discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: <woodq11 AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] TOR and OpenNIC
- Date: Tue, 18 Sep 2012 08:07:52 -0500
Spent some more time looking at it. This solution likely won't work for
you ,as it requires iptables and dnsmasq (but may be able to get others Tor
and OpenNIC access at the same time.):
The relevant bits in /etc/tor/torrc:
User tor
ReachableAddresses accept *:443, accept *:465, *:993, accept *:995,
accept *:6697, reject *:*
SocksPort 0
VirtualAddrNetwork 10.192.0.0/10
AllowDotExit 1
TransPort 9040
TransListenAddress 127.0.0.1
AutomapHostsOnResolve 1
DNSPort 52
DNSListenAddress 127.0.0.1
EOF
cat /etc/dnsmasq.conf
user=tor
no-resolv
server=/.aero/127.0.0.1#52
[slew of ICANN TLDs snipped; I was displeased that "server=/*/127.0.0.1#52"
didn't work here]
server=/.zw/127.0.0.1#52
server=/.onion/127.0.0.1#52
server=/.bbs/<Tier2IPHere>
[other OpenNIC TLDs snipped]
server=/.parody/<Tier2IPHere>
EOF
The following iptables rules are in an init/rc script:
[...]
case "$1" in
start)
NON_TOR="192.168.0.0/24 192.168.1.0/24"
TOR_UID="220"
TRANS_PORT="9040"
INT_IF="wlan0"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -p udp --dport 53
-j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --
to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -m owner --uid-owner $TOR_UID -p
udp --dport 53 -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-
ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT
[...]
EOF
This does create one problem, the OpenNIC DNS lookups are not run through Tor.
I don't really care about that. The rest, including .onion lookups, are- and
so is all traffic AFAIK.
- Re: [opennic-discuss] TOR and OpenNIC, (continued)
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, webmaster, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/19/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/19/2012
- [opennic-discuss] Green....., mike, 09/19/2012
- Re: [opennic-discuss] Green....., Peter Green, 09/19/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/19/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, webmaster, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Alex Hanselka, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
Archive powered by MHonArc 2.6.19.