Ubuntu – How to route all internet traffic through Tor (the onion router)

internetroutingtor

Could you explain how to route all internet traffic through tor? I am using Ubuntu I really don't know how to do it. Actually I am using tor for twitter only, and I'm afraid of DNS leak. So I need to route everything through tor.

Best Answer

You are looking for this: TransparentProxy.

Local Redirection Through Tor

Add to your torrc:

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

This way you setup DNS server on your Ubuntu on port 53 and Transparent proxy: 127.0.0.1:9040.

Next, add to your /etc/resolv.conf

nameserver 127.0.0.1

This way, you prevent any DNS leakage from your system.

Therefore, configure your firewall in the light that any connection will going through TransPort except Tor's user:

#!/bin/sh

# destinations you don't want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"

# the UID Tor runs as
TOR_UID="109"

# Tor's TransPort
TRANS_PORT="9040"

iptables -F
iptables -t nat -F

iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
 iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

Keep reading official wiki, there is kind of attack against this method and kind of solution: IsolatingProxy.

Related Solutions

Ubuntu – How to route vpn through proxy

Read the official manual.

You can launch openvpn in the next manner:

# openvpn --config config.file --http-proxy 127.0.0.1 3128

However, http-proxy doesn't support UDP, probably, you can do this only with TCP vpn.

But there is --socks-proxy option for openvpn, you can use socks5 instead of http-proxy, socks5 do both UDP and TCP.

Ubuntu – How can i run tor through chrome on linux

It is not impossible to configure chrome to use Tor. You can do this by, for eg:

google-chrome --proxy-server="127.0.0.1:8118;https=127.0.0.1:8118;socks=127.0.0.1:8118;sock4=127.0.0.1:8118;sock5=127.0.0.1:8118,ftp=127.0.0.1:8118" --incognito check.torproject.org

or by other methods as described here.

Note that this is highly discouraged, because using any browser besides Tor Browser with Tor is not going to give you the protection you needed. The Tor Project advises against this because their discussions with Chrome team to add missing APIs, mainly - Web Request, Content Scripts, and the Proxy APIs - that would be useful for privacy enhancing extensions, were unsuccessful. There are also several bugs that should be dealt with before even a low-grade privacy-by-design can be provided through Tor in Chrome's Incognito mode.

So, in short,as said in the FAQ :

Currently, it is impossible to use other browsers and get the same level of protections as when using the Tor Browser.

Best Answer

Related Solutions

Ubuntu – How to route vpn through proxy

Ubuntu – How can i run tor through chrome on linux

Related Question