How to route all internet traffic through Tor (the onion router)?
76,290
You are looking for this: TransparentProxy.
Local Redirection Through Tor
Add to your torrc:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
This way you setup DNS server on your Ubuntu on port 53 and Transparent proxy: 127.0.0.1:9040.
Next, add to your /etc/resolv.conf
nameserver 127.0.0.1
This way, you prevent any DNS leakage from your system.
Therefore, configure your firewall in the light that any connection will going through TransPort except Tor's user:
#!/bin/sh
# destinations you don't want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"
# the UID Tor runs as
TOR_UID="109"
# Tor's TransPort
TRANS_PORT="9040"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT
Keep reading official wiki, there is kind of attack against this method and kind of solution: IsolatingProxy.
Related videos on Youtube
Author by
user178493
Updated on September 18, 2022Comments
-
user178493 over 1 year
Could you explain how to route all internet traffic through tor? I am using Ubuntu I really don't know how to do it. Actually I am using tor for twitter only, and I'm afraid of DNS leak. So I need to route everything through tor.
-
David Foerster about 8 yearsPossible duplicate of How to install Tor?
-
Ciro Santilli OurBigBook.com about 4 years
-
-
Aaron Franke over 3 yearsWhat do you do with this shell script? Run it once? Run it on bootup? Put it in a specific place so that Tor can run it?
-
jakethefinn over 3 yearsRun it on boot. This is necessary since iptables rules are not persistent across reboot. Tor doesn't run the script. If NetworkManager is enabled or you manually use the ifup and ifdown commands to bring interfaces up and down, put the script in /etc/network/if-pre-up.d/ then it will run everytime an interface is brought up (actually the scripts in that folder are executed first by ifup, hence the name if-pre-up). Check if NetworkManager is enabled (in kali its the file /usr/sbin/update-rc.d).