Add this to torrc ( located on /etc/tor/torrc):
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9051
DNSPort 9053
Run the attached script as root so all traffic will route from Tor. you can also use attached torrc as a sample.
| #!/bin/sh | |
| # ignored location | |
| IGN="192.168.1.0/24 192.168.0.0/24" | |
| # Enter your tor UID | |
| UID="XXX" | |
| # Tor's Port. default is 9050 but if you changed it in torrc change next line | |
| PORT="9050 | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A OUTPUT -m owner --uid-owner $UID -j RETURN | |
| #Change if you select another port for Tor DNS in torrc. I select 9053. Also DNS default port is 53 | |
| iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053 | |
| for NET in $IGN 127.0.0.0/9 127.128.0.0/10; do | |
| iptables -t nat -A OUTPUT -d $NET -j RETURN | |
| done | |
| iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $PORT | |
| iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| for NET in $IGN 127.0.0.0/8; do | |
| iptables -A OUTPUT -d $NET -j ACCEPT | |
| done | |
| iptables -A OUTPUT -m owner --uid-owner $UID -j ACCEPT | |
| iptables -A OUTPUT -j REJECT |
| #set tor socks proxy to 9052 | |
| SocksPort 0.0.0.0:9052 | |
| SocksPolicy accept 192.168.1.0/24 | |
| UseBridges 1 | |
| #Here is an example of tor bridges. you can obtain it from: bridges.torproject.org | |
| Bridge obfs4 IP:port KEY cert=CERT iat-mo$ | |
| ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy | |
| VirtualAddrNetwork 10.192.0.0/10 | |
| AutomapHostsOnResolve 1 | |
| #Tor tansport | |
| TransPort 9051 | |
| #tor DNS port | |
| DNSPort 9053 |
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question,
First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question, First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,
Hello
Thank you for your response. I have to go sure that everything running on the system goes through tor. Apparently I don't know anymore what I had to do but this seems to be a good thing. What do you mean with 'dns leakage'?
@debian-user-france1
Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Anyway.
Regarding your question, First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)
Cheers,Hello
Thank you for your response. I have to go sure that everything running on the system goes through tor. Apparently I don't know anymore what I had to do but this seems to be a good thing. What do you mean with 'dns leakage'?
For the DNS Leakage take a look at this link and also this.
This project may help you. Check it out and make sure it works for you. Pay attention to possible data leakage. Protecting your privacy is much more important than anything else.
:)
good point