Android router?

Discussion in 'Technical' started by wastelander, Apr 16, 2014.

  1. wastelander

    wastelander Bad English, bare with me

    I have an old android phone, a Samsung Galaxy Y that I am using as a mobile 3G router and there's some things thats bothering me
    I have installed Avast antivirus free on the said phone but when I try and turn on the firewall it says IP6 is not supported. I guess this has to do with the Android version on the phone but there's no updates through Samsung to support this feature. I have read a bit about using a custom Rom such as Cyagenmod on the device and I think I'll be trying that out.
    But, are there other ways I can make it more secure? I have blocked all texts and calls on the phone through the said AV software because I dont want calls on it, but I would like to add a feature to the tethering so I could log in to it using a browser and maybe even access the SD-card and use it as a server.

    How can I otherwise make the device more secure as a router? It would be great if I could somehow tether it to manage all connections through TOR or similar and a firewall.

    All experience welcome since I have none myself.

    I'm dreaming away here but does anyone know of such features or apps to set up?
  2. wastelander

    wastelander Bad English, bare with me

    Also, I should add, my biggest concern ATM is my ISP since I know they have been leaking information about their users. Right now there is fights about the laws on the matter here and I want to hide my traffic and e-mail traffic from them. Not because I have a methlab or am a terrorist, just because.
  3. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    hmm, interesting.

    I have rooted an old HTC Incredible and installed a tethering app, but did not do any firewall. A quick google search shows that IP6 may also depend on the carrier you are using for cellular service and the version of the android OS.
    IPv6 on Android Phones | T-Mobile Support

    Here is one app that allows IP6, but it's not tested with the Galaxy Y and specifically state that one Galaxy tablet doesn't have the IP6 code in the kernel.
    Android-IPv6Config: Enabling IPv6 address privacy on Android devices | Rene Mayrhofer's virtual home

    good luck, and if you've never rooted a phone before, it's not that hard, but you can brick it.
  4. Idahoser

    Idahoser Monkey+++ Founding Member

    unless you're using a VPN to some other place, your ISP is always going to know your traffic, you can't do anything about it. They're the ones accepting your request to find something, so they find it and bring it back to you. They can record that.
    You could use a VPN to a server you own, or somebody you know owns, or one you pay to join. Then THEIR ISP will go get what you want and bring it to the VPN but nobody will know where it goes after that.
  5. wastelander

    wastelander Bad English, bare with me

    Allright, would openVPN or similar cut it?
  6. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    As long as you TRUST the VPN Supplier, on the far end, and his Certificate... You are good to go....
    My Partners and I, ARE part of the ISP that hosts our Servers, so we have access to all the Server-side Certificates for the VPN Tunnels we use, and the DNS Servers, that Front our Servers. It is a significant Piece of Mind, to have that Security, in house.....
    wastelander likes this.
  7. wastelander

    wastelander Bad English, bare with me

    About TOR though, does it help against my ISP checking on me? I was reading this article about tunneling all connections through it. I have a couple of older computers out here that I'm playing with and one of them is an old laptop with a cracked screen that I have hooked up to the TV, was thinking about using it as a router connected to the said phone using USB and install Tails on it and hook it up to an old wired switch I got.
    Dont feel like spending any of money since this is not where I live normally but more of a BOL/hunting lodge and I play around with stuff I have discarded from my home over the years.

    Laws here at the moment demand that the ISP save all logs allthough the EU has questioned the laws and a change may or may not come.
    Last edited by a moderator: Apr 17, 2014
  8. Idahoser

    Idahoser Monkey+++ Founding Member

    you understand that the ISP serving your servers still knows what you're getting. if it's in house, you haven't accomplished anything as far as protecting your privacy from your ISP. The only way to do that is to have your traffic enter the unencrypted internet at some point that is NOT in house. That takes a VPN to somebody else.

    Let me try to get it clear, I understand I'm not the best at it-

    When you visit a website using the https: at the front, the content is encrypted but the packets still have to be routed through the server's, and your, ISPs so they know who you're talking to, but not what you're saying. When you visit a site using http:, the content is also available to both your and your server's ISPs, along with anybody in between.
    The point of using a VPN to a distant server is to obscure who within the VPN vendor's clients is the one doing the talking. The http: traffic is available to the servers', and to the VPN vendors' ISPs, but the idea is the VPN vendor has many clients and they can't tell which of them is getting the traffic.
    If you have your own servers in house, that is the start point for the unencrypted traffic, and they will be able to see that the end user is somewhere within your house (i.e., you). You're anonymous as far as who in your house is the originator, where with a VPN vendor you're anonymous as far as who in THEIR house is the originator.
    Last edited: Apr 17, 2014
  9. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    We are now effectively our OWN ISP, for our Servers, as my Partner is now, doing ALL the Systems Admin for the ISP we are connected to....Our UpStream connection is a Bundled Set of T3 Lines directly to one of the Nexus Router Nodes in Seattle. so unless someone is inside that place, with a Man in the Middle connection..... We are it, for ourselves, and all the folks we are supplying, with this connection.
  10. wastelander

    wastelander Bad English, bare with me

    That was good explaining IMO. Thanks.
  11. wastelander

    wastelander Bad English, bare with me

    Never thought I'd get this working but thanks to you guys and searchengines I finally did!
    BTPost and kellory like this.
survivalmonkey SSL seal warrant canary