Created
November 2, 2017 02:14
-
-
Save peci1/352a597c07a6432490058f0213cc9bd0 to your computer and use it in GitHub Desktop.
A trial to get transparent .onion translation on Omnia
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -Nru @161/etc/config/resolver @/etc/config/resolver | |
--- @161/etc/config/resolver 2017-10-01 21:01:14.375423242 +0200 | |
+++ @/etc/config/resolver 2017-11-02 01:13:47.862130135 +0100 | |
@@ -21,6 +21,7 @@ | |
option log_stderr '1' | |
option log_stdout '1' | |
option forks '1' | |
+ option include_config '/etc/kresd/config.conf' | |
config resolver 'unbound' | |
option outgoing_range '60' | |
diff -Nru @161/etc/firewall.user @/etc/firewall.user | |
--- @161/etc/firewall.user 2017-05-17 01:57:14.366730659 +0200 | |
+++ @/etc/firewall.user 2017-11-02 03:03:49.656837905 +0100 | |
@@ -25,3 +25,8 @@ | |
iptables -A output_rule -o ppp3 -j ACCEPT | |
iptables -I INPUT 1 -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT | |
+ | |
+# TOR .onion transparent routing | |
+iptables -A input_rule -p tcp --dport 9040 -j ACCEPT /* TOR */ | |
+iptables -t nat -A prerouting_rule -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040 /* TOR */ | |
+iptables -t nat -A output_rule -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040 /* TOR */ | |
diff -Nru @161/etc/kresd/config.conf @/etc/kresd/config.conf | |
--- @161/etc/kresd/config.conf 1970-01-01 01:00:00.000000000 +0100 | |
+++ @/etc/kresd/config.conf 2017-11-02 02:18:42.768523957 +0100 | |
@@ -0,0 +1,4 @@ | |
+-- enable transparent translation of Tor .onion domains | |
+local forward_rule = policy.add(policy.suffix(policy.STUB('127.0.0.1@5300'), policy.todnames({'onion'}))) | |
+policy.del(forward_rule.id) | |
+table.insert(policy.rules, 1, forward_rule) | |
diff -Nru @161/etc/tor/torrc @/etc/tor/torrc | |
--- @161/etc/tor/torrc 2017-11-02 00:21:42.665535740 +0100 | |
+++ @/etc/tor/torrc 2017-11-02 02:23:59.890625766 +0100 | |
@@ -23,6 +23,7 @@ | |
## all (and only) requests that reach a SOCKSPort. Untrusted users who | |
## can access your SOCKSPort may be able to learn about the connections | |
## you make. | |
+SOCKSPolicy accept 127.0.0.1/32 | |
SOCKSPolicy accept 192.168.18.0/24 | |
SOCKSPolicy accept6 FC00::/7 | |
SOCKSPolicy reject * | |
@@ -206,3 +207,9 @@ | |
#PublishServerDescriptor 0 | |
User tor | |
+ | |
+## Support transparent routing of .onion addresses (the other part of config is in /etc/kresd/config.conf). | |
+DNSPort 127.0.0.1:5300 | |
+VirtualAddrNetworkIPv4 10.192.0.0/10 | |
+AutomapHostsOnResolve 1 | |
+TransPort 9040 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment