tag:blogger.com,1999:blog-9099779.post4544085050557495819..comments2024-03-23T23:09:17.426+01:00Comments on StalkR's Blog: TOR relay and transparent routingStalkRhttp://www.blogger.com/profile/15113480981262771031noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-9099779.post-20038084540409366842013-12-17T23:07:14.708+01:002013-12-17T23:07:14.708+01:00THIS is how it should be done.. :D
root@tor:/etc#...THIS is how it should be done.. :D<br /><br />root@tor:/etc# cat /etc/tor/torrc|grep -v ^#|grep -v ^$<br />Log notice file /var/log/notices.log<br />AutomapHostsSuffixes .onion,.exit<br />AutomapHostsOnResolve 1<br />ExitPolicy reject *:* # no exits allowed<br />CircuitBuildTimeout 5<br />KeepalivePeriod 60<br />NewCircuitPeriod 15<br />AvoidDiskWrites 1<br />ExcludeNodes {??},{gb},{us},{fr}<br />ExcludeSingleHopRelays 1<br />AllowSingleHopCircuits 0<br />ClientOnly 1<br />ConstrainedSockets 1<br />ReachableDirAddresses *:80<br />ReachableORAddresses *:443<br />SocksPort 9050 <br />SocksListenAddress 127.0.0.1<br />DNSPort 53<br />DNSListenAddress 10.42.0.1<br />TransPort 9040<br />TransListenAddress 10.42.0.1<br />root@tor:/etc# cat iptables-rules<br />#----------------------------------------------------------------<br />*filter<br />#----------------------------------------------------------------<br />:INPUT DROP [0:0]<br />:FORWARD DROP [0:0]<br />:OUTPUT DROP [0:0]<br />#----------------------------------------------------------------<br /># INDPUT<br />#----------------------------------------------------------------<br />-A INPUT -i lo -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A INPUT -i lo -j DROP<br />-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A INPUT -i eth0 -j DROP<br />-A INPUT -i wlan0 --src 10.42.0.0/24 --dst 10.42.0.1 -p udp -m udp --dport 53 -j ACCEPT<br />-A INPUT -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --dport 9040 -j ACCEPT<br />-A INPUT -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --dport 60000 -j ACCEPT <br />-A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A INPUT -i wlan0 -j DROP<br />-A INPUT -m state --state INVALID -j DROP<br />#----------------------------------------------------------------<br /># OUTPUT<br />#----------------------------------------------------------------<br />-A OUTPUT -o lo -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A OUTPUT -o eth0 -m owner --uid-owner debian-tor -p udp -m udp --dport 53 -j ACCEPT<br />-A OUTPUT -o eth0 -m owner --uid-owner debian-tor -p tcp -m tcp --dport 80 -j ACCEPT<br />-A OUTPUT -o eth0 -m owner --uid-owner debian-tor -p tcp -m tcp --dport 443 -j ACCEPT<br />-A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A OUTPUT -o eth0 -j DROP<br />-A OUTPUT -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />-A OUTPUT -m state --state INVALID -j DROP<br />-A FORWARD -m state --state INVALID -j DROP<br />#----------------------------------------------------------------<br />COMMIT<br />#----------------------------------------------------------------<br />*nat<br />#----------------------------------------------------------------<br />:PREROUTING ACCEPT [32:4626]<br />:INPUT ACCEPT [195:15210]<br />:OUTPUT ACCEPT [3:216]<br />:POSTROUTING ACCEPT [4:292]<br />-A PREROUTING -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 60000<br />-A PREROUTING -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9040<br />-A PREROUTING -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 9040<br />-A PREROUTING -i wlan0 --src 10.42.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040<br />#----------------------------------------------------------------<br />COMMIT<br />#----------------------------------------------------------------<br />root@tor:/etc# cat network/interfaces <br />#---------------------------------<br /># LOOPBACK - lo0<br />#---------------------------------<br />auto lo<br />iface lo inet loopback<br />#---------------------------------<br /># ETH - eth0<br />#---------------------------------<br />auto eth0<br />iface eth0 inet dhcp<br />pre-up ifconfig eth0 hw ether 00:40:B7:13:37:01<br />#----------------------------------<br /># WLAN - wlan0<br />#----------------------------------<br />auto wlan0<br />iface wlan0 inet static<br />address 10.42.0.1<br />netmask 255.255.255.0<br />network 10.42.0.0<br />broadcast 10.42.0.255<br />pre-up ifconfig wlan0 hw ether 00:40:B7:13:37:00<br />#----------------------------------<br />up /sbin/iptables-restore < /etc/iptables-rules <br />Thermostatenhttp://www.lostserver.comnoreply@blogger.comtag:blogger.com,1999:blog-9099779.post-51400773755719336272013-06-09T21:36:11.824+02:002013-06-09T21:36:11.824+02:00You can do it on router itself with policy routing...You can do it on router itself with policy routing: create user, run programs under that user, mark packets from that user in netfilter and route them separately. You can inspire from part 2 of http://blog.stalkr.net/2012/04/pptp-vpn-and-policy-routing-on-user.html<br />Good luck!StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-58619890359931245382013-06-09T21:07:11.416+02:002013-06-09T21:07:11.416+02:00Thank you for sharing, works perfect!
I have same ...Thank you for sharing, works perfect!<br />I have same network configuration as you, except one thing: on router i have lighthttpd and torrent server deluged, what can i do to send their traffic trough tor too?<br />Sorry for my English, i am not native speaker.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9099779.post-18009783297083927302013-02-12T02:37:03.766+01:002013-02-12T02:37:03.766+01:00@Feb 7th comment: yes TOR will be slower than your...@Feb 7th comment: yes TOR will be slower than your regular connection, but it gives you privacy and security. See https://www.torproject.org/about/overview.html.en for more information. Also, adding more relays on fast connections will help TOR network to be faster!<br /><br />@Feb 8th comment: yes if you need an HTTP proxy in addition to TOR's socks proxy, privoxy will do that for you.<br />And yes torsocks is great, enables you to use TOR transparently: "usewithtor curl ifconfig.me" (replacing connect calls).StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-49914960095815615922013-02-08T17:49:26.569+01:002013-02-08T17:49:26.569+01:00Great post d: what about adding Privoxy to the mix...Great post d: what about adding Privoxy to the mix.. I just installed this into a VPS not a pretty picture, I also want to add torsocks, I love to hear your take on this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9099779.post-76294954650729948182013-02-07T18:57:50.134+01:002013-02-07T18:57:50.134+01:00What is the real sense of Tor when your net speed ...What is the real sense of Tor when your net speed decrease of around 50-60%?<br />Maybe just to get some INFO <br />Nice INFO indeed<br />CiaoAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9099779.post-52354546136969990252013-01-21T23:57:47.340+01:002013-01-21T23:57:47.340+01:00It must be possible on FreeBSD too but I don't...It must be possible on FreeBSD too but I don't know the details.StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-82877843464868083902013-01-21T03:02:53.231+01:002013-01-21T03:02:53.231+01:00This is great, but it depends entirely on iptables...This is great, but it depends entirely on iptables, which is unfortunately Linux specific. Do you know if there is a similar setup for running a tor relay on FreeBSD.Anonymousnoreply@blogger.com