This was a painful one, but I figured it out:
When Android connects to a new network, it tries to auto-detect whether it can actually reach the internet via this network. If not, it will display a browser window and open a random http-address in the hope to bring up the captive portal of the network (i.e. your hotel's wifi login page, etc.).
The detection is done by requesting
http://clients3.google.com/generate_204 (or similar) and expecting a certain answer. (I deliberately didn't turn this address into a link, because if you try to open it, nothing happens as it returns
HTTP Status 204: No Content, which most browsers ignore).
Now, my confusion came from the fact that I did have an HTTP server running to serve this response and did have a DNS server set up to direct the request to that server. But the server wasn't getting any requests from this particular phone (other Android phones worked).
Turns out this particular phone does two things differently:
- It simply disables WiFi rather than bringing up the captive portal page if no network is detected, which made it really hard to even understand what was going on.
- It didn't use a DNS lookup for
clients3.google.com, but instead used a hard-coded IP for it!
So, I was finally able to solve the problem by setting up an
iptables-rule that simply forwarded all HTTP requests to my HTTP server, irrespective of which IP they were targeted at. After that, the phone got its
generate_204-reply and everything worked as planned...