Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iPhone/iOS 11 tether via USB - no packets routed [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Mon Dec 18, 2017 7:11 am    Post subject: iPhone/iOS 11 tether via USB - no packets routed [SOLVED] Reply with quote

I'm trying to tether my iPhone 5s/iOS 11.1.2 to my Gentoo laptop via USB (I had been trying to use wifi, but ran into other troubles and gave up when I realized I could maybe do it with an actual wire). I followed instructions found on the wiki and it all went very smoothly and seems fine from a kernel perspective. I won't bother showing you the evidence of that :)

I've got a new interface created and made an node for it in /etc/init.d in the usual way. Personal Hotspot is turned on. I learned that I needed to turn off LTE on the phone in order to fix the fact that I wasn't seeing any DHCP server. Turning off LTE fixed that and then I got what looks like a proper IP address and everything seems in order. The phone shows a blue bar at the top that says "Personal Hotspot: 1 connection":

Code:
# /etc/init.d/net.enp0s26f7u3c4i2 start
 * Bringing up interface enp0s26f7u3c4i2
 *   dhcp ...
 *     Running dhcpcd ...
DUID 00:01:00:01:20:b2:0a:20:00:1d:72:8c:87:29
enp0s26f7u3c4i2: IAID 02:05:65:25
enp0s26f7u3c4i2: soliciting a DHCP lease
enp0s26f7u3c4i2: offered 172.20.10.2 from 172.20.10.1 `MyPhone'
enp0s26f7u3c4i2: probing address 172.20.10.2/28
enp0s26f7u3c4i2: leased 172.20.10.2 for 85536 seconds
enp0s26f7u3c4i2: adding route to 172.20.10.0/28
enp0s26f7u3c4i2: adding default route via 172.20.10.1
forked to background, child pid 11811                                   [ ok ]
 *     received address 172.20.10.2/28                                   [ ok ]

# ifconfig
enp0s26f7u3c4i2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.10.2  netmask 255.255.255.240  broadcast 172.20.10.15
        ether 0a:74:02:05:65:25  txqueuelen 1000  (Ethernet)
        RX packets 36  bytes 4944 (4.8 KiB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 103  bytes 14974 (14.6 KiB)
        TX errors 10  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 329410  bytes 35177370 (33.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 329410  bytes 35177370 (33.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.20.10.1     0.0.0.0         UG        0 0          0 enp0s26f7u3c4i2
172.20.10.0     0.0.0.0         255.255.255.240 U         0 0          0 enp0s26f7u3c4i2


The problem is that it's not working :lol: If I try to access the Net, say ping someplace on the outside like 8.8.8.8 (Google's DNS server, which does respond to ping), I get

Code:
# ping 8.8.8.8 | head -20
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable
From 172.20.10.2 icmp_seq=1 Destination Host Unreachable


Same deal if I try to ping 172.20.10.1, which is supposed to be my gateway and DNS server. Needless to say, no other access, like web sites, works.

If I'm not mistaken, this IP is in a private address range, right? But that shouldn't indicate anything wrong, I think, because it's just a private net between my phone and laptop.

Any clues to help fix this will be very much appreciated.


Last edited by Punchcutter on Thu Jan 11, 2018 10:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Mon Dec 18, 2017 7:54 am    Post subject: Reply with quote

Gack.... ok that problem was caused by the firewall #smh. I should have figured that out quicker. But I'm going to leave this thread open a bit longer to see if I can get any help with the following...

So now... packets can route to the phone side, and there's no apparent problem with DNS, but.... now there's still no response from the outside world. I can try to load pages in the browser, and they eventually time out. So it's like I'm talking to the world, but no one is answering. Aaaugh! I know... the farther this gets from being a straightforward technical problem, the less chance anyone will have a clue that can help me, but... I'll grasp at straws a bit and hope. Thanks.

(I did neglect to mention that I am running a VPN on the phone, but that shouldn't cause any trouble because the phone itself can access the web just fine, and I tried testing with the VPN turned off and of course it didn't make a difference.)
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5871

PostPosted: Mon Dec 18, 2017 8:24 am    Post subject: Reply with quote

if this were iptables, it still sounds like fw/routing... eg

Code:
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate NEW -i "$LAN" -o "$WAN" -j ACCEPT


i don't suppose you would have an android device to try tethering against?
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Tue Dec 19, 2017 1:28 am    Post subject: Reply with quote

bunder wrote:
if this were iptables, it still sounds like fw/routing... eg
i don't suppose you would have an android device to try tethering against?

No... no Android device, but..... I can ping the phone at the other end of the private network. Does that not mean that there's no longer a f/w issue at the laptop end?

I'm running Shorewall, not writing iptables directly (although I'm learning how to do that and may replace Shorewall soon :)). The Shorewall config is pretty simple and all I did was add the new i/f name to the interfaces it recognizes to get it to pass packets.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5871

PostPosted: Tue Dec 19, 2017 1:11 pm    Post subject: Reply with quote

Punchcutter wrote:
Does that not mean that there's no longer a f/w issue at the laptop end?


I was thinking the phone might have one... sorry for not making that more clear. :oops:
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1559
Location: KUUSANKOSKI, Finland

PostPosted: Tue Dec 19, 2017 1:41 pm    Post subject: Reply with quote

Punchcutter wrote:
I'm running Shorewall, not writing iptables directly (although I'm learning how to do that and may replace Shorewall soon :)).
I'd suggest you to learn nftables instead. IMO it's more human-readable than several lines of iptables commands. Also you never know when the iptables is going to be deprecated by nftables.

"Be seeing you..."
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Thu Dec 21, 2017 10:21 pm    Post subject: Reply with quote

bunder wrote:
I was thinking the phone might have one... sorry for not making that more clear. :oops:

Seems very unlikely... it's an iPhone, not a Linux box 8)


Last edited by Punchcutter on Thu Dec 21, 2017 10:23 pm; edited 1 time in total
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Thu Dec 21, 2017 10:22 pm    Post subject: Reply with quote

Zucca wrote:
Punchcutter wrote:
I'm running Shorewall, not writing iptables directly (although I'm learning how to do that and may replace Shorewall soon :)).
I'd suggest you to learn nftables instead. IMO it's more human-readable than several lines of iptables commands. Also you never know when the iptables is going to be deprecated by nftables.
Thanks for the tip.

Quote:
"Be seeing you..."
:D
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Fri Dec 22, 2017 7:25 am    Post subject: Reply with quote

OK, so I've discovered that although browsers keep spinning and spinning and eventually time out, I can telnet to a web server, and GET a page that way. So now this seems to make little sense to me. The following yields results:
Code:
telnet www.foo.com 80
GET /
but accessing www.foo.com in a browser does not.

Does this make sense to anyone?
Back to top
View user's profile Send private message
Punchcutter
Guru
Guru


Joined: 11 Feb 2007
Posts: 332

PostPosted: Thu Jan 11, 2018 10:14 pm    Post subject: Reply with quote

So, long story short, I've spent hours on this problem since the last post... and many many minutes over a few different calls with Apple support, and also once the engineering dept of my cell provider....... and last night it finally started to work for "no apparent reason". But I figured out what the trigger was.

When I first tried this tether, the laptop was not getting an IP addr via DHCP. I googled about that. Someone on some forum suggested that this happens if you have "LTE" turned on on the phone. So I went into the iPhone cell data settings and turned off "Enable LTE". After that, DHCP worked fine. So I thought, "Ok, I need to keep LTE turned off."

But then I reached the abovementioned problem, whereby I could communicate across the tether with IP sites, including web servers and nameservers, but the only thing I could NOT do was receive web data back from a web server when the client doing the requesting looks like a browser. In other words, if I try to pull a web site using an actual browser, or curl, I can connect to the server side, but I then hang/timeout waiting while no data is returned. On the other hand, if I use telnet to do the same thing, I can get the page data back. Utterly bizarre.

Through all the time spent trying to debug THAT problem, I never went back and questioned the LTE thing, or tried flipping it back on during my testing. When I did finally turn it back on..... now suddenly DHCP still works, and tethering works fully and I can surf the web. Maybe the second strangest thing about this whole episode is why DHCP didn't work originally until I turned LTE off on the phone, but now it does work with LTE active. In between those two events, I did (on advice from Apple support) do a hard reset on the phone. Maybe that "shook something loose". Geh. Problems like this are so frustrating. Just glad it finally works. BTW, I did go back and test again to see if having the LTE switch on or off really made the difference. Yep, LTE off, web page data does not flow back to browsers or curl, but does for telnet. LTE on, everything works fine. Go figure.

Hope this helps someone else.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum