API tools faq
paste
Guest User

Tor + OpenNIC

a guest
Sep 18th, 2012
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.30 KB | None | 0 0
raw download clone embed print report
  1. Spent some more time looking at it. This solution likely won't work for you ,as it requires iptables and dnsmasq (but may be able to get others Tor and OpenNIC access at the same time.):
  2.  
  3. The relevant bits in /etc/tor/torrc:
  4. User tor
  5.  
  6. ReachableAddresses accept *:443, accept *:465, *:993, accept *:995, accept *:6697, reject *:*
  7.  
  8. SocksPort 0
  9. VirtualAddrNetwork 10.192.0.0/10
  10. AllowDotExit 1
  11. TransPort 9040
  12. TransListenAddress 127.0.0.1
  13. AutomapHostsOnResolve 1
  14. DNSPort 52
  15. DNSListenAddress 127.0.0.1
  16. EOF
  17.  
  18. cat /etc/dnsmasq.conf
  19. user=tor
  20.  
  21. no-resolv
  22. server=/.aero/127.0.0.1#52
  23. [slew of ICANN TLDs snipped; I was displeased that "server=/*/127.0.0.1#52" didn't work here]
  24. server=/.zw/127.0.0.1#52
  25.  
  26. server=/.onion/127.0.0.1#52
  27.  
  28. server=/.bbs/<Tier2IPHere>
  29. [other OpenNIC TLDs snipped]
  30. server=/.parody/<Tier2IPHere>
  31. EOF
  32.  
  33. The following iptables rules are in an init/rc script:
  34. [...]
  35. case "$1" in
  36. start)
  37. NON_TOR="192.168.0.0/24 192.168.1.0/24"
  38. TOR_UID="220"
  39. TRANS_PORT="9040"
  40. INT_IF="wlan0"
  41.  
  42. iptables -F
  43. iptables -t nat -F
  44.  
  45. iptables -t nat -A OUTPUT -o lo -j RETURN
  46. iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
  47. iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -p udp --dport 53 -j RETURN
  48. iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
  49. for NET in $NON_TOR; do
  50. iptables -t nat -A OUTPUT -d $NET -j RETURN
  51. iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
  52. done
  53. iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
  54. iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
  55. iptables -t nat -A PREROUTING -i $INT_IF -m owner --uid-owner $TOR_UID -p udp --dport 53 -j RETURN
  56. iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
  57. iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  58. for NET in $NON_TOR 127.0.0.0/8; do
  59. iptables -A OUTPUT -d $NET -j ACCEPT
  60. done
  61. iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
  62. iptables -A OUTPUT -j REJECT
  63. [...]
  64. EOF
  65.  
  66. This does create one problem, the OpenNIC DNS lookups are not run through Tor. I don't really care about that. The rest, including .onion lookups, are- and so is all traffic AFAIK.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!