[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor transparent proxying over OpenVPN

> If you run a VPN client and Tor client on the same machine, you will
> connect to the Tor network through the VPN. I should have mentioned that
> in my initial reply.
Could you take a look at my iptables rules ? I don't have much knowledge
of firewalls and I am not good at writing them myself, so I couldn't yet
get it working correctly.

iptables -F
iptables -t nat -F

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -d -j REJECT

iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP

iptables -t nat -A OUTPUT -m owner --uid-owner 181 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A OUTPUT ! -o lo -p tcp -m tcp -m owner ! --uid-owner 181
! -d VPN.IP.ADDR.HERE -j REDIRECT --to-ports 9040
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner 181 -j ACCEPT
iptables -A OUTPUT -p icmp -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A OUTPUT ! -o lo -p udp -j DROP
iptables -A INPUT ! -i lo -p udp -j DROP

ip6tables -F
ip6tables -t nat -F
ip6tables -A INPUT -j DROP
ip6tables -A OUTPUT -j DROP

181 is the uid that tor runs under.
With these rules I can establish a connection to the OpenVPN server but I
can't do anything after that. DNS requests time out, unable to access
websites or use IM (not just DNS, when connecting directly).
The problem isn't with the VPN, if I close all of my programs, clear the
iptables rules and connect to the VPN, the internet is working without

> I've assumed that VPNs are generally less suspicious than Tor, given
> their popularity for file sharing. Also, file sharing through the VPN
> (with throughput throttled appropriately) while using Tor might help
> hide the Tor traffic.
How much file sharing traffic do you think would be required? I'm on a
1.5Mbps connection with a 10GB monthly limit, so anything serious would
make the internet unusable (and after a while, blocked for the month).

tor-talk mailing list