So, after I picked up a semi-broken Nexus 5 from Ebay, I wondered could I it for? It runs linux, why not use it instead of a Raspberry Pi for a embedded project?

I found two options: install a rooted version of stock Android, or Ubuntu Touch, which is again just a modified version of Android. With Ubuntu Touch you have immediate access to their packagement management (after giving write access) so it is as easy as apt-get to install any software. But after some investigating on what I could use it for I found setting up a hotspot using the stock UI does exactly what you would expect it to do: it sets up two processes for hostapd and dnsmasq.

$ cat /proc/7141/cmdline 
/system/bin/dnsmasq --keep-in-foreground --no-resolv --no-poll --dhcp-authoritative --dhcp-option-force=43,ANDROID_METERED --pid-file
--dhcp-range=192.168.42.2,192.168.42.254,1h 
--dhcp-range=192.168.43.2,192.168.43.254,1h 
--dhcp-range=192.168.44.2,192.168.44.254,1h 
--dhcp-range=192.168.45.2,192.168.45.254,1h 
--dhcp-range=192.168.46.2,192.168.46.254,1h 
--dhcp-range=192.168.47.2,192.168.47.254,1h 
--dhcp-range=192.168.48.2,192.168.48.254,1h 
--dhcp-range=192.168.49.2,192.168.49.254,1h

The Nexus 5 is compatable with USB Ethernet adapter,

21: wlan0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:1a:11:f5:e9:46 brd ff:ff:ff:ff:ff:ff
    inet 192.168.43.1/24 brd 192.168.43.255 scope global wlan0
22: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:e0:4c:53:44:58 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.18/24 brd 192.168.0.255 scope global eth0

So now I am thinking the obvious, could I create a Access Point?

Would it be possible to redirect traffic from wlan0 to eth0 without reconfiguring the dhcp settings? Lets take a look. Now the stock setup sets the Nexus 5 as the default gateway, so it shouldn't be a problem to masquerade using iptables. Now the other issue is the DNS, again set to the Nexus 5. With some iptables prerouting this traffic can be sent to the dns server of your choice.

Now according to the dnsmasq command line settings we have DNS running on wlan0 pointing DNS and default gateway towards the Nexus 5, this obviously won't work.

$ iptables -F
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j DNAT --to 8.8.8.8                                                                                                                                                                                          
$ iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 53 -j DNAT --to 8.8.8.8 

So there you have it, you can create an Access Point using only iptables.

What more, with Android having inbuilt OpenVPN functionality, when you start a vpn session, this is the results of ifconfig.

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.122.1.6  P-t-P:10.122.1.6  Mask:255.255.255.252
          inet6 addr: fd25::1/64 Scope:Global
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:77 errors:0 dropped:0 overruns:0 frame:0
          TX packets:269 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:19457 (19.0 KiB)  TX bytes:36488 (35.6 KiB)

A tunnel interface, does that mean you can masquerade the OpenVPN connection? Yep!

$ iptables -F
$ iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
$ iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j DNAT --to 8.8.8.8                                                                                                                                                                                          
$ iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 53 -j DNAT --to 8.8.8.8 

So there you go, a quick demonstration on the possibilities of a rooted phone.