Direct ALL android traffic through SSH tunnel

Question

I am trying to completely conceal all traffic on my phone from the wireless provider.

I would like to do this by directing the traffic through an SSH tunnel to my home router through iptables (not sure if they help?).

The phone is rooted and is running CyanogenMod 7.1 (and is therefore iptables-capable).

I've looked at this question, but I am still sort of shaky on the details. That question sort of describes how to do this for a single port - but how can I do this for every single packet on every single port?

This question is of both practical and academic interest. Thanks.

Answer 1

Have you tried using sshtunnel? Iptables alone is not enough to do this.

As for an overview of how it's actually done:

1. Login to your server with ssh and forward the HTTP proxy port to the Android device. Thus any traffic going to localhost:3128 will actually go to the remote machine (your home router).
2. Because Android doesn't have a global proxy setting, you make redirect all traffic going to port 80 (and 443 for HTTPS) to localhost:3128. That's where iptables comes in:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to localhost:3128

If you want to redirect other protocols too, you use a SOCKS proxy with a similar setup. To redirect DNS, redirect port 53 through the tunnel, etc.

All in all to complete conceal 'all traffic' is not that easy, so just use the app. If you want to patch Cyanogenmod to do this, look at the source and modify the startup scripts.