Add this to torrc ( located on /etc/tor/torrc):
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9051
DNSPort 9053
Run the attached script as root so all traffic will route from Tor. you can also use attached torrc as a sample.
| #!/bin/sh | |
| # ignored location | |
| IGN="192.168.1.0/24 192.168.0.0/24" | |
| # Enter your tor UID | |
| UID="XXX" | |
| # Tor's Port. default is 9050 but if you changed it in torrc change next line | |
| PORT="9050 | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A OUTPUT -m owner --uid-owner $UID -j RETURN | |
| #Change if you select another port for Tor DNS in torrc. I select 9053. Also DNS default port is 53 | |
| iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053 | |
| for NET in $IGN 127.0.0.0/9 127.128.0.0/10; do | |
| iptables -t nat -A OUTPUT -d $NET -j RETURN | |
| done | |
| iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $PORT | |
| iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| for NET in $IGN 127.0.0.0/8; do | |
| iptables -A OUTPUT -d $NET -j ACCEPT | |
| done | |
| iptables -A OUTPUT -m owner --uid-owner $UID -j ACCEPT | |
| iptables -A OUTPUT -j REJECT |
| #set tor socks proxy to 9052 | |
| SocksPort 0.0.0.0:9052 | |
| SocksPolicy accept 192.168.1.0/24 | |
| UseBridges 1 | |
| #Here is an example of tor bridges. you can obtain it from: bridges.torproject.org | |
| Bridge obfs4 IP:port KEY cert=CERT iat-mo$ | |
| ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy | |
| VirtualAddrNetwork 10.192.0.0/10 | |
| AutomapHostsOnResolve 1 | |
| #Tor tansport | |
| TransPort 9051 | |
| #tor DNS port | |
| DNSPort 9053 |
@slrslr
Thanks for the reply.
Actually the XXX is a variable that you have to manually enter that. XXX is not a valid UID in Unix systems. Also, that quotation mark missed because I set my tor on port 9051. I change it to 9050 and forget to fix that quotation mark. Lol.
You did not forget you forgot, you did not change you changed and also if you don't know what iptables do should be if you don't know what iptables does.
Another thing:
Actually XXX (no the) is a variable that you have to enter manually - would be very correct.
I recommend you to learn English. It helps making things look serious, but it's your choice.
Now my question: Does this force everything to route traffic through tor or is it still possible to use the real IP (assuming the program does not have root access)?
There should be a warning that iptables -F removes/flushes existing rules.
There should be a warning that iptables -F removes/flushes existing rules.
good point
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question,
First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question, First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,
Hello
Thank you for your response. I have to go sure that everything running on the system goes through tor. Apparently I don't know anymore what I had to do but this seems to be a good thing. What do you mean with 'dns leakage'?
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question, First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,Hello
Thank you for your response. I have to go sure that everything running on the system goes through tor. Apparently I don't know anymore what I had to do but this seems to be a good thing. What do you mean with 'dns leakage'?
For the DNS Leakage take a look at this link and also this.
This project may help you. Check it out and make sure it works for you. Pay attention to possible data leakage. Protecting your privacy is much more important than anything else.
:)
@numb95
Thank you for the scripts. You have missing quotation mark on this line.
Also i was wondering if right tor UID that the script expects on line 6 is one that the command "id -u debian-tor" returns?
Maybe considering explaining in readme or in the script on how to discover the UID.
Btw. after i tried to apply this tutorial, web browser says an error https://tor.stackexchange.com/questions/16554/this-is-a-socks-proxy-not-an-http-proxy