[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymous/Nonymous Communication Coexisting?

To: <or-talk@xxxxxxxxxxxxx>
Subject: Re: Anonymous/Nonymous Communication Coexisting?
From: "maillist" <maillist@xxxxxxxxxxxx>
Date: Wed, 8 Jun 2005 19:35:45 +0300
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 08 Jun 2005 12:32:30 -0400
References: <4425.65.196.226.32.1118197215.squirrel@65.196.226.32> <001201c56bff$036b3fc0$0a0aa8c0@none> <20050608153854.GA7869@dailyplanet.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ----- Original Message -----
From: "Marcel" <u-281@xxxxxxx>
To: <or-talk@xxxxxxxxxxxxx>
Sent: Wednesday, June 08, 2005 6:38 PM
Subject: Re: Anonymous/Nonymous Communication Coexisting?

* maillist (maillist@xxxxxxxxxxxx) wrote:

Hi
I'm running Tor on my router (Debian Sid) that transparently proxies
connections through Tor. This way you dont need to configure any clients.

for http-traffic:
client - iptables (idenfication by ports and L7) - squid - privoxy -
tor -
server

and for everything else:
client - iptables - transsocks - tor - server

I'm controlling with iptables what gets  proxied and what not, everything
else is proxied through Tor expect VPN-connections and connections to
couple
of trusted servers. Udp, icmp and other protocols except tcp are dropped
at
the router. This way connections by software and games that "call home"
are
also proxied through Tor.

Markus


I'd be very happy to see an example of those iptable rules, Markus.
Sounds
pretty clever to me as a configuration.


I run in some problems with L7 so heres the rules without L7-classification
(very simple, not scalable at all, written only for my enviroment):


#!/bin/sh

# 192.168.10.1 = router
# 192.168.10.10 = workstation to proxy
# 192.168.10.1:3128 = Squid
# 192.168.10.1:1211 = Transsocks


INCLUDE="192.168.10.10"
EXCLUDE="192.168.0.0/16 127.0.0.1 10.12.77.0/24"


#Exceptions
for exception in ${EXCLUDE} ; do
       iptables -t nat -A PREROUTING --dst ${exception} -j RETURN
done

#Avoid feedback loops
#iptables -t nat -A PREROUTING -m owner --cmd-owner transocks -j RETURN

#Send to transocks
for host in ${INCLUDE} ; do
       #iptables -t nat -A PREROUTING -s ${host} -p tcp -j LOG --log-level
info --log-prefix "SOCKSify "
       iptables -t nat -A PREROUTING -s ${host} -d ! 192.168.10.1 -p
tcp --dport 80 -j REDIRECT --to-port 3128
       #iptables -t nat -A PREROUTING -s ${host} -p tcp --dport 80 -j
DNAT --to 192.168.10.1:3128
       iptables -t nat -A POSTROUTING -s ${host} -d 192.168.10.1 -j
SNAT --to-source 192.168.10.1
       iptables -t nat -A PREROUTING -s ${host} -p tcp -j
REDIRECT --to-port 1211
       iptables -t nat -A PREROUTING -s ${host} -j DROP
done

# Socksify traffic leaving this host:
#iptables -t nat -A OUTPUT -p tcp --syn -j PREROUTING


Markus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE

iD8DBQFCpx5q6fSN8IKlpYoRAnQyAJ4g3eIUnX0VHYeVzMPRjbY0TMNiXgCaA2BO
jUQM/oHm58WV9OTozLFXK3g=
=TQhR
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Anonymous/Nonymous Communication Coexisting?
  - From: Marcel
- Re: Anonymous/Nonymous Communication Coexisting?
  - From: Marcel

References:
- Anonymous/Nonymous Communication Coexisting?
  - From: yancm
- Re: Anonymous/Nonymous Communication Coexisting?
  - From: maillist
- Re: Anonymous/Nonymous Communication Coexisting?
  - From: Marcel

Prev by Author: Re: Anonymous/Nonymous Communication Coexisting?
Next by Author: IRCNet abuse
Previous by thread: Re: Anonymous/Nonymous Communication Coexisting?
Next by thread: Re: Anonymous/Nonymous Communication Coexisting?
Index(es):
- Author
- Thread