Use another computer on the network to transparent-proxy your Android (Linux) device!

Written by Hasan Arous

Linux devices allow for a host-wide transparent-proxying for all application, the concept is to redirect the traffic (using iptables) to a local port, where a special application is running. The application forwards the connection over a SOCKS proxy, and everything should go well. But what if the device you are working with does not have iptables enabled kernel and/or the ability to install the forwarding application?

Run the application on another computer, and make it as your default gateway!

This is the main idea behind the solution, we will setup a local computer with what it takes to do the transparent-proxy thing, and redirect traffic from the other device to this one.

Install, and configure, redsocks

We are going to install redsocks: This tool allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection is system-wide.

sudo apt-get install redsocks

Configure redsocks.conf:

sudo nano /etc/redsocks.conf
redsocks {
        /* `local_ip' defaults to for security reasons,
         * use if you want to listen on every interface.
         * `local_*' are used as port to redirect to.
        local_ip =;
        local_port = 12345;

        // `ip' and `port' are IP and tcp-port of proxy-server
        ip =;
        port = 9999;

        // known types: socks4, socks5, http-connect, http-relay
        type = socks5;

This assumes I am running a socks5 proxy on port 9999.

Next we will create the iptables chain:

# Create new chain
sudo iptables -t nat -N REDSOCKS
# Ignore LANs and some other reserved addresses.
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
sudo iptables -t nat -A REDSOCKS -d -j RETURN
# Anything else should be redirected to port 12345
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

And will add the rules that define which packets should be forwarded to the REDSOCKS chain:

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS

This will take care of outgoing connections to 80, 443 ports (http, https).

Now we run redsocks:

sudo killall redsocks
sudo redsocks -c /etc/redsocks.conf

Configuring the other device to use the new setup

The idea here is to use route utility to change the device default route from the router to our host above.

For the reference, the device I am doing here is a Nook Simple Touch, it runs Android 2.1, and does not have iptables itself. The device is rooted, and I am connecting using adb shell.

First I will invoke route by itself, to see current routing information:

# busybox route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface     *        U     0      0        0 tiwlan0
default         UG    0      0        0 tiwlan0

Now I will delete my router (, and add my laptop ( instead as the default route (For a reason that I don’t know, I have to do some browsing from the nook, then the two devices can ping each other, then I can proceed with the following):

busybox route del default gw tiwlan0
busybox route add default gw tiwlan0

Important: I am using busybox route instead of route, because the default route binary is not working on this device.

And on the mother PC, where redsocks is installed, I do the following:

iptables -t nat -A PREROUTING -p tcp -s -j REDSOCKS

Where is my nook IP. You have to do the following as well (to allow for domain name lookup):

sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo echo 1 > /proc/sys/net/ipv4/ip_forward

And that’s it, now your Android apps should all be proxified through the configured proxy.

Summary of addresses

For convenience, and for the sake of clarity, here is a list of used addresses in the above setup:

  • router
  • The computer that hosts redsocks and iptables.
    • :12345 The configured port for redsocks
    • :9999 The configured socks proxy (ssh -D9999 for example.)
  • The android device that lacks iptables/redsocks. We set its default gateway to be