howto's, internet, linux, mobile phones

AFWall+ and Linux Deploy, no internet access unless firewall is disabled

2 Comments

This is a personal reminder and also an easier-to-find heads up to those looking for a solution: if you installed linux on Android via Linux Deploy, and find that, no matter how you set rules on AFWall+ you can never get internet to the mounted linux image, unless you disable the firewall altogether (not recommendable since you installed a firewall in the first place), then here is the solution provided in this thread (it’s all due to DNS calls being blocked without a possibility to make them pass through in the vanilla AFWall+).

Under AFWall+ contextual menu, open the custom script editor, and inser these lines:

 

$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p tcp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p tcp --dport=53 -j RETURN

making sure you preserve the line return after each RETURN since pasting directly into the tiny textbox of AFWall+ may lose the carriage returns.

BAM you will have internet from your android linux without having to disable the firewall. Naturally, you will also have to enable internet access to “Applications running as root”.

Update: as per Peter’s suggestion in the comments (thank you Peter!) if you still get errors with this approach you may need to add a couple more lines, like so:

$IPTABLES -A afwall-wifi-wan -m owner –uid-owner 5000 -j RETURN
$IPTABLES -A afwall-wifi-lan -m owner –uid-owner 5000 -j RETURN

where “5000” is an id you have to customize to your needs, and you can get it either from AFWall’s errors logs, or by checking the /etc/passwd file for the current user’s entry.

2 thoughts on “AFWall+ and Linux Deploy, no internet access unless firewall is disabled”

  1. Thank you for your post that gave me a hint what to do. Please find following my experiences with that. Based on your solution I tried to get it also working on my device but was not successful. I had a lot of : (5000) nul “IPadress” was blocked messages. So I ended up with inserting a custom like this:

    $IPTABLES -A afwall-wifi-wan -m owner –uid-owner 5000 -j RETURN
    $IPTABLES -A afwall-wifi-lan -m owner –uid-owner 5000 -j RETURN

    The chain afwall-wifi-wan/afwall-wifi-lan is necessary for me cause I have the LAN/WAN switch in afwall. For 3G of course you need to include the 3G chain just look in to your afwall rules information.

    The user id is also visible in /etc/passwd in the linux deploy environment for the configured user…

    Reply

    1. Thank you Peter!
      Surely other visitors in the same bind will find your input most precious… in fact I will be adding it in the main article 🙂

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *