Tor is free software for enabling anonymous communication.Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.
Here is the OS used :
> lsb_release -c Codename: jessie
Install TOR directly from the packages :
> apt-get install tor
And stop the service to configure it :
> service tor stop
Edit the configuration file as follow :
> vi /etc/tor/torrc VirtualAddrNetworkIPv4 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 53
Use Tor’s DNSPort on the loopback interface :
> echo nameserver 127.0.0.1 > /etc/resolv.conf
Then you can start the service :
> service tor start
Before starting iptables configuration, we need to know the user id that Tor runs as :
> ps -o uid -o "%u %U" -A | grep tor 106 debian-+ debian-tor
Then we can create our iptables script :
> cd /etc/ > vi iptables.sh
And add the following :
#!/bin/sh ### set variables #destinations you don't want routed through Tor _non_tor="" #the UID that Tor runs as (varies from system to system) _tor_uid="106" #Tor's TransPort _trans_port="9040" ### flush iptables iptables -F iptables -t nat -F ### set iptables *nat iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 #allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor 127.0.0.0/9 127.128.0.0/10; do iptables -t nat -A OUTPUT -d $_clearnet -j RETURN done #redirect all other output to Tor's TransPort iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port ### set iptables *filter iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor 127.0.0.0/8; do iptables -A OUTPUT -d $_clearnet -j ACCEPT done #allow only Tor output iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT iptables -A OUTPUT -j REJECT
Note : It’s important to change the _tor_uid=”106″ to the value found earlier !
Make it executable:
> chmod +x iptables.sh
And run it :
> ./iptables.sh
A quick check :
> wget https://check.torproject.org/ > cat index.html
And check for the title line :
Congratulations. This browser is configured to use Tor.
Note, to stop using TOR :
> sudo echo nameserver 8.8.8.8 > /etc/resolv.conf > iptables -F > service tor stop