[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Isolating transparent proxy

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Isolating transparent proxy
From: onionsalad <onionsalad@xxxxxxxxxxxxx>
Date: Thu, 11 Feb 2016 08:06:02 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Feb 2016 03:06:33 -0500
Dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=mWPdh5Gnl3fRkUc+TL6N1AANkE99l+8+bnRlSIrcof8=; b=Bz2IoqUaseM4IiiiCFQe6dDcKWhN0fs9gqIdyk6gNU6iawNrhdUGOHxsA97/PbGxe6jclpbTXyJBsRV1DCmFc704buX7ca4wbR/wOd0KpKYi7aC/5/tHN/kYWRFQi0Y2IiLlP4u1KZ99dE+VImPOT6JoWe+v8sdwExvaU8UnfMk=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello there,

I'm trying to set up a "isolating transparent proxy" a la Whonix,
where there are a gateway node and a workstation node.


Connected to the internet
 |
 | eth0 -- 192.168.27.x
+-------------------------------+
| Gateway node                  |
| Tor client                    |
| * DNSPort 192.168.42.1:53     |
| * TransPort 192.168.42.1:9040 |
| * SocksPort 192.168.42.1:9050 |
+-------------------------------+
 | eth1 -- 192.168.42.1
 |
 | eth0 -- 192.168.42.x
+---------------------------------------------------+
| Workstation node                                  |
|                                                   |
| resolv.conf -> 192.168.42.1                       |
| IPv6 -> no routes                                 |
| IPv4 -> to 192.168.42.0/24 via eth0, gateway none |
+---------------------------------------------------+

Currently,
* `dig check.torproject.org` on Workstation works.
* `torsocks curl https://check.torproject.org/` works and properly
anonymized, of course.
* No non-tor traffic can go out from Workstation. No transparent proxy
means no internet connection, rather than leaks.

Now, I need to allow 'normal' traffic to work using a transparent
proxy, on Workstation, because some programs don't support a proxy (of
any kind) at all. This is not a desktop setup, and stream isolation is
not critical here.
There are tutorials on transparent proxying online, but not for remote
TransPort one. What kind of iptables rules do I need to make this work?
There should be instructions to do so online. I searched through
trac.torproject.org, whonix.org and whonix Github, but I found nothing.

What should happen (on Workstaion):
Try to connect to TCP check.torproject.org:443
- -> Linux captures with iptables
- -> forwarded to 192.168.42.1:9040 (TransPort)

Can anyone help me?

Thanks,
onionsalad

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWvEDqAAoJEKdg1QRuSIJwbEIQAI68wkmUJX+Zh+irqdOcNysN
QCSZlLtjcfEQtthBq2kS/efR74tOGZgQs7yLpqge0UGPbkZcbXQsRba5Ese1Uuds
K6BgdOnAhQ6CXISKbGpK/yvfD6p9IsLFMGMIHZOnHFs4k6Ur7y5ynbajm8uumyVJ
Tj1HaC6s0Itsak4hwAoy78Rjai5tVSNusJXCFPnZc3SLbT5og5lDmenV6OZS7ltr
C8plsxusYxqZYpQDVJIPFVJu01hJOaHBHErZ77OFyQoJkWHBM3PEHNrVq+KTonKv
qYpS/Or4NzAhVJbYFKnM9xCdm1ucwkoOQ9A1Ew2t4QnsEzAeYTEVA9XJI4fm+/1L
q1pVhU8cAFdteabyhihF91irMkJIx/4D2ecxw/HkukMIJd6z1gi/Nj6DNBsyl9Lm
MSsf7ii8k/rhLCDZfGQACm7qEeJcEmV+Gjpi2I+ySObUk83ViCFyS4Q942riJ2Ri
DNzjTvzfd+px1MFYzgbSzS/y7jN/TqB4N77MjKgVa8GL3l7BPwwgqhjiC5YlCM44
TnDyuqoDgZLMfX0szs55CPRoGq1/v5m/wVBWOl7maiF5T52LxE2YlosNeYAyXtsE
/bUfzlFX4wxZBukWUwC8M2YF8pZsJ3wPBXMVsO5Jg7KkjgtEoRZgtCcs8DBzP6x4
DlDV8XWAkW2OQbaaifGL
=ud68
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Isolating transparent proxy
  - From: elrippo

Prev by Author: Re: [tor-talk] luakt
Next by Author: Re: [tor-talk] Exit Traffic classification and discrimination
Previous by thread: [tor-talk] Internet of Onion Things and the OnionCam
Next by thread: Re: [tor-talk] Isolating transparent proxy
Index(es):
- Author
- Thread