Benjamin Schieder


2007 May 13 | 0 comments

With the release of Tor the 0.1.2.x branch left the 'development' state. The to me most interesting new feature is the ability to set up a transparent proxy with iptables.

A detailed description of how to set it up is available in the NoReply Wiki. For the next version of ROCKate (to be released soonish) though I already integrated it into the configuration dialog:

| ROCKate Configuration

- Device eth0 (xx:xx:xx:xx:xx:xx)
- IP Address: 111.222.333.444/55
1. Configure via dhcp
2. Configure manually

3. Default Route: 666.777.888.999 (via eth0)

4. Setup transparent Tor proxy (use after network setup)
- The following option can be used to update the ROCKate environment at
- runtime if an update file has been provided. These changes will be
- gone after reboot, so please use only if you really want to.
5. Update ROCKate


Item 4. will setup the necessary iptables configuration. Afterwards all TCP traffic (not UDP, though) will be routed through the Tor network transparently. Example:

 1. Last login: Wed Feb 21 17:03:01 2007 from ip address removed
 2. root@pallas: logout
 3. Connection to closed.
 4. root@ROCKate:/etc# Tor_disable
 5. root@ROCKate:/etc# ssh
 6. ssh: Temporary failure in name resolution
 7. root@ROCKate:/etc# ssh
 8. root@'s password:
 9. Last login: Sat May 12 19:01:55 2007 from
10. root@pallas:~# logout
11. Connection to closed.
12. root@ROCKate:/etc# iptables -F
13. root@ROCKate:/etc# iptables -t nat -F
14. root@ROCKate:/etc# ssh
15. root@'s password:
16. Last login: Sat May 12 19:02:23 2007 from
17. root@pallas:~# logout
18. root@ROCKate:/etc# ssh
19. root@'s password:
20. Last login: Sat May 12 19:03:32 2007 from ip address removed
21. root@pallas:~#

The preparation to this was setting up network and transparent Tor proxy.
Lines 1-3 are a login to my server with activated Tor Shell Aliases (which map 'ssh' to 'torify ssh' among others and thus have enable an explicit Tor usage).
Line 4 is disabling the Tor shell aliases. I'm no longer explicitly using Tor.
Lines 7-11 are a login to my server. The greeting message confirms that I was connected through Tor ( being a Tor server).
Lines 12-13 are disabling the transparent Tor proxy usage I no longer use Tor at all.
Lines 14-17 are a login to my server without Tor. It shows that my _last_ login was via Tor, but I was not using explicit shell aliases, only the implicit transparent Tor proxy.
Lines 18-20 are a login to my server without Tor. It shows my normal IP-Address. Thus after purging the iptables rules I was no longer using Tor, neither explicit by shell aliases nor implicit by iptables rules.

Pretty cool :-)


Category: blog

Tags: Tor ROCKate

Post a comment

All comments are held for moderation; basic HTML formatting is accepted.

Name: (required)
E-mail: (required, not published)
Website: (optional)