[TOR] TRANSPARENT TOR PROXY
2007 May 13With the release of Tor 0.1.2.13 the 0.1.2.x branch left the 'development' state. The to me most interesting new feature is the ability to set up a transparent proxy with iptables.
A detailed description of how to set it up is available in the NoReply Wiki. For the next version of ROCKate (to be released soonish) though I already integrated it into the configuration dialog:
+---
| ROCKate Configuration
+---
- Device eth0 (xx:xx:xx:xx:xx:xx)
- IP Address: 111.222.333.444/55
1. Configure via dhcp
2. Configure manually
3. Default Route: 666.777.888.999 (via eth0)
4. Setup transparent Tor proxy (use after network setup)
- The following option can be used to update the ROCKate environment at
- runtime if an update file has been provided. These changes will be
- gone after reboot, so please use only if you really want to.
5. Update ROCKate
>
Item 4. will setup the necessary iptables configuration. Afterwards all TCP traffic (not UDP, though) will be routed through the Tor network transparently. Example:
Explanation:
1. Last login: Wed Feb 21 17:03:01 2007 from ip address removed
2. root@pallas: logout
3. Connection to 213.239.220.170 closed.
4. root@ROCKate:/etc# Tor_disable
5. root@ROCKate:/etc# ssh pallas.crash-override.net
6. ssh: pallas.crash-override.net: Temporary failure in name resolution
7. root@ROCKate:/etc# ssh 213.239.220.170
8. root@213.239.220.170's password:
9. Last login: Sat May 12 19:01:55 2007 from 149.9.0.58
10. root@pallas:~# logout
11. Connection to 213.239.220.170 closed.
12. root@ROCKate:/etc# iptables -F
13. root@ROCKate:/etc# iptables -t nat -F
14. root@ROCKate:/etc# ssh 213.239.220.170
15. root@213.239.220.170's password:
16. Last login: Sat May 12 19:02:23 2007 from 149.9.0.58
17. root@pallas:~# logout
18. root@ROCKate:/etc# ssh 213.239.220.170
19. root@213.239.220.170's password:
20. Last login: Sat May 12 19:03:32 2007 from ip address removed
21. root@pallas:~#
2. root@pallas: logout
3. Connection to 213.239.220.170 closed.
4. root@ROCKate:/etc# Tor_disable
5. root@ROCKate:/etc# ssh pallas.crash-override.net
6. ssh: pallas.crash-override.net: Temporary failure in name resolution
7. root@ROCKate:/etc# ssh 213.239.220.170
8. root@213.239.220.170's password:
9. Last login: Sat May 12 19:01:55 2007 from 149.9.0.58
10. root@pallas:~# logout
11. Connection to 213.239.220.170 closed.
12. root@ROCKate:/etc# iptables -F
13. root@ROCKate:/etc# iptables -t nat -F
14. root@ROCKate:/etc# ssh 213.239.220.170
15. root@213.239.220.170's password:
16. Last login: Sat May 12 19:02:23 2007 from 149.9.0.58
17. root@pallas:~# logout
18. root@ROCKate:/etc# ssh 213.239.220.170
19. root@213.239.220.170's password:
20. Last login: Sat May 12 19:03:32 2007 from ip address removed
21. root@pallas:~#
The preparation to this was setting up network and transparent Tor proxy.
Lines 1-3 are a login to my server with activated Tor Shell Aliases (which map 'ssh' to 'torify ssh' among others and thus have enable an explicit Tor usage).
Line 4 is disabling the Tor shell aliases. I'm no longer explicitly using Tor.
Lines 7-11 are a login to my server. The greeting message confirms that I was connected through Tor (149.9.0.58 being a Tor server).
Lines 12-13 are disabling the transparent Tor proxy usage I no longer use Tor at all.
Lines 14-17 are a login to my server without Tor. It shows that my _last_ login was via Tor, but I was not using explicit shell aliases, only the implicit transparent Tor proxy.
Lines 18-20 are a login to my server without Tor. It shows my normal IP-Address. Thus after purging the iptables rules I was no longer using Tor, neither explicit by shell aliases nor implicit by iptables rules.
Pretty cool :-)
EOF
Category: blog