softmoth · April 22, 2026 21:18 · Mar 17, 2022 · May 18, 2019 · May 18, 2019 · May 18, 2019
diff --git a/README.md b/README.md
@@ -1,11 +1,15 @@
 # Using a proxy to avoid tether throttling
 
-I use my mobile phone for internet access. My provider's Unlimited data plan
-discourages tethering (using the phone as a hotspot), though, by throttling
+I ~~use~~ used to use my mobile phone for internet access. My provider's Unlimited data plan
+discourage~~s~~d tethering (using the phone as a hotspot), though, by throttling
 traffic it sees coming from other devices.
 
-A fairly simple and robust solution is to run a proxy server on the phone, and
-then set up your router to send all traffic through the proxy.
+A fairly simple and robust solution ~~is~~ was to run a proxy server on the phone, and
+then set up the router to send all traffic through the proxy.
+
+## Bit rot warning
+
+I no longer use this setup, and do not have access to the mobile account or router that is described here. The comments section below may have further updates. If you can suggest improvements I will integrate them into the gist, but am not able to troubleshoot or verify changes.
 
 ## Run a proxy on the phone
 

diff --git a/README.md b/README.md
@@ -69,62 +69,66 @@ in `/etc/rc.d` so it will run when the router boots up.
 Next, put the following in `/etc/init.d/proxy_vpn`:
 
 ```
-
 #! /bin/sh /etc/rc.common
 
 # Modified from https://github.com/darkk/redsocks#iptables-example
-
-# Tested on OpenWRT 18.06, TP-LINK Archer C7 v2.0
+# Tested on OpenWRT 18.06, TP-LINK Archer C7 v2.0, redsocks 0.4
 # Prereq: opkg install redsocks
 
-# Redsocks should be running already, but just in case...
-/etc/init.d/redsocks start
+START=91
+REDSOCKS_PORT=37419
 
-REDSOCKS_PORT=12347
+start () {
+    # Redsocks should be running already, but just in case...
+    /etc/init.d/redsocks start
 
-# Leave this empty if you want to proxy the local
-# networking in addition to the eth0 subnet stuff.
-SUBNET="-i br-lan"
+    #
+    # Set up iptables
+    #
 
-#
-# Set up iptables
-#
+    echo "Routing traffic to redsocks on port $REDSOCKS_PORT"
 
-echo "Routing traffic to redsocks on port $REDSOCKS_PORT"
+    #
+    # Create the chain of rules to send non-local traffic through redsocks
+    #
 
-# Create new chain
-iptables -t nat -N REDSOCKS
+    iptables -t nat -N REDSOCKS
 
-# Ignore LANs and some other reserved addresses
-iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
-iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
-iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
-iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
-iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
-iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
-iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
-iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
+    # Don't proxy local or private traffic
+    iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
+    iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+    iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+    iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
+    iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+    iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+    iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
+    iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
 
-# Anything else should be redirected
-iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
+    # Send everything else through the redsocks daemon
+    iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
 
-# Depending on network configuration, it may be as easy as:
-iptables -t nat -A PREROUTING $SUBNET -p tcp -j REDSOCKS
 
-iptables -A INPUT $SUBNET -p tcp --dport $REDSOCKS_PORT -j ACCEPT
-```
+    #
+    # Jump to the REDSOCKS chain if packet is going out on wlan (to phone)
+    #
 
-Remove the redirects with:
-```
-#! /bin/sh
+    iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
+    # XXX It seems that OUTPUT is too late?
+    #iptables -t nat -A OUTPUT -o wlan0 -p tcp -j REDSOCKS
+}
 
-iptables -t nat -F REDSOCKS
-iptables -t nat -F PREROUTING
-iptables -t nat -F POSTROUTING
-iptables -F INPUT
-iptables -F FORWARD
-iptables -t nat -X REDSOCKS
-/etc/init.d/firewall restart
+stop () {
+    iptables -t nat -F REDSOCKS
+    iptables -t nat -F PREROUTING
+    iptables -t nat -F POSTROUTING
+    iptables -F INPUT
+    iptables -F FORWARD
+    iptables -t nat -X REDSOCKS
+    /etc/init.d/firewall restart
+}
 
-/etc/init.d/redsocks stop
+restart () {
+    stop
+    start
+}
 ```
diff --git a/README.md b/README.md
@@ -34,8 +34,8 @@ SOCKS5 proxy running on the phone.
 I use [OpenWRT][] on my router, but any OS that lets you run redsocks
 should do fine. For OpenWRT, `opkg install redsocks` gets it done.
 
-redsocks: https://github.com/darkk/redsocks
-OpenWRT: https://openwrt.org/
+[redsocks]: https://github.com/darkk/redsocks
+[OpenWRT]: https://openwrt.org/
 
 Edit `/etc/redsocks.conf` to have this:
 

diff --git a/README.md b/README.md
@@ -0,0 +1,130 @@
+# Using a proxy to avoid tether throttling
+
+I use my mobile phone for internet access. My provider's Unlimited data plan
+discourages tethering (using the phone as a hotspot), though, by throttling
+traffic it sees coming from other devices.
+
+A fairly simple and robust solution is to run a proxy server on the phone, and
+then set up your router to send all traffic through the proxy.
+
+## Run a proxy on the phone
+
+There are several apps in the Play store which can do this on a stock phone
+(root not required). I've used [Socks Server Ultimate][ssu]. It's best to get
+this running first, and manually configure the browser on your laptop to use
+it, to verify that it's working properly. Then procede to the router setup.
+
+[ssu]: https://play.google.com/store/apps/details?id=com.icecoldapps.socksserverultimate&hl=en_US
+
+## Tethering the router to the phone
+
+On my TP-Link Archer C7 1750 router, I can use the 5Ghz radio as a client to
+talk to my phone, and the 2.4Ghz radio as the access point. [OpenWRT][] makes it
+easy to configure via the `Scan` button in the UI.
+
+If your phone has locked down Hotspot, you may be able to install `adb` tools and
+run `adb forward tcp:12345 tcp:12346` on the router to forward traffic from the
+router's port 12345 to the proxy running on the phone's port 12346.
+
+## Redirect all traffic to the proxy
+
+I use [redsocks][] and `iptables` to send all the traffic on the router to the
+SOCKS5 proxy running on the phone.
+
+I use [OpenWRT][] on my router, but any OS that lets you run redsocks
+should do fine. For OpenWRT, `opkg install redsocks` gets it done.
+
+redsocks: https://github.com/darkk/redsocks
+OpenWRT: https://openwrt.org/
+
+Edit `/etc/redsocks.conf` to have this:
+
+```
+// send all traffic to a remote SOCKS5 proxy
+
+base {
+    log_info = on;
+    log = "file:/var/log/proxy_vpn.log";
+    daemon = on;
+    redirector = iptables;
+}
+
+redsocks {
+    // Use iptables to redirect traffic here
+    local_ip = 0.0.0.0;
+    local_port = 12345;
+
+    // Remote proxy info
+    // Use 127.0.0.1 if using adb forward; otherwise use the
+    // Phone's hotspot IP
+    ip = 192.168.43.1;
+    port = 12346;
+    type = socks5;
+}
+```
+
+The package should automatically install `/etc/init.d/redsocks` and enable it
+in `/etc/rc.d` so it will run when the router boots up.
+
+Next, put the following in `/etc/init.d/proxy_vpn`:
+
+```
+
+#! /bin/sh /etc/rc.common
+
+# Modified from https://github.com/darkk/redsocks#iptables-example
+
+# Tested on OpenWRT 18.06, TP-LINK Archer C7 v2.0
+# Prereq: opkg install redsocks
+
+# Redsocks should be running already, but just in case...
+/etc/init.d/redsocks start
+
+REDSOCKS_PORT=12347
+
+# Leave this empty if you want to proxy the local
+# networking in addition to the eth0 subnet stuff.
+SUBNET="-i br-lan"
+
+#
+# Set up iptables
+#
+
+echo "Routing traffic to redsocks on port $REDSOCKS_PORT"
+
+# Create new chain
+iptables -t nat -N REDSOCKS
+
+# Ignore LANs and some other reserved addresses
+iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
+iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
+
+# Anything else should be redirected
+iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
+
+# Depending on network configuration, it may be as easy as:
+iptables -t nat -A PREROUTING $SUBNET -p tcp -j REDSOCKS
+
+iptables -A INPUT $SUBNET -p tcp --dport $REDSOCKS_PORT -j ACCEPT
+```
+
+Remove the redirects with:
+```
+#! /bin/sh
+
+iptables -t nat -F REDSOCKS
+iptables -t nat -F PREROUTING
+iptables -t nat -F POSTROUTING
+iptables -F INPUT
+iptables -F FORWARD
+iptables -t nat -X REDSOCKS
+/etc/init.d/firewall restart
+
+/etc/init.d/redsocks stop
+```
No results found