Skip to content

Instantly share code, notes, and snippets.

@yalla
Forked from katmagic/transproxy.sh
Created June 17, 2011 19:32
Show Gist options
  • Save yalla/1032125 to your computer and use it in GitHub Desktop.
Save yalla/1032125 to your computer and use it in GitHub Desktop.
Transparently proxy all connections (and DNS requests) through Tor.
#!/bin/sh
### BEGIN INIT INFO
# Provides: transproxy
# Required-Start: $network tor
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Transparently proxy all network traffic through Tor.
### END INIT INFO
# destinations you don't want routed through Tor
NON_TOR="192.168.0.0/23 10.0.0.0/8 127.0.0.1"
# The user Tor is running as.
TOR_USER="tor"
# Tor's TransPort
TRANS_PORT="9040"
# Tor's DNS Port
DNS_PORT="53"
case "$1" in
start)
# Clear all rules.
for table in nat filter; do
iptables -t $table -F
done
# Accept all of Tor's connections.
iptables -m owner -A OUTPUT --uid-owner "$TOR_USER" -j RETURN
iptables -m owner -t nat -A OUTPUT --uid-owner "$TOR_USER" -j RETURN
# Redirect DNS requests to 127.0.0.1.
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports "$DNS_PORT"
# Accept things to $NON_TOR.
for DST in $NON_TOR; do
iptables -A OUTPUT -d "$DST" -j ACCEPT
iptables -t nat -A OUTPUT -d "$DST" -j RETURN
done
# Transparently proxy connections.
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports "$TRANS_PORT"
# Accept already established connections.
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Reject everything else.
iptables -A OUTPUT -j REJECT --reject-with icmp-net-prohibited
;;
stop)
for table in nat filter; do
iptables -t "$table" -F
done
;;
esac
@yalla
Copy link
Author

yalla commented Jun 17, 2011

!/bin/sh

BEGIN INIT INFO

Provides: transproxy

Required-Start: $network tor

Required-Stop: $network

Default-Start: 2 3 4 5

Default-Stop: 0 1 6

Short-Description: Transparently proxy all network traffic through Tor.

END INIT INFO

destinations you don't want routed through Tor

NON_TOR="192.168.0.0/23 10.0.0.0/8 127.0.0.1"

The user Tor is running as.

TOR_USER="tor"

Tor's TransPort

TRANS_PORT="9040"

Tor's DNS Port

DNS_PORT="53"

case "$1" in
start)
# save old rules
iptables-save > /tmp/tor-iptables.rules
# Clear all rules.
for table in nat filter; do
iptables -t $table -F
done

    # Accept all of Tor's connections.
    iptables -m owner -A OUTPUT --uid-owner "$TOR_USER" -j RETURN
    iptables -m owner -t nat -A OUTPUT --uid-owner "$TOR_USER" -j RETURN

    # Redirect DNS requests to 127.0.0.1.
    iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports "$DNS_PORT"

    # Accept things to $NON_TOR.
    for DST in $NON_TOR; do
        iptables -A OUTPUT -d "$DST" -j ACCEPT
        iptables -t nat -A OUTPUT -d "$DST" -j RETURN
    done

    # Transparently proxy connections.
    iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports "$TRANS_PORT"

    # Accept already established connections.
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Reject everything else.
    iptables -A OUTPUT -j REJECT --reject-with icmp-net-prohibited
;;

stop)
    for table in nat filter; do
        iptables -t "$table" -F
    done
        iptables-restore < /tmp/tor-iptables.rules
;;

esac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment