http://www.politiker-stopp.de/gfx/politiker-stopp-print.png

Benjamin Schieder

[TOR] TRANSPARENT TOR PROXY

2007 May 13 | 0 comments

With the release of Tor 0.1.2.13 the 0.1.2.x branch left the 'development' state. The to me most interesting new feature is the ability to set up a transparent proxy with iptables.

A detailed description of how to set it up is available in the NoReply Wiki. For the next version of ROCKate (to be released soonish) though I already integrated it into the configuration dialog:


+---
| ROCKate Configuration
+---

- Device eth0 (xx:xx:xx:xx:xx:xx)
- IP Address: 111.222.333.444/55
1. Configure via dhcp
2. Configure manually

3. Default Route: 666.777.888.999 (via eth0)

4. Setup transparent Tor proxy (use after network setup)
- The following option can be used to update the ROCKate environment at
- runtime if an update file has been provided. These changes will be
- gone after reboot, so please use only if you really want to.
5. Update ROCKate

>


Item 4. will setup the necessary iptables configuration. Afterwards all TCP traffic (not UDP, though) will be routed through the Tor network transparently. Example:

Explanation:
 1. Last login: Wed Feb 21 17:03:01 2007 from ip address removed
 2. root@pallas: logout
 3. Connection to 213.239.220.170 closed.
 4. root@ROCKate:/etc# Tor_disable
 5. root@ROCKate:/etc# ssh pallas.crash-override.net
 6. ssh: pallas.crash-override.net: Temporary failure in name resolution
 7. root@ROCKate:/etc# ssh 213.239.220.170
 8. root@213.239.220.170's password:
 9. Last login: Sat May 12 19:01:55 2007 from 149.9.0.58
10. root@pallas:~# logout
11. Connection to 213.239.220.170 closed.
12. root@ROCKate:/etc# iptables -F
13. root@ROCKate:/etc# iptables -t nat -F
14. root@ROCKate:/etc# ssh 213.239.220.170
15. root@213.239.220.170's password:
16. Last login: Sat May 12 19:02:23 2007 from 149.9.0.58
17. root@pallas:~# logout
18. root@ROCKate:/etc# ssh 213.239.220.170
19. root@213.239.220.170's password:
20. Last login: Sat May 12 19:03:32 2007 from ip address removed
21. root@pallas:~#


The preparation to this was setting up network and transparent Tor proxy.
Lines 1-3 are a login to my server with activated Tor Shell Aliases (which map 'ssh' to 'torify ssh' among others and thus have enable an explicit Tor usage).
Line 4 is disabling the Tor shell aliases. I'm no longer explicitly using Tor.
Lines 7-11 are a login to my server. The greeting message confirms that I was connected through Tor (149.9.0.58 being a Tor server).
Lines 12-13 are disabling the transparent Tor proxy usage I no longer use Tor at all.
Lines 14-17 are a login to my server without Tor. It shows that my _last_ login was via Tor, but I was not using explicit shell aliases, only the implicit transparent Tor proxy.
Lines 18-20 are a login to my server without Tor. It shows my normal IP-Address. Thus after purging the iptables rules I was no longer using Tor, neither explicit by shell aliases nor implicit by iptables rules.

Pretty cool :-)


EOF

Category: blog

Tags: Tor ROCKate


Post a comment

All comments are held for moderation; basic HTML formatting is accepted.

Name: (required)
E-mail: (required, not published)
Website: (optional)
Comment: