discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] TOR and OpenNIC

From: <woodq11 AT gmail.com>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] TOR and OpenNIC
Date: Tue, 18 Sep 2012 08:07:52 -0500

Spent some more time looking at it. This solution likely won't work for
you ,as it requires iptables and dnsmasq (but may be able to get others Tor
and OpenNIC access at the same time.):

The relevant bits in /etc/tor/torrc:
User tor

ReachableAddresses accept *:443, accept *:465, *:993, accept *:995,
accept *:6697, reject *:*

SocksPort 0
VirtualAddrNetwork 10.192.0.0/10
AllowDotExit 1
TransPort 9040
TransListenAddress 127.0.0.1
AutomapHostsOnResolve 1
DNSPort 52
DNSListenAddress 127.0.0.1
EOF

cat /etc/dnsmasq.conf
user=tor

no-resolv
server=/.aero/127.0.0.1#52
[slew of ICANN TLDs snipped; I was displeased that "server=/*/127.0.0.1#52"
didn't work here]
server=/.zw/127.0.0.1#52

server=/.onion/127.0.0.1#52

server=/.bbs/<Tier2IPHere>
[other OpenNIC TLDs snipped]
server=/.parody/<Tier2IPHere>
EOF

The following iptables rules are in an init/rc script:
[...]
case "$1" in
start)
NON_TOR="192.168.0.0/24 192.168.1.0/24"
TOR_UID="220"
TRANS_PORT="9040"
INT_IF="wlan0"

iptables -F
iptables -t nat -F

iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -p udp --dport 53
-j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --
to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -m owner --uid-owner $TOR_UID -p
udp --dport 53 -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-
ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT
[...]
EOF

This does create one problem, the OpenNIC DNS lookups are not run through Tor.
I don't really care about that. The rest, including .onion lookups, are- and
so is all traffic AFAIK.

Re: [opennic-discuss] TOR and OpenNIC, (continued)
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
  - Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
    - Re: [opennic-discuss] TOR and OpenNIC, webmaster, 09/18/2012
      - Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
      - Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/19/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/19/2012
        [opennic-discuss] Green....., mike, 09/19/2012
        Re: [opennic-discuss] Green....., Peter Green, 09/19/2012
    - Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
      - Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
      - Re: [opennic-discuss] TOR and OpenNIC, Alex Hanselka, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012
        Re: [opennic-discuss] TOR and OpenNIC, Peter Green, 09/18/2012
        Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
        
        Re: [opennic-discuss] TOR and OpenNIC, The Doctor, 09/18/2012
- Re: [opennic-discuss] TOR and OpenNIC, woodq11, 09/18/2012