Skip to main content

Thread: TOR - Transparent Proxy Question

-

hello,

seems mine yet attempt transparent tor proxy ready work. found following posts, hope i've more luck :

http://ubuntuforums.org/showthread.p...nsparent+proxy
http://ubuntuforums.org/showthread.p...nsparent+proxy

goal:

set tor act transparent proxy all outgoing traffic, includes dns requests.

what happend far:

i have installed latest , greatest tor browser bundle https://www.torproject.org/, additional proxy software privoxy or squid not installed yet wanted keep things simple. followed these instructions: https://trac.torproject.org/projects...ansparentproxy, directions given in "local redirection through tor" section - 1 important exception:

given instructions try configure local tor dns server use standard port 53, afaik requires root privileges. obvious reasons don't want start tor root privileges, changed following line in $torbundle/data/tor/torrc from

dnsport 53

to

dnsport 8753

vidalia log output shows tor can bind port , transparent proxy gets started:

code:
mar 31 13:48:07.300 [notice] opening socks listener on 127.0.0.1:0 mar 31 13:48:07.301 [notice] socks listener listening on port 58030. mar 31 13:48:07.301 [notice] opening transparent pf/netfilter listener on 127.0.0.1:9040 mar 31 13:48:07.301 [notice] opening dns listener on 127.0.0.1:8753 mar 31 13:48:07.301 [notice] opening control listener on 127.0.0.1:0 mar 31 13:48:07.301 [notice] control listener listening on port 39424. mar 31 13:48:07.301 [notice] parsing geoip file ./data/tor/geoip. mar 31 13:48:07.939 [notice] openssl openssl 1.0.0h 12 mar 2012 looks version 0.9.8m or later; try ssl_op enable renegotiation mar 31 13:48:07.939 [notice] have enough directory information build circuits. mar 31 13:48:07.939 [notice] bootstrapped 80%: connecting tor network. mar 31 13:48:07.939 [notice] new control connection opened. mar 31 13:48:08.807 [notice] bootstrapped 85%: finishing handshake first hop. mar 31 13:48:10.039 [notice] bootstrapped 90%: establishing tor circuit. mar 31 13:48:15.042 [notice] tor has opened circuit. looks client functionality working. mar 31 13:48:15.043 [notice] bootstrapped 100%: done.
at point browsing web using bundled firefox works, other connection attempts (e.g. thunderbird, pinging or whois-ing sites) blocked because system can't connect local tor dns server. think problem lies iptables configuration, unfortunately i'm no iptables wizard. iptables configuration script use, again: note modified reflect custom dns server port of 8753:

code:
# destinations don't want routed through tor non_tor="192.168.1.0/24 192.168.0.0/24 10.0.0.0/24"  # uid tor runs tor_uid="1000"  # tor's transport trans_port="9040"  iptables -f iptables -t nat -f  iptables -t nat -a output -m owner --uid-owner $tor_uid -j return iptables -t nat -a output -p udp --dport 53 -j redirect --to-ports 8753 net in $non_tor 127.0.0.0/9 127.128.0.0/10;  iptables -t nat -a output -d $net -j return done iptables -t nat -a output -p tcp --syn -j redirect --to-ports $trans_port  iptables -a output -m state --state established,related -j accept net in $non_tor 127.0.0.0/8;  iptables -a output -d $net -j accept done iptables -a output -m owner --uid-owner $tor_uid -j accept iptables -a output -j reject
at point i'm stuck, exception of changing dns port followed given instructions letter. browsing works, dns server configuration (or iptables rules regarding dns requests) messed up. insights or pointers relevant welcome!

in advance



Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [all variants] TOR - Transparent Proxy Question


Ubuntu

Comments

Post a Comment

Popular posts from this blog

how to devide a circle into equal parts

-
how devide circle equal parts reggie,   depending on version, may able use free divide (length) script available here, setting number,   http://park12.wakwak.com/~shp/lc/et/en_aics_script.html   or may (smart guides friends):   1) use polar grid tool right size of circle, 0 concentric dividers , desired number of radial dividers, , ungroup; 2) extend radial dividers; 3) select circle , use scissors tool @ intersections (smart guides intersect ), may need select remaining parts underway.   or may (smart guides friends):   1) create vertical line through top , bottom (or left , right) anchor points line tool; 2) rotate copies @ relevant angles (to half number of cuts division); 3) select circle , use scissors tool @ intersections (smart guides intersect ), may need select remaining parts underway. More discussions in Illustrator adobe
Read more

"Could not fill because there are not enough opaque source pixels" - not solved by any other thread

-
i'm getting error posted in thread's title , have no idea why.  working image not transparent in way. 100% opacity.  in fact, doesn't matter work with, every time try fill selection on layer in doc, error.  ideas???  thanks   scott probably see screen shot of photoshop layers panel open. at point guess can make wrong layer selected, once see screen, else may pop out @ me, or else reading thread. More discussions in Photoshop for Beginners adobe
Read more

Why can't I change the billing info for my account?

-
hi all,   about 3 weeks ago issued new corporate cc number. have been trying since find way update in website. everytime try load billing info message 'there has been error on our side, please try again later.' has been happening weeks now. decided, if they're not going fix it, i'll call support.   i reported bug support, no response.   i called support , sat on hold update cc. hung on when should have been answered. happened twice (i'm persistent).   i registered call-back. got call-back, , told needed go person. got warm transfer because of above problem.   this person told me needed talk yet different team, , schedule call me in 1-2 hours.   it has been on week, maybe week , half since supposed receive call-back, , ticket updated yesterday; they've tried reach me no success (yeah, right), them do? left note: call me @ number within next 4 hours, , can settle this. guess got pacific time support team, because called 16 hours later (i'm gmt, way; company u...
Read more