I am working on a MirrorLink implementation for the Google Pixel (Android 8.1.0). I must implement a DHCP server; however, Android applications cannot listen on reserved ports.
The Android application is listening for DHCP DISCOVERY broadcasts on UDP port 6700. My intent is to port forward the DHCP traffic to 6700 so my application can handle the DHCP request.
I cannot find a combination of iptables rules that result in DHCP traffic reaching my application. If I send a DHCP DISCOVERY directly to port 6700 I receive the traffic.
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N bw_FORWARD
-N bw_INPUT
-N bw_OUTPUT
-N bw_costly_rmnet_data0
-N bw_costly_shared
-N bw_costly_tun0
-N bw_data_saver
-N bw_happy_box
-N bw_penalty_box
-N fw_FORWARD
-N fw_INPUT
-N fw_OUTPUT
-N fw_dozable
-N fw_powersave
-N fw_standby
-N natctrl_FORWARD
-N natctrl_tether_counters
-N nm_mdmprxy_doze_mode_skip
-N nm_mdmprxy_iface_pkt_fwder
-N oem_fwd
-N oem_out
-N st_OUTPUT
-N st_clear_caught
-N st_clear_detect
-N st_penalty_log
-N st_penalty_reject
# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N natctrl_nat_POSTROUTING
-N oem_nat_pre
I have tried various combinations of the following rules:
iptables -A INPUT -i ncm0 -p udp --dport 67 -J REDIRECT --to-port 6700
iptables -A FORWARD -i ncm0 -p udp --dport 6700 -j ACCEPT
iptables -A INPUT -i ncm0 -p udp --dport 6700 -j ACCEPT
iptables -A PREROUTING -t nat -i ncm0 -p udp --dport 67 -j REDIRECT --to-port 6700
I suspect either a dire misunderstanding of iptables configuration (likely), special considerations for DHCP traffic, or Android/device specific conflicts.
I would appreciate any help getting this to work. It's the last barrier to achieving the MirrorLink implementation.
I have root access to the device if that wasn't clear already.
For absolute clarity - the MirrorLink device sends a DHCP DISCOVERY request (UDP port 67) to the Android device over a USB ethernet connection (CDC-NCM). The Google Pixel and probably most AOSP devices expose this interface as ncm0. Android applications can't listen on IANA well-known reserved ports, hence the need for internal port redirection to the 1024 - 49151 range. The Android device is reponsible for operating a DHCP server and returning a DHCP offer to the MirrorLink device.