[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] howto: Raspberry Pi as transparent tor proxy



Hi all,

here're some informations how I configured my Raspberry Pi as an transparent tor proxy for my home network.

Currently in my opinion the Raspberry Pi is a cheap and flexible platform for this task. I thought about to use an dd-wrt based router as a transparent tor proxy but there a no current optware packages for the dd-wrt/openwrt platform and also there is no final tutorial which describes in detail how to set up a transparent tor proxy on the dd-wrt/openwrt platform :(


My configuration is:
- 256 mb Raspberry Pi
- usb wifi adapter TP-Link WL-722N with an external antenna (drivers are already included in the current Raspian os)
- 4 port D-Link usb hub DUB-H4
- hama power supply
- sandisk 4 gb sdcard
- Raspian Linux

for other supported hardware please look at:
http://www.elinux.org/RPi_VerifiedPeripherals


For the wirless accesspoint configuration I followed the instruction from:
http://sirlagz.net/2012/08/09/how-to-use-the-raspberry-pi-as-a-wireless-access-pointrouter-part-1/

Here are my steps for the setup. I've installed following additional packages:
dnsmasq
dnsutils
hostapd
iw
net-tools
tor

First: create/modify /etc/dnsmasq.conf

interface=wlan0
dhcp-range=10.0.0.2,10.0.0.10,255.255.255.0,24h
dhcp-option=3,10.0.0.1


Second: create/modify /etc/hostap/hostapd

interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=<your ssid>
hw_mode=g
channel=<your channel, e.g. 11>
wpa=2
wpa_passphrase=<your passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP


For the Tor and iptables configuration I followed the instructions from:
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox
I didn't modify /etc/resolv.conf to 127.0.0.1 because I had problems with the network connection directly on the Raspberry Pi. E.g. it wasn't possible to download Raspian packages or to open websites with lynx.


Third: create/modify /etc/torrc

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 10.0.0.1
DNSPort 53
DNSListenAddress 10.0.0.1

Fourth: create an executable script at /etc/network/if-pre-up.d, e.g. /etc/network/if-pre-up.d/iptables.sh with following content

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules

Fifth: enter the iptables ruleset directly on the shell

iptables -F
iptables -t nat -F

iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

Sixth: create /etc/iptables.rules like this
iptables-save > /etc/iptables.rules

In my opionion there is room for improvment. Maybe someone have additional ideas or configuration recommendations, e.g. for the firewall. The missing RTC don't seem to be a problem for this configuration. But there is an tutorial how to add an RTC to the Raspberry Pi:
http://www.raspberrypi.org/phpBB3/viewtopic.php?f=44&t=16218


Thanks and best regards,
Sven


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk