• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

How to bypass "tethering block" on Three network?

I've been doing some digging - I noticed something was strange when the Three IP I was given on my desktop and other tethered devices was different to the one on my phone...

When tethering is on, there are three 'network interfaces' at play on the phone. Without tethering on, there's just one really that we're concerned with - 'rmnet0' - which is the connection to three. When tethering comes on, however, two are created - 'rndis0' which is the interface that deals with the internal tethered network that it sets up (192.168.42.x range) BUT an additional rmnet interface - 'rmnet1' then appears with a different internal (on the 10.x.x.x range) and external three IP address to rmnet0.

You guessed it, anything tethered goes through rndis0, and everything on that interface gets forwarded to this newly created rmnet1 interface which, during the 3pm-midnight hours, is painfully slow.

I'm looking into what I can do to change this by altering the iptables but this is a bit beyond my skillset. I'll report anything I can find out.

So after a bit of experimentation, I was able to stop rmnet1 being generated by adding net.tethering.noprovisioning=true to the end of my build.prop file. Unfortunately, while this technically worked to stop rmnet1 being generated, devices tethered wouldn't receive internet, making it useless. So, I reverted and looked again.

EDIT: I have now managed to get net.tethering.noprovisioning=true to work - please see my reply below.

What then did work was fixing the iptables so that - even with this second 'tethering' interface being generated - all the traffic goes through the original interface instead. Same external IP for my phone, same for all my attached devices. Fantastic!

To do this, you need a rooted device (in my instance, I'm running Android 5.1 on a Moto G with a PAYG Three SIM - YMMV! Attempt at your own risk!) with SuperSU and busybox installed, and adb installed on your computer (as well as the required drivers for your phone).

First, set up tethering on your phone - USB or Wifi hotspot, the process should be the same. Just make sure it's turned on and your data is on, too.

Then, at a terminal/command line, run 'adb shell'. If your device connects, you should see something like 'shell@android:/'. Then type su, which gives the shell root privileges. Check what interfaces you have - 'busybox ifconfig' should give you a list. If you have rmnet0, rmnet1 and rndis0, proceed!

Following that, run the commands 'ip rule show' and 'iptables -S' to make sure that the commands I have below will remove/change what you have.

Then, in order, run the following commands:

ip rule del iif rndis0 lookup rmnet1
ip rule add iif rndis0 lookup rmnet0
iptables -F
iptables -A natctrl_FORWARD -i rmnet0 -o rndis0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -m state --state INVALID -j DROP
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -m ttl --ttl-lt 2 -j DROP
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -g natctrl_tether_counters
iptables -A natctrl_FORWARD -j DROP
iptables -A natctrl_tether_counters -i rndis0 -o rmnet0 -j RETURN
iptables -A natctrl_tether_counters -i rmnet0 -o rndis0 -j RETURN
iptables -t nat -A POSTROUTING --out-interface rmnet0 -j MASQUERADE
iptables -A FORWARD --in-interface rndis0 -j ACCEPT

The first two ip rule commands point your phone in the better direction!
iptables -F clears your iptables list, but again, YMMV - you may get away with just removing sections such as natctrl_FORWARD and/or nat_ctrl_tether_counters.
The rest, bar the last two, adds back in some of what was in the iptables list, with changes to reflect 'rmnet0' instead of 'rmnet1'.
The final two I added in as an attempt, running from what was listed here. I can't say for sure if it helped but, it's in my iptables and isn't causing any problems, so!

The good (and bad?) news is that these will only stay in place until/unless you restart your phone. So, if you mess it up, just reboot and you should be fine to try again/try something else.

Unfortunately, I really am no expert with iptables so I can't offer any guidance (and if I'm honest, I have no idea what in particular has made all of this work), but I found that adding some of these back in stopped strange errors popping up. If anyone with more knowledge of these matters wants to chip in and offer any additional references or comments, please do! And again, please be aware while this worked for me, it might not for you - so really do be careful.

I shall report again tomorrow to let you know if the throttle has indeed been beaten!
 
Last edited:
Upvote 0
So after a bit of experimentation, I was able to stop rmnet1 being generated by adding net.tethering.noprovisioning=true to the end of my build.prop file. Unfortunately, while this technically worked to stop rmnet1 being generated, devices tethered wouldn't receive internet, making it useless. So, I reverted and looked again.

What then did work was fixing the iptables so that - even with this second 'tethering' interface being generated - all the traffic goes through the original interface instead. Same external IP for my phone, same for all my attached devices. Fantastic!

To do this, you need a rooted device (in my instance, I'm running Android 5.1 on a Moto G with a PAYG Three SIM - YMMV! Attempt at your own risk!) with SuperSU and busybox installed, and adb installed on your computer (as well as the required drivers for your phone).

First, set up tethering on your phone - USB or Wifi hotspot, the process should be the same. Just make sure it's turned on and your data is on, too.

Then, at a terminal/command line, run 'adb shell'. If your device connects, you should see something like 'shell@android:/'. Then type su, which gives the shell root privileges. Check what interfaces you have - 'busybox ifconfig' should give you a list. If you have rmnet0, rmnet1 and rndis0, proceed!

Following that, run the commands 'ip rule show' and 'iptables -S' to make sure that the commands I have below will remove/change what you have.

Then, in order, run the following commands:

ip rule del iif rndis0 lookup rmnet1
ip rule add iif rndis0 lookup rmnet0
iptables -F
iptables -A natctrl_FORWARD -i rmnet0 -o rndis0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -m state --state INVALID -j DROP
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -m ttl --ttl-lt 2 -j DROP
iptables -A natctrl_FORWARD -i rndis0 -o rmnet0 -g natctrl_tether_counters
iptables -A natctrl_FORWARD -j DROP
iptables -A natctrl_tether_counters -i rndis0 -o rmnet0 -j RETURN
iptables -A natctrl_tether_counters -i rmnet0 -o rndis0 -j RETURN
iptables -t nat -A POSTROUTING --out-interface rmnet0 -j MASQUERADE
iptables -A FORWARD --in-interface rndis0 -j ACCEPT

The first two ip rule commands point your phone in the better direction!
iptables -F clears your iptables list, but again, YMMV - you may get away with just removing sections such as natctrl_FORWARD and/or nat_ctrl_tether_counters.
The rest, bar the last two, adds back in some of what was in the iptables list, with changes to reflect 'rmnet0' instead of 'rmnet1'.
The final two I added in as an attempt, running from what was listed here. I can't say for sure if it helped but, it's in my iptables and isn't causing any problems, so!

The good (and bad?) news is that these will only stay in place until/unless you restart your phone. So, if you mess it up, just reboot and you should be fine to try again/try something else.

Unfortunately, I really am no expert with iptables so I can't offer any guidance (and if I'm honest, I have no idea what in particular has made all of this work), but I found that adding some of these back in stopped strange errors popping up. If anyone with more knowledge of these matters wants to chip in and offer any additional references or comments, please do! And again, please be aware while this worked for me, it might not for you - so really do be careful.

I shall report again tomorrow to let you know if the throttle has indeed been beaten!
I take no credit for the following post

Google made a change in Android 4.4 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet.

This can be fixed permanently using the following procedure (UPDATE: no root required):

  1. Enable developer mode (Go to Settings -> About phone, and click on the build number until the developer mode is enabled).
  2. Enable USB debugging under Settings -> Developer options
  3. Connect the device with a USB cable to a computer with the Android SDK platform tools installed
  4. Start an adb shell: adb shell
  5. In the adb shell, run this command: settings put global tether_dun_required 0
 
Upvote 0
I take no credit for the following post

Google made a change in Android 4.4 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet.

This can be fixed permanently using the following procedure (UPDATE: no root required):

  1. Enable developer mode (Go to Settings -> About phone, and click on the build number until the developer mode is enabled).
  2. Enable USB debugging under Settings -> Developer options
  3. Connect the device with a USB cable to a computer with the Android SDK platform tools installed
  4. Start an adb shell: adb shell
  5. In the adb shell, run this command: settings put global tether_dun_required 0

This was the first thing I did and unfortunately it had no effect on my phone in stopping the throttling taking place - I'm sure it has an effect on the tether block, but not the throttle. I checked the value of 'tether_dun_required' was 0 on reboot and it was - but the way android works (at least on this phone, on 5.1) meant that when tethering is active, a separate connection to three is created (with a separate external IP) and tethered traffic is sent through that.

I do however have an update. Returning to adding 'net.tethering.noprovisioning=true' to build.prop, I discovered the problem for no internet access - external DNS requests aren't forwarded to clients when this tethering is active. I set my DNS manually to google's servers (8.8.8.8 and 8.8.4.4) and I had internet, tethered through my phone, with the same external IP as my phone. Only one network interface is created - rmnet0. Success!

I'm now, just on the safe side, running all my traffic through a VPN.

I will report back in the afternoon to let you know if that manages to defeat the throttling that three has been forcing.
 
Upvote 0
This was the first thing I did and unfortunately it had no effect on my phone in stopping the throttling taking place - I'm sure it has an effect on the tether block, but not the throttle. I checked the value of 'tether_dun_required' was 0 on reboot and it was - but the way android works (at least on this phone, on 5.1) meant that when tethering is active, a separate connection to three is created (with a separate external IP) and tethered traffic is sent through that.

I do however have an update. Returning to adding 'net.tethering.noprovisioning=true' to build.prop, I discovered the problem for no internet access - external DNS requests aren't forwarded to clients when this tethering is active. I set my DNS manually to google's servers (8.8.8.8 and 8.8.4.4) and I had internet, tethered through my phone, with the same external IP as my phone. Only one network interface is created - rmnet0. Success!

I'm now, just on the safe side, running all my traffic through a VPN.

I will report back in the afternoon to let you know if that manages to defeat the throttling that three has been forcing.

So, its past 3pm, and I have unthrottled speeds (for the moment, at least.) Mission accomplished!

So, to recap:

I have a three PAYG sim with AYCE data (but 'technically' can't tether.) I have the APN set simply as three.co.uk with no extra information. I am tethering this over USB to an OpenWRT flashed router so that the wifi traffic has its own seperate device, with the phone acting as the routers 'WAN'.

Settings put global tether_dun_required 0 made no difference to tethering in so much as that the traffic from tethered devices went through a second generated connection to three on my phone. Its possible that this alongside the APN settings prevent the tether block from having an effect.

Editing build.prop to ensure that net.tethering.noprovisioning=true means that tethered devices pass their traffic through the same interface as the phone traffic, rather than a second generated connection. (At least on Android 5.1)

DNS doesn't work doing this, so setting the DNS servers to googles public servers (8.8.8.8 and 8.8.4.4) allowed web access to work properly.

A combination of all of these (and, to be sure, running traffic through a VPN which is set up on the router) seems to have defeated the 3pm-midnight throttling from having an effect. For now!

I hope this helps other users.
 
Upvote 0
Hi guys, I ended up here just trying to discover what tethering was and discovered a whole can of worms. My Motorola G4 (supplied direct from Moto) seems to do it flawlessly on both wifi and USB on 3 and Voda. All PAYG, running Firefox. Vodaphone specifically allows tethering, 3 specifically forbids it. Great phone btw, but a little under the radar. Maybe they'll catch up.
 
Upvote 0
Hi guys, I ended up here just trying to discover what tethering was and discovered a whole can of worms. My Motorola G4 (supplied direct from Moto) seems to do it flawlessly on both wifi and USB on 3 and Voda. All PAYG, running Firefox. Vodaphone specifically allows tethering, 3 specifically forbids it. Great phone btw, but a little under the radar. Maybe they'll catch up.

not sure what this post contributes to the discussion to be honest!
 
Upvote 0
Or you could just all pay for your data and stop abusing a network? We can see the damage it is doing Three are raising prices... And raised the prices from £15 - £25 on PAYG for AYCE Data, what does that say? it's because they can't handle it.

STOP ABUSING THE NETWORK AND EFFECTING OTHERS.

Go to Sky, BT, Virgin Media, Talk Talk, KCOM, ECLIPSE, PLUSNET whatever just stop using Three UK as a broadband substitute eventually so many people will do it and Three UK won't be able to cope and they will just scrap it for everyone.
 
Upvote 0
Or you could just all pay for your data and stop abusing a network? We can see the damage it is doing Three are raising prices... And raised the prices from £15 - £25 on PAYG for AYCE Data, what does that say? it's because they can't handle it.

STOP ABUSING THE NETWORK AND EFFECTING OTHERS.

Go to Sky, BT, Virgin Media, Talk Talk, KCOM, ECLIPSE, PLUSNET whatever just stop using Three UK as a broadband substitute eventually so many people will do it and Three UK won't be able to cope and they will just scrap it for everyone.

dont feed the troll
 
Upvote 0
Or you could just all pay for your data and stop abusing a network? We can see the damage it is doing Three are raising prices... And raised the prices from £15 - £25 on PAYG for AYCE Data, what does that say? it's because they can't handle it.

STOP ABUSING THE NETWORK AND EFFECTING OTHERS.

Go to Sky, BT, Virgin Media, Talk Talk, KCOM, ECLIPSE, PLUSNET whatever just stop using Three UK as a broadband substitute eventually so many people will do it and Three UK won't be able to cope and they will just scrap it for everyone.

This may sound selfish, but I feel justified in my decision as for standard ADSL broadband I can only get up to 3mbps a second if I'm lucky and for fibre up to 15. All these plans come to over £25 for me so using the tether block is the only way I can get a quick (up to 80mbps on my phone) and cheap unlimited connection. Why pay a ton for slow speeds? Not everyone has access to quick wired broadbands.
 
Upvote 0
[...]so using the tether block is the only way I can get a quick (up to 80mbps on my phone) and cheap unlimited connection.[...]

It's only "cheap" because you're working around the network-imposed restriction though, I think that's the point. ;)

To all: whatever your viewpoint on the matter, please keep the discussion civil.
 
Upvote 0
I take no credit for the following post

Google made a change in Android 4.4 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet.

This can be fixed permanently using the following procedure (UPDATE: no root required):

  1. Enable developer mode (Go to Settings -> About phone, and click on the build number until the developer mode is enabled).
  2. Enable USB debugging under Settings -> Developer options
  3. Connect the device with a USB cable to a computer with the Android SDK platform tools installed
  4. Start an adb shell: adb shell
  5. In the adb shell, run this command: settings put global tether_dun_required 0
So, its past 3pm, and I have unthrottled speeds (for the moment, at least.) Mission accomplished!

So, to recap:

I have a three PAYG sim with AYCE data (but 'technically' can't tether.) I have the APN set simply as three.co.uk with no extra information. I am tethering this over USB to an OpenWRT flashed router so that the wifi traffic has its own seperate device, with the phone acting as the routers 'WAN'.

Settings put global tether_dun_required 0 made no difference to tethering in so much as that the traffic from tethered devices went through a second generated connection to three on my phone. Its possible that this alongside the APN settings prevent the tether block from having an effect.

Editing build.prop to ensure that net.tethering.noprovisioning=true means that tethered devices pass their traffic through the same interface as the phone traffic, rather than a second generated connection. (At least on Android 5.1)

DNS doesn't work doing this, so setting the DNS servers to googles public servers (8.8.8.8 and 8.8.4.4) allowed web access to work properly.

A combination of all of these (and, to be sure, running traffic through a VPN which is set up on the router) seems to have defeated the 3pm-midnight throttling from having an effect. For now!

I hope this helps other users.


Thats a reat post and would like to try. Im a relative newbie to all this and hope you can help. I would like to tether more on my tablets rather than a PC. What will be the pocedure, then? I am using a Lenovo K4 Note running 5.1 lollippop. ANd generic ANdroid tablets.

Grateful for kind help.

Thanks
 
Upvote 0
I've been on PAYG 25 add-on for two weeks now and consumed 30GB, half of which is tethering and Three has yet to pick up on it. Most of the tethering (wifi hotspot/W10/laptop) is downloading Steam VR games, so there's been nothing to hide the tethering. I'm on JB 4.3 by choice, and it's interesting that an earlier poster stated that Three are no longer alerted to Jellybean (spurious statement which I don't believe. Though in my first stint on Three, 4 years ago, they pounced on my tethering almost immediately).

For browsing I use a VPN and a googlebot (has minimal impact on web format), and this effectively hides all signs of Windows OS... but if I get a block I'll know it effectively hides nothing.

Price hikes have absolutely nothing to do with tethering ‘abuse’ – it’s a competitive industry, and it’s all about profits. But when one Network raises its prices the others follow like sheep. My previous Network, giffgaff, did exactly that, but because its deals are now so pitiful (and ‘always on’ is regularly switched off after 20GB) I came back to Three.
 
Upvote 0
I've been on PAYG 25 add-on for two weeks now and consumed 30GB, half of which is tethering and Three has yet to pick up on it. Most of the tethering (wifi hotspot/W10/laptop) is downloading Steam VR games, so there's been nothing to hide the tethering. I'm on JB 4.3 by choice, and it's interesting that an earlier poster stated that Three are no longer alerted to Jellybean (spurious statement which I don't believe. Though in my first stint on Three, 4 years ago, they pounced on my tethering almost immediately).

For browsing I use a VPN and a googlebot (has minimal impact on web format), and this effectively hides all signs of Windows OS... but if I get a block I'll know it effectively hides nothing.

Price hikes have absolutely nothing to do with tethering ‘abuse’ – it’s a competitive industry, and it’s all about profits. But when one Network raises its prices the others follow like sheep. My previous Network, giffgaff, did exactly that, but because its deals are now so pitiful (and ‘always on’ is regularly switched off after 20GB) I came back to Three.


More importantly, can you tell us how you managed to "hack" your phone so that Three dont pickup the tethering?

Can you tell us the settings you did/managed so as to enjoy this tethering? A workaround will help. Also the make and model of your handset/version that you managed with !

Thanks
 
Upvote 0
More importantly, can you tell us how you managed to "hack" your phone so that Three dont pickup the tethering?

Can you tell us the settings you did/managed so as to enjoy this tethering? A workaround will help. Also the make and model of your handset/version that you managed with !

Thanks


Well, I haven’t ‘hacked’ anything – I’m simply waiting for that tether block, which will surely come.

The APN is default (three.co.uk). My phone (OPPO Find 7) is rooted, but I haven’t as yet taken advantage of root to hide tethering. All the big Steam downloads were done with network type locked to ‘LTE only’, which disables GSM, though what bearing, if any, that has on tether discovery I don’t know. Maybe my equally large downloads on mobile are simply disguising those downloaded on the laptop – maybe I haven’t got the faintest idea what I’m talking about.

I suggest you disable Windows Update: a very visible sign of tethering.
 
Upvote 0
Create new apn
Name 3
Pan 3
Scroll down to apn type type
default,sup,mms,dun
Save it an boom unlimited tethering i been using it for ages no problems as soon as my 30gb tethering allowance is used i just change to this apn i created an keep tethering...
 

Attachments

  • Screenshot_20170412-210851.png
    Screenshot_20170412-210851.png
    104.7 KB · Views: 1,137
Upvote 0
More importantly, can you tell us how you managed to "hack" your phone so that Three dont pickup the tethering?

Can you tell us the settings you did/managed so as to enjoy this tethering? A workaround will help. Also the make and model of your handset/version that you managed with !

Thanks
Create new apn
Put this in apn type default,sup,mms,dun
Click save an boom free tethering I use my 30gb allowance then switch to this apn an keep tethering
 
Upvote 0
I've been curious how they spot tethering since I got the tethering message on my phone when I set it up as a hotspot even though I was using a VPN.

On another note I've found I get no data at all when abroad if I turn my VPN.
they spot tethering because when you activate the tethering option, it creates another interface on the phone. the phone reports that the traffic is coming over this new connection, which three can see, then it gets blocked/stopped if you have run out of tethering allowance.
 
Upvote 0
Well, I haven’t ‘hacked’ anything – I’m simply waiting for that tether block, which will surely come.

The APN is default (three.co.uk). My phone (OPPO Find 7) is rooted, but I haven’t as yet taken advantage of root to hide tethering. All the big Steam downloads were done with network type locked to ‘LTE only’, which disables GSM, though what bearing, if any, that has on tether discovery I don’t know. Maybe my equally large downloads on mobile are simply disguising those downloaded on the laptop – maybe I haven’t got the faintest idea what I’m talking about.

I suggest you disable Windows Update: a very visible sign of tethering.
disabling windows update makes absolutely no difference whatsoever. since you can visit windowsupdate.com from your phone. they wouldnt stop you from visiting that site in the first place.
 
Upvote 0
I've been on PAYG 25 add-on for two weeks now and consumed 30GB, half of which is tethering and Three has yet to pick up on it. Most of the tethering (wifi hotspot/W10/laptop) is downloading Steam VR games, so there's been nothing to hide the tethering. I'm on JB 4.3 by choice, and it's interesting that an earlier poster stated that Three are no longer alerted to Jellybean (spurious statement which I don't believe. Though in my first stint on Three, 4 years ago, they pounced on my tethering almost immediately).

For browsing I use a VPN and a googlebot (has minimal impact on web format), and this effectively hides all signs of Windows OS... but if I get a block I'll know it effectively hides nothing.

Price hikes have absolutely nothing to do with tethering ‘abuse’ – it’s a competitive industry, and it’s all about profits. But when one Network raises its prices the others follow like sheep. My previous Network, giffgaff, did exactly that, but because its deals are now so pitiful (and ‘always on’ is regularly switched off after 20GB) I came back to Three.
lets be clear. three like all the other networks increased the price to offset the cost of everyone having free roaming in the eu. they chose to give you free usage in other countries. but you're still paying for it....
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones