS Manager App Tip #1] by user Dclaw_Fantum (make sure you hit Thanks button for him if he helped you)
CIFS = Win
Okay, screens will come later. I only have the Windows part typed out, I will edit it more soon. Some of the steps may not be clear without screens. The phone part is coming too. I moved my SDK install location, DroidExplorer won't run, gotta reboot, so here is the text for setting up the share in Windows:
For this guide I am using Windows 7 Ultimate 64-Bit and Royal Glacier v1.0.
First things needed to get CIFS working are:
CIFS Manager
Have the ability to gain Administrator rights on your Windows install.
A rooted phone running one of Faux's kernels (or any kernel with CIFS support).
Let's Begin:
First we have to setup the folder we want to share on the Windows PC.
1. Find or Create the folder you want to share. I created a folder named "CIFS Share".
2. Right-click the folder and select Properties.
3. Under the Sharing Tab, click Advanced Sharing.
4. Click the checkbox at the top, the text fields will fill with the folder's name. You can add a comment if you like, it isn't necessary.
5. Click on the Permissions Button.
-By default, the group "Everyone" is assigned read access.
-This is not a secure setting but is okay when you are only doing a LAN share, behind a firewall. Files shared under this group require NO authentication, hence the name Everyone.
-***This is where you can change which users have rights to the shared files: ***
6. Click the "Add" button to create a new user permission.
-In the large text box, type in the username you want to have access to the share.
--My user is named "User0". So I typed "user0" in the box.
-Click the "Check Names" button. Windows will put the proper name in place. My box changed to "GREG-PC\User0"
-Click "OK" and close the Select Users or Groups.
7. Now the user you just added is in the "Group or user names" box.
-Click the user name to select it.
-If you want to read and write* to the share, click the "Full Control" checkbox. *CIFS mount is Read-Only. We can get write access elsewhere.
-To just allow read access, leave only the "Read" checkbox ticked.
-I suggest selecting the group "Everyone" and then clicking the "Remove" button. Assign another user access before you apply removing Everyone.
-Click "Apply" then "OK" to exit.
Congratulations, you are now sharing any files contained within this folder to the users specified. Next, we have to set up the phone...
Looking forward to the guide, tried to set it up on my own, but have no networking experience and honestly was just taking a shot in the dark. Needless to say, CIFSManager laughed then punched me in the throat for having the audacity.
Thanks faux123, CIFS is so cool to have.
Thanks for the info on CIFS Manager. My Phone is playing so nicely with my Synology NAS.
Using your LV Kernel with CM7 Nightly #14 and all is going good so far.
darinmc said:
Looking forward to the guide, tried to set it up on my own, but have no networking experience and honestly was just taking a shot in the dark. Needless to say, CIFSManager laughed then punched me in the throat for having the audacity.
Click to expand...
Click to collapse
CIFS manager needs some additional steps, most importantly, it will create a folder on the SD card that it will use to see the files from your computer. It makes the phone think the shared folder from the computer is that local folder on your phone. That was where I messed up in my haste the first time I tried to set it up. First time I had an error happen when trying to setup a sharing service.
Forgot that I had to redirect CIFSManager to the correct location of the module. In Settings of CIFSManager, tick the checkbox for "Load via insmod" then tap on the "Path to cifs.ko[:<modpath>]*". Now you have to type in "/system/lib/modules/cifs.ko" in the text box. Also, Faux added cifs support @ 0.8.2, RoyalGlacier comes loaded with 0.8.1.1. You have to update your kernel if you are on anything before 0.8.2 for this to work.
Text for setting up the Windows LAN sharing is up, haven't gotten to the WAN sharing or phone setup parts yet, the WAN sharing will come last, after the screen shots. The WAN sharing part is going to be the worst part, everyone's router has a different interface.
I'm tired, I will post more sometime late Saturdaynight/early Sunday morning (3/12 or 3/13), I'm gonna be busy during the day tomorrow.
All I did to set this up on Windows 7 was:
1. Download CIFS manager on my phone
2. The computer part I right-clicked on the folder I wanted to share, went to properties then sharing then advanced sharing, like dclaw_fantum explained (his posts are def more detailed than this, but this is how I'd explain it to a friend), and checked to share and that was it. (I setup a password on my computer login under control panel settings)
3. Then on your phone, you open CIFS and add new share. Input your IP address followed by / and the name of the folder (ex. 11.65.8.52/music), the mount point field autofilled for me, then put in computer user ID and password.
4. Check the "Load cifs module" and "Load via insmod" boxes in CIFS Manager app and it worked perfect! (This is where I got an error the first time I tried it, but after rereading the linked thread in Faux's kernel thread I checked these)
Hope this helps, it's not super professional and I'm not sure how secure it is (I assume it is, but I haven't done too much computer network stuff), but it worked for me! "Unmounting all" gave me an error, it unmounted one share but the other one wouldn't unmount so I rebooted my phone and haven't tried again, yet.
Any ideas on battery/data consumption when you're not using files from your computer? Like when the shares are mounted but you're not necessarily using anything from them?
Sent from my HTC Glacier using XDA App
How do I set up for 3g/4g connection?
Just forward a specific port?
supa2001 said:
How do I set up for 3g/4g connection?
Just forward a specific port?
Click to expand...
Click to collapse
WAN access via 3G/4G requires more sophisticated setup including:
Router configuration
Dynamic DNS account
and a few other things...
Hopefully some advance users here can show the setup for it, or you can exercise your GoogleFu and research on this topic and post back here to share with everyone else
What I meant earlier is that I have no complex network experience, local networking is easy, it's streaming over the internet I want and cannot accomplish.
darinmc said:
What I meant earlier is that I have no complex network experience, local networking is easy, it's streaming over the internet I want and cannot accomplish.
Click to expand...
Click to collapse
I've been a little busy the past few days, hopefully I can get up the WAN configuration for you when I get home tonight, eliasadrian and I already have the majority of the phone setup posted above. I'll have to get screen shots up after I get the posts together.
In a nutshell, port 445 needs to be forwarded, the PC should have a dhcp reservation with your router and having a DynDNS account makes things much simpler in the long run for you. Do not forward any unprotected ports.
The cool thing is that after this is setup, you can put the same info into es file explorer and you will have read/write access. Then you can use the CIFS mount to stream media that es will not allow to stream.
dclaw_fantum said:
I've been a little busy the past few days, hopefully I can get up the WAN configuration for you when I get home tonight, eliasadrian and I already have the majority of the phone setup posted above. I'll have to get screen shots up after I get the posts together.
In a nutshell, port 445 needs to be forwarded, the PC should have a dhcp reservation with your router and having a DynDNS account makes things much simpler in the long run for you. Do not forward any unprotected ports.
The cool thing is that after this is setup, you can put the same info into es file explorer and you will have read/write access. Then you can use the CIFS mount to stream media that es will not allow to stream.
Click to expand...
Click to collapse
Can't wait for the write up Post some screen shots too if you don't mind...
dclaw_fantum said:
I've been a little busy the past few days, hopefully I can get up the WAN configuration for you when I get home tonight, eliasadrian and I already have the majority of the phone setup posted above. I'll have to get screen shots up after I get the posts together.
In a nutshell, port 445 needs to be forwarded, the PC should have a dhcp reservation with your router and having a DynDNS account makes things much simpler in the long run for you. Do not forward any unprotected ports.
The cool thing is that after this is setup, you can put the same info into es file explorer and you will have read/write access. Then you can use the CIFS mount to stream media that es will not allow to stream.
Click to expand...
Click to collapse
Can't wait for the tutorial, I wish I understood enough of the middle paragraph to take the info and run but sadly enough I don't. Gonna try to google my way through it in the meantime.
WAN Configuration (for CIFS over Internet)
Okay, this is the part that let's you have the ability to use CIFS outside of your WLAN. The setup is going to take a little more work than a LAN setup, but, if you follow along you will have a very reliable CIFS connection for streaming files from your PC to your phone anywhere you have a data connection.
**Before anyone posts about how the songs/videos they are streaming are choppy/not fluid, I have no control over the buffer settings in CIFS manager. Also, the connection throughput is king when streaming. If the path the data takes slows it down below the playback rate of the media, it will become choppy. So, even if you are on HSPA+, it may be choppy. Somewhere between your phone and your PC, there is a slow link.**
Again, for this guide I am using Windows 7 Ultimate 64-Bit and Royal Glacier v1.0 w/ Faux's 0.8.5 kernel.
Prerequisites:
CIFS Manager installed and working.
Have already setup the share on your PC.
Administrator access to your router/gateway.
**Not required, but very helpful:
A DynDNS account.
Let's Begin:
Since you already have CIFS working on your LAN, we are going to setup the router to allow the data to go out to the internet.
DHCP Reservation:
1. Log into your router. Find the area pertaining to "DHCP Reservation". On two of my routers, this was a button (Linksys/Cisco and Vizio).
2. Now we need the IP and MAC addresses.
a. Control Panel > Network and Sharing Center
b. Click on the network connection name, in my case FancyEagle.
c. Click the Details... button.
d. The Physical Address is your MAC address. The IP address will be labeled IPv4. mine are 00-1B-9E-69-E6-3D and 192.168.1.104.
3. Add the IP and MAC addresses into the DHCP reservation area. This will bind that IP address to your PC, keeping it available for your PC and not assigning it to any other device.
Port Forwarding:
1. Find the "Port Forwarding" section of your router.
2. There are several fields to fill in. Here is what you need to fill in:
192.168.1.[104]---Port 445---TCP---Enabled
Repeat for the following ports/protocols: 135/TCP, 137/UDP, 138/UDP, 139/TCP.
*Replace [104] with your IP address from the DHCP reservation portion.
3. Apply/save settings.
Now you have the WAN link setup, you need to know the router WAN IP address to connect at this point. Since majority of us don't want to pay extra for a Static IP address, the ISP rotates their available IP addresses around. This is where DynDNS comes in handy. You don't need to even know it. You create an account with them and then enter the login info into the router.
1. Account w/ DynDNS setup already.
2. Find DDNS or Dynamic DNS service on your router.
3. Enter your login info from setting up your account.
4. Now, go to your phone and replace the IP address in the "Share Path" field in CIFS manager with your dyndns domain.
Now, instead of "192.168.1.104/CIFS Share", it should be "mydomain.dyndns.tv/CIFS Share".
Did you actually get it working? I tried multiple times on my own and was never able to mount the share.
Thing is, CIFS is a chatty protocol engineered for low latency LAN links. Even if it works, it may not perform very well over a relatively high latency WAN.
se1000 said:
Did you actually get it working? I tried multiple times on my own and was never able to mount the share.
Thing is, CIFS is a chatty protocol engineered for low latency LAN links. Even if it works, it may not perform very well over a relatively high latency WAN.
Click to expand...
Click to collapse
I keep getting timeouts. I had similar issues when first setting up ES to work this way. Found a little more info, updating previous post...
there are 5 ports associated with Samba/CIFS. I'm getting to the router when I use the IP address, rather than the dyndns domain. Still getting a refused connection. Gotta go back and do some research...
I have successfully set up Gmote for something similar, but Gmote doesn't support streaming most videos. It will stream supported audio files. I missed something in the previous posts, sill getting refused connections with ES and CIFS.
dclaw_fantum said:
I keep getting timeouts. I had similar issues when first setting up ES to work this way. Found a little more info, updating previous post...
there are 5 ports associated with Samba/CIFS. I'm getting to the router when I use the IP address, rather than the dyndns domain. Still getting a refused connection. Gotta go back and do some research...
I have successfully set up Gmote for something similar, but Gmote doesn't support streaming most videos. It will stream supported audio files. I missed something in the previous posts, sill getting refused connections with ES and CIFS.
Click to expand...
Click to collapse
Yeah I believe it's ports 137-139 and 445 BUT, I set my PC as the DMZ and still got timeouts and connection refused errors.
Works over WiFi like a charm
I really think it's the combination of the chatty protocol and the latency when going over a WAN link.
se1000 said:
Yeah I believe it's ports 137-139 and 445 BUT, I set my PC as the DMZ and still got timeouts and connection refused errors.
Works over WiFi like a charm
I really think it's the combination of the chatty protocol and the latency when going over a WAN link.
Click to expand...
Click to collapse
I'm not getting refusals anymore, just timeouts. It is ports 135/TCP, 137/UDP, 138/UDP, 139/TCP and 445/TCP.
I can use the WAN IP and connect using my WiFi, but that just tells me that my settings are correct. Looks like the latency is the issue. I even connected to the neighbor's WiFi to try it and timed out. Looks like the WAN part isn't going to work this way. Kind of a bummer. I'll keep trying different ways to remotely access files, probably gonna be stuck with TFTP.
Without the ability to create a domain and setup VPN, there isn't much choice from here.
dclaw_fantum said:
I'm not getting refusals anymore, just timeouts. It is ports 135/TCP, 137/UDP, 138/UDP, 139/TCP and 445/TCP.
I can use the WAN IP and connect using my WiFi, but that just tells me that my settings are correct. Looks like the latency is the issue. I even connected to the neighbor's WiFi to try it and timed out. Looks like the WAN part isn't going to work this way. Kind of a bummer. I'll keep trying different ways to remotely access files, probably gonna be stuck with TFTP.
Without the ability to create a domain and setup VPN, there isn't much choice from here.
Click to expand...
Click to collapse
Yeah I agree. I've been trying to setup a PPTP connection to my PC but that doesn't seem to work either.
I'm thinking if we can get PPTP to work, then there's a fighting chance CIFS will connect over that link.
se1000 said:
Yeah I agree. I've been trying to setup a PPTP connection to my PC but that doesn't seem to work either.
I'm thinking if we can get PPTP to work, then there's a fighting chance CIFS will connect over that link.
Click to expand...
Click to collapse
I think I'm gonna go a simpler route first for some of the users on here. I might just do an FTP server in the PC and configure ES to handle it. It won't stream, but it will allow access to the files remotely. That will give people something to hold them over until we can figure out a viable solution to this. At least they will have read/write access to the FTP server.
Someone claims that they have had success using OpenVPN. I'm going to try it. If it works, I will have a whole new, complete tutorial with screen shots and step by step instructions to post up. I will probably host it externally so I have greater control of the formatting. Stay tuned in for my next update, I will let everyone know if it works. After that, I will have to go through everything and get screens and type up instructions.

How to use a proxy or tor while tethering?

I tether with t-mobile for xbox live and it works but certain things don't, like updating games due to what i assume are strict NAT settings on tmobile's end.
I was able to do this once when I used proxydroid but I can't replicate what I did. Does anyone know how to either use tor with tethering (says it supports it in the option but I can't get the check tor page to load properly on my pc) or how to use proxydroid? I enter in proxy information and it doesn't change a damn thing when I go to pages like whatsmyip.com
what am I doing wrong?
**edit** mods i guess i should have posted this somewhere else...anyone wanna help move it?
EDIT

[Q] Hide Hotspot Traffic via VPN

I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
kcattakcaz said:
I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
Click to expand...
Click to collapse
To the best of my knowledge, they could easily know that you are connecting to the VPN tunnel as it utilizes a certain ports. However if it's correctly set up and utilize a secure protocol, all your traffic will get through the VPN and your ISP won't be able to decipher your online activities and your connection type or make sense of your internet traffic.
In other words, you may be using the VPN to connect to websites A, B, and C and send all sorts of interesting information to those websites; or send email; or whatever. Your ISP can see none of that. All they can see is encrypted data that they can't decrypt. So they know you're using a VPN, but they don't know what you're using it for.
Hope it could help.

Categories

Resources